man with headset at computer desk surrounded by technology

What would happen if you were locked out of your website? Your Facebook page? Your e-commerce or donation platform? Could your business or non-profit function? The solution is to have a Digital Asset List or an inventory of all your organization’s vital services. Not having this can be a fatal mistake for your company.

Digital Asset List | A Smart Solution

A digital asset list is an inventory of all the digital services you’re using for your brand. It’s an organizational tool that keeps everything cataloged. I recommend including the following information:

  • Tools such as: website, hosting service, company Google account, email marketing, social media channels, graphic design, e-commerce, and anything else that you need to run your business
  • Function of each tool in case a person isn’t familiar with brand names
  • Login information such as email, username, password, PIN or passkey details
  • Personnel with administrative access to each service
  • Date of most recent update

I provide each of my strategy clients with a customized asset list. You can download my template here.

Get The Digital Asset List

Personnel Access

Your digital asset list is a very sensitive document and only high-level or approved employees will need access to it. Some team members can be given login information just for the individual tools they need. If Bob needs to work in Quickbooks and only that tool, his manager will be able to provide him that information. The manager will enter into the digital asset list that Bob is an approved administrator.

Tighten Your Security in the Exit Process

key in the palm of a hand digital asset listWhen Bob leaves the company, HR or his manager will ensure that he turns in his keys and his access to company systems is revoked. Include a task in your organization’s exit process to review the digital assets that the departing employee was privy to. You’ll want to change passwords, remove access, or otherwise secure the tool. This is appropriate in any case of employment separation but particularly when it doesn’t end well.

No one changed the password to the TikTok account for the city of Summit, New Jersey when they fired their social media manager. He was unhappy and still logged in when he decided to let everyone know what he really thought about the town and his former employer. It was a brutal display that went on for days. This happens more often that you’d realize and could’ve been avoided if “remove digital access” had been on the checklist for end of employment processes. Some roles such as accounting, website managers, IT, and marketing need to have their access immediately removed or serious damage to the brand can occur through malicious or otherwise innocuous activities.

Time is Money

The ability to quickly find the login information you need to do your job matters in dollars and cents. When staff members are a part of distributed teams, having a central repository for information is a key to efficiency. Not being organized means that you’re spending unnecessary time tracking down passwords, resetting when you can’t locate them, not knowing who has the most up-to-date credentials means you’re spending money for no real work to be accomplished. I’ve been paid a lot to help companies get back into accounts of which they’ve lost the passwords. It doesn’t have to be that way.

Locked Out

The worst case scenario is painfully common. I’ve seen so many organizations get locked out of social media marketing channels, websites, and other vital tools. The frustration, the hours lost, the work down the drain, and the negative impression it gives when your public facing account is now abandoned. The cost isn’t just monetary, sometimes your brand takes a hit to its reputation.

chain and lock on outside doorsOne of my clients, a wine country hotel, parted ways with an employee on bad terms. That employee was the only admin of the Facebook page and no one else could post. I spent hours tracking that person down in order to get the rights back. It was harrowing but we were able to do it. I was relieved to be able to solve that problem for my client but that isn’t always how it ends.

In another case, a new marketing director of a transportation organization hired me to create a social media strategy. The memorable part of this job was that the previous director had saved social media login information on sticky notes. Taped to her computer, their Twitter password vanished one day when the note went missing and no one noticed until after she’d retired. Stuck to the back of another piece of paper, fell behind the desk – who knows where it went? The unfortunate result was that this client was forced to abandon the channel because no one knew how to log in, Twitter doesn’t provide tech support, and the retiree was in the wind. This was a painful and expensive lesson to learn.

Setting Passwords

You’ll want to talk to your IT department about how your organization prefers to assign passwords. Keep in mind you’ll want to not repeat them, make sure to use numbers, upper and lower case letters, as well as symbols and using a minimum of 18 characters is the safest (see graph).

time it takes to brute force your password graph

When I’m setting a new password, I’ll look around me and use multiple words that don’t normally belong together. Here are a few things I see near me as I write this: window, glass of water, ring light, stamps. So I might choose to create this unique password: Wind0wRingStamp$100. I’ll set (or reset) the password in the tool I’m working with, jot it down (just the password not the service name) quickly on a piece of paper, then open the digital asset list and immediately type it in. Then I update the date on the document.

I recommend including “last updated” line on your digital asset list. If the date hasn’t been changed in the last year, you know someone isn’t using it properly. I’m a one woman show and I update mine on average of every two weeks. The fresh date is important if someone creates a copy for some reason, you’ll know which version is the most recent.

Further Security

There are other ways to stay secure using two factor authentication (2FA) and passkeys. (Learn more about 2FA and passkeys.) I highly recommend using 2FA everywhere you can and your organization may very well require it depending on your compliance needs. Passkeys are the next step up from 2FA but they aren’t as common yet. If your boss is the person that gets the text when you’re trying to log in, that’s helpful info to put into your digital asset list.

When you download template I provide (bottom of blog), I’ve included instructions on how to protect the document in Excel and Google Sheets.

Legacy & Insurance

Depending on the size of your organization, your backup process will vary. I’m a sole proprietorship so my personal estate manager has access to my list in case I die or am incapacitated. (A helpful blog I wrote on how to report a death to Facebook.) I have combined my personal and professional passwords into one document for ease of use. I’ve also printed a copy and hidden it in my physical files in case my computer dies or other complete technical meltdown (yes, I have locked myself out of my own computer, don’t judge me.)

white filing cabinet | digital asset listYou might want to have a hard copy of the document in case of (literal) emergency and this is when having a date on it is extra useful. Once a year I update an emergency operations checklist for a government client which includes all of the logins so that, in case of a catastrophic event, we have the vital information necessary to communicate with residents. I make sure to include the date it was last updated so that we know which version we’re working with. Anyone that works on that document after me will be able to see at-a-glance how recent the information is.

Check with your insurance company to see if they provide a discount for your organizational security efforts. They are who you’d turn to in the case of identity theft or other asset misappropriation so they’re likely going to reward you for making their job easier. Ask if there are any further security steps they recommend to safeguard your assets. We want to make sure that your organization is protected and that your insurance company knows you’ve done everything in your power to keep it all sealed up tight. This will ensure that they don’t have a convenient out of covering your damage or loss.

Organization is Worth the Effort

Save yourself time, frustration, labor, and worry. Get organized with a digital asset list – I’ve built it for you! Download your copy today.

Let me know if you need assistance in other areas.

Get The Digital Asset List
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *