Managing all the accounts and services as a part of your organizations digital presence can be a lot. We register for all kinds of things using our work (and personal) emails: a professional newsletter; a subscription to a personally-valuable service like Boomerang or Grammarly; a networking service. Here are some best practices we recommend you follow to keep the hassle at minimum.
Non-personal emails
If you're not using non-personal email addresses at work (registering with jdoe@name.org instead of team@name.org, info@name.org, or it@name.org) for your must-use/please-never-crash/critical online services - you could run into some very costly issues in the future. Read on for more information.
When to use personal vs. non-personal emails
When signing up for services that are critical to running your website, you shouldn't you use your personal work or home email to register for accounts. Examples include:
- Your domain name registration, or DNS management systems like Cloudflare
- Google Analytics account
- A plugin or theme license, purchased from ThemeForest or similar
- Email services (SendGrid, Microsoft Office365, etc.)
Scenarios
In Cornershop's experience, we see this issue pop up most often when an employee leaves for another job. If they used a personal non-work email to register for a company-wide account, you now have to track that employee down and hope they're willing to assist. If it was their personal work email, but their account has been fully deleted and can't be reactivated (or wasn't redirected - see below), you've hit a dead-end with no way to reclaim the account.
Another scenario: your site needs an urgent fix, but the email registered to the broken service belongs to a coworker... who is on vacation, off-grid, for a week. Now what?!
Whatever happened to prevent you for easily logging into a service that's critical to your entire organization's web presence, the impacts can be extremely costly. You may end up spending lots of time or money proving ownership, or testing and recreating lost settings.
Consider these policy changes and preventative actions
- Switch existing accounts over to non-personal emails. When changing over emails, make sure the employee is available and aware of the change so they can assist in confirming the changeover.
- When an employee leaves, set up a forward/redirect of their email address. As an added precaution, this will allow your staff to access any password reset requests and similar emails. This is especially true because none of us are perfect - it's easy to forget about an account during an exit interview. There are guides available on how to set this up depending on your email provider - here's a good example for Google Workspace.
- Use a secure password vault. Instead of passwords floating around in the open, or having to keep track of updated passwords in a spreadsheet, store important credentials in a password vault, such as 1Password, Keeper, NordPass, or others. That way your trusted coworkers can access the shared emails+passwords used for your critical services.