prevent employeees from locking you out of your website
blog post | creative + ux | data + tech

How to Stop Employees or Agencies from Holding Your Site Hostage

Derek Cavaliero Team Photo
Derek CavalieroDirector of Engineering

Being a digital agency, the nature of our work often requires access to proprietary information, private accounts, and other systems.

Unfortunately, the responsibility that comes with this access can easily be abused, especially when safeguards haven’t been put into place.

I have personally seen the good, the bad, and the downright ugly sides of clients being unable to gain access to vital assets due to a soured relationship with a previous agency or employee. It’s never pretty and these kinds of problems can have a huge impact on future projects.

In this post I’ll provide a handful of ways you can spot potential issues with agencies or employees and explain how you can prevent them from holding company resources hostage.

Make sure your contract includes details about the off-boarding process

Clients are sometimes so focused on the contract details such as scope of work, budget, and payment that they overlook one of the most important parts of a contract — offboarding.

What is offboarding?

Offboarding is the process an agency completes (or SHOULD complete) in the event a client or employee ends a contract with them. Below are some examples of things that may be done during a typical off-boarding process:

  • Gathering and sending source files from Photoshop, Illustrator, InDesign or other programs.
  • Collecting and sending credentials for your social media accounts, FTP, CMS, Hosting, DNS or any other system the client may not have be able to access.
  • Meeting to answer any questions about ongoing or unfinished projects.
  • Transferring of domain ownership, if necessary.

Unfortunately, businesses are sometimes limited in their ability to make requests after a termination of contract; whether it’s because of imperfect knowledge, constraints on time, or otherwise. This problem can then be exacerbated if the employee or agency attempts to use the information as leverage for more money or simply out of pure spite. (Like I said, I have seen a lot of ugly things.)

The best thing you can do to prevent this issue is be upfront with your agency or employee about an off-boarding process. If they’re unable to answer or resistant to offering anything in writing, then alarm bells should be going off in your head.

Stay away from any type of “Custom CMS”

Another potential pitfall for clients is falling into the custom-built content management system trap. When an agency uses its own custom-built resources instead of more qualified open-source resources, the client is forced to be highly dependent on the agency.

This is a rotten tactic that increases the agency’s leverage and limits the client’s options, leaving them stuck in a cyclical process that is often expensive to escape.

That’s not to say that a custom CMS is never necessary. There are instances, particularly for bigger or more specialized companies, where a custom CMS is the best option.

However, you should only settle for a custom CMS solution unless it is absolutely necessary for your website’s functionality. The majority of website functionality requirements can be met by customizing an open-source CMS such as WordPress or Drupal.

Keep your passwords organized

Best practices for agencies and passwords

Password management seems simple, but it can become a big problem. Issues tend to occur most frequently when an outside agency is the one who is responsible for setting up and storing the passwords for your accounts.

The best way to avoid these problems is to give your agency logins that don’t have administrative permissions. That way your company can easily revoke access and protect against improper use if an issue ever arises.

When user management options aren’t available, your next best choice may be to request comprehensive documentation of all accounts and passwords from the client on a regular basis.

Best practices for employees and passwords

The same advice rings true for employees within your organization. If you can avoid granting one employee exclusive permissions for account administration purposes, then you may be able to save yourself some headache.

In instances where only one employee has access to the keys to the kingdom, they can become bottlenecks. Even worse, the employee may come to think that they are “indispensable” because of their unrivaled access to the information.

Fortunately, the law should be on your side when an employee is holding your site or systems hostage, but litigation should always be a last resort. By guarding the keys to your kingdom with multiple safeguards, you can avoid power trips and any other problems that may spring up.

Most newsletters suck...

So while we technically have to call this a daily newsletter so people know what it is, it's anything but.

You won't find any 'industry standards' or 'guru best practices' here - only the real stuff that actually moves the needle.

You may be interested in:

Thinking about the big picture as CMO with Chris Powell

Thinking about the big picture as CMO with Chris Powell

Today’s guest is an innovative and forward-thinking marketing leader who has been described as a combination of ‘Mad Men’ and ‘Math Men’. Prior to his current role, he led marketing at companies like SAP and Commvault. Chris Powell is the Chief Marketing Officer of Qlik, which simplifies the way people use data by making it...
Read this