Creative and marketing companies generally have to manage a large number of different passwords. There are numerous apps and SaaS tools available that creatives and marketers use day-in-day-out to create work, promote their businesses and, most importantly, manage their client accounts. These all require users to create an account to login, making them only as secure as the password set.

Often we forget that creative and marketing companies are service providers in the same way that an IT service provider like Pro Drive IT is. Just as we are charged with keeping our customers’ data and information safe, creative agencies should also be protecting their clients’ security.

Protecting your clients’ data and systems

There are a number of key areas that creative companies should be thinking about when shoring up their password security. They are:

Intellectual Property – Consider how poor password control could allow people, other than the client and those working on their account, see artwork, campaigns and other assets that are not yet launched. This could give a competitor an advantage and affect the success of these projects. If work for clients is stored in the cloud (such as in Dropbox) or if you use online software tools, make sure that access is controlled strictly for only those people who need it and that passwords are robust.

Reputational Damage – Imagine what could happen if a hacker gets access to your clients’ social media accounts. They could publish whatever they wanted on those accounts until your client got wind of it. They could even hijack the account entirely, change login details and hold a Twitter or Facebook account to ransom. The potential damage to that brand’s reputation is plain to see, and if the attack originated from your agency, your reputation will also be severely affected and you may lose that account.

Backdoor to IT systems – Do you have logins for your clients’ CMS? Perhaps your agency manages website updates and other activities that involve accessing the content management system. Not only does this potentially provide hackers with an opportunity to change content and lock legitimate users out, it can provide them with a backdoor to the company’s IT systems if integrated with the CMS.

Service providers like creative and marketing companies are prime targets for cyber criminals and hackers. They know that you can give them access to larger companies, and more companies, providing them with more opportunities to steal data and IP, disrupt systems and extort money from those businesses.

What you can do

Many agencies don’t have an IT department looking after security, and even if they do the cyber threat landscape has firmly put security into the hands of employees – artworkers, marketers, SEO experts, creative directors, social media managers etc. Many cyber attacks are initiated through phishing emails that either introduces malware into your environment through a link or attachment; or through social engineering campaigns designed to get employees to reveal logins and passwords.

So how can you protect your clients and your own business? As a serious data breach is likely to result in some clients deciding to take their business elsewhere, password security is business critical


  1. Educate – Put cyber security policies in place to raise awareness of the issues surrounding password security and best practices. As well as practicing good password hygiene using robust passwords, different passwords for each account, not allowing employees to use each other’s passwords and regularly changing them, also use 2 factor authentication when available with apps and software.
  2. Manage users – By restricting access to certain tools and accounts, you can reduce the risk of a data breach. Only give access to accounts when that employee needs it, and make sure they have the appropriate user permissions. For example, don’t give full admin permissions to an employee who just needs to update web content, unless it prevents them from doing their job. It’s not about trust – not trusting your employees – it’s about minimising the opportunity for a hacker.
  3. Use a password manager – Managing so many different passwords – especially if you’re practising good password hygiene – is impossible without technology such as a password manager or password safe. These store all your passwords in an encrypted database and can also generate new passwords when required


Most businesses need to raise their game when it comes to cyber security, but when your business also holds the keys to your clients’ systems, user accounts and intellectual property, it is even more important.

If you’re worried about any of the subjects covered in this post and would like further advice, please get in touch.

We also run regular cyber security workshops designed for business owners and senior leaders to explore their vulnerabilities, and the specific risks they business is exposed to. To book a place on our next free workshop, click here.