PCI Compliant Web Hosting and Managed Service Provider
Hosting Solutions since 1995

Trust and Security

Author: ; Published: Aug 27, 2012; Category: Managed Hosting, PCI Compliance, Security, Small Business; Tags: ; 3 Comments

Fiduciary is not a word you hear or read often as a small to medium business (SMB) owner.

Yet if you are the steward of any size business, fiduciary should be an active word in how you manage your business.

How does this relate to trust, security, and your business on the Internet?  Let’s see.

In the recent past I’ve been involved in conversations with stewards of small businesses where the conversation went as follows.

Case 1:

Small business owner poses  a problem in WordPress on their site in the LinkedIn WordPress Group.

One of the WordPress developers sends the small business owner a private message stating they would be happy to help fix the problem.

Small business owner sends over WordPress login credentials for his site; and shares on LinkedIn what’s going on.

I share with the owner they should change their WordPress login credentials once things are fixed.

Small business owner replies, “I trust ________; they’ve helped me in the past.”

What do you think is the Fiduciary responsibility of the owner?

Case 2:

Small business owner posts on Google+ concerning a tool that was shared with him by a “trusted” friend that checks if the LinkedIn password has been cracked.

I share the best practice  is to avoid such tools altogether, to go directly to LinkedIn’s site and change the password directly with Linked In.

There are many reasons from the security of the site hosting the tool, who has access to the tool’s log files, the server’s log files, and what data the site is collecting from cookies and data entered.

The owner replied they trust the person who told them about the tool; and no one should ever question that person or the trust relationship.

What do you think is the Fiduciary responsibility of the owner?

I’ve worked for small to medium businesses over the past 30 some years.

I still remember working for my first medium business — American Equipment Leasing — when I was shocked to see the exit process of my manager (that was my first experience with best practice for when an employee is no longer an employee).

At the time I thought it was harsh that my boss was escorted to his desk, closely monitored while packing his personal belongings, escorted out, and in the mean time the information technology (IT) department given orders to make sure all access and clearance points were terminated.

I used to frown at the phrase, “it’s not personal, it’s business.”   I would think to myself, it is personal?  And in some cases, how personal can it get? 

Yet, the bottom line is best practice doesn’t take into account feelings.  Best practice takes into account doing what is right period. 

It is not about trusting someone or not trusting someone.  It is about taking 100% fiduciary responsibility for the task at hand.

Peter Abraham
Former CEO of Dynamic Net, Inc. Will be transitioning to a new career in the near future.
Peter Abraham


Peter Abraham

3 Responses to “Trust and Security”

  1. Cathy says:

    I prefer to confirm/protect over trust – that way I’m not placing the liability for any issues onto the person who assisted me to begin with.

  2. Mark Vang says:

    If you share your account credentials with a designer or developer, they should encourage you to change the password after they have finished their work and no longer need access. It limits their liability if something goes wrong later and is good business practice.

    When you share passwords you also have to wonder about what safe practices that individual has in place to protect their own PC. If they have your passwords sitting around in an un-encrypted file on their desktop, and they get a malware infection/keylogger etc. your site could end up being compromised. Do they use a secure method to log into your site when they work? Some popular FTP programs store your site passwords in plain text files on your HD. Do they work on your site at a public-access wi-fi spot? The fact is you can’t monitor their behavior and so you can’t really assess the risk.

    I have friends I would trust with my wallet that I wouldn’t trust with my passwords.

  3. Hi Mark:

    Understood especially on the last sentence.

Leave a Comment