Purple Back Arrow Back To Blog
Morphio Blog Post

The Bulletproof Digital Agency Security Checklist

Eric Vardon Profile image
Eric Vardon
The Bulletproof Digital Agency Security Checklist Featured Image


Marketing plan? Check. 

Advertising budget? Check. 

What’s left to prepare for 2020? Security.

It’s easy to focus on growth and productivity as an agency, but don’t forget to keep your company safe as it scales, too.

For example, the cybersecurity industry is forecasted to reach a $202.97 billion market size by 2021. Why is this?

Digital agencies are beginning to realize the importance of keeping their assets, client information, and budgets safe; hence the rapid market growth.

But, what exactly can you do to create a moat around your business? Keep reading to see our digital agency security checklist you need to use for 2020.

You should also try Morphio’s AI marketing for free to apply what you learn as well.

Start Defending Against Marketing Failures Today!

Discover why over a 1000 businesses trust Morphio to help protect their marketing ROI.

Get started for free

1. Audit user access permissions

Think about the number of people you have working for your agency. Whether it’s 10 or 100+, it can be a lot to manage–especially when they all have their own roles.

And that’s why auditing user permissions are at the top of this web security checklist. Not every individual requires the same access or abilities as another.

For example, do you think a CEO and virtual assistant should have the same permissions? Probably not. 

Ensuring that every team member receives appropriate permissions for their duties and tasks keeps everything in order. It stops anyone from accidentally interfering with others–such as tinkering with campaign settings at the same time.

While you can do this manually and go through every user role, you don’t need to. This is thanks to our good friend AI and predictive identity.

Algorithms are capable of understanding what normal user behaviour and roles are to serve as benchmarks. Think of it like this:

The software runs in the background, alerting you when any team members are accidentally given too much access or are doing something they normally wouldn’t do.

I guarantee that you’ve already encountered this technology without realizing it, too. 

For instance, have you ever received a notification that you’ve logged into a device from another location and it alerted you? It’s the same concept except for organizations.

That brings me to my next point.

2. Are your usernames and passwords stored safely?

There’s a hacker attack every 39 seconds. A “hacker” doesn’t have to be someone in a black mask typing away at a computer like in a movie, either. Sometimes it’s as simple as leaving a device logged in, sharing login info, or other non-malicious accidents.

Which, by the way, brings me to my question for you: are your company’s usernames and passwords stored safely?  

If not, move to secure login information to the top of your business security checklist. Furthermore, I recommend using the free tool LastPass to create and store secure passwords.

Click “Get LastPass Free” from the homepage to begin.

Fill out the registration form on the next page.

Then, download the LastPass extension from the Google Chrome store link they provide.

There are two main features of LastPass you need to use. The first is the secure password generator. This will give you a password that’s harder to crack than a bank’s vault.

Click the LastPass icon on the top right of your Chrome browser. 

Then, select “Generate Secure Password.” Adjust the settings and copy the password to the clipboard.

Next, navigate to any website that you wish to use and save the password to. Click the Chrome icon again followed by “Add Item” and “Password”.

The URL will be automatically entered, and you can set the appropriate username and password. 

Since LastPass is free and easy to use, consider making it mandatory for team members. This will keep personal and business information safe. 

3. Use AI to detect threats while running in the background

How does your agency approach threat detection? If you’re like most, this often means manual monitoring and testing—which as you know—takes plenty of elbow grease.

What if that time could be invested in other tasks while your agency’s cybersecurity handles itself? This is possible thanks to AI. In fact, 27% of executives plan to invest in AI and machine learning security tools. 

Have you ever used an antivirus program for a computer? Think of AI cybersecurity like that except for your business. 

These solutions analyze historical and real-time data to find anomalies that stand out from the rest. These include security breaches and excess user rights (As mentioned earlier).

Cargills Bank is a great example of this. They took a proactive approach to improve their existing cybersecurity with artificial intelligence. Using a machine learning solution, they were able to:

  1. Detect threats faster and more accurately.
  2. Guard against incidents and create stronger protocols.
  3. Keep millions of financial documents and information safer.

In the case of an attack, collecting information on the victim, attacker, and situation could take hours; let alone finding a solution. 

Ramprasath R, the security expert who implemented the software for Cargills, commented: “To get all that information manually would take hours, with searching multiple forums to correlate the IP address with the identity of the attacker and the kind of malware.”

Check out our blog post on scaling with machine learning to understand how this works in-depth.

4. Don’t skip over two-step authentication

If you’ve ever received an SMS message with a code to enter while logging into an app, you’ve used two-step authentication. It can be a real lifesaver for agencies, too.

Because, as I mentioned previously, securing logins for websites, social media accounts, and other sensitive channels is crucial. You want to be able to run your business with peace of mind, right? 

That’s why I recommend enabling two-step authentication on all of your devices and making it mandatory for team members, as well. The process looks like this:

It can be used for desktops, mobile devices, and individual apps.

While some software has multi-step authentication built into them, not all do. That’s why I recommend you use a free app like Authy to ensure your device is secure.

Download it for iOS or Android to begin.

Once the app is installed, enter your phone number to create an account

You can then scan the QR code of any app that has one available to link and secure it.


Every time you log into the app while it’s linked to Authly, you will receive a code by email or a text message.

For example, have you ever used the communication tool Slack? If you visit the account settings page, you can find the QR code to instantly add two-step authentication.

This is just one example of hundreds, though. Any modern application or tool you use will have two-step integration.

5. Keep your CMS and plugins updated

It almost seems too simple, but don’t scoff at it. Often the biggest vulnerabilities are the simplest things. How many times have you forgotten to update a WordPress plugin or theme, for instance?

It’s a normal human error but it can create a lot of risk for your agency. Plugins and similar items are constantly being updated to improve security and you and your team should try and remain on the latest versions when possible.

Seeing as 34% of all websites on the internet use WordPress, let me show you how to automatically update plugins and themes. Not only does this save a small amount of time, but you won’t have to risk any security issues with outdated items

Log in to the WordPress admin dashboard, click the “Appearance” tab and “Theme Editor” option from the pop-out menu.

Then, click “Functions.php” from the sidebar. This is a file that contains the different functions of your WordPress theme.

Enter the following two lines of code at the end of the PHP:

  • add_filter( ‘auto_update_plugin’, ‘__return_true’ );
  • add_filter( ‘auto_update_theme’, ‘__return_true’ );

Click “Update File” to finalize the changes. Your WordPress theme and plugins will now be updated automatically when a new release is available.

Final thoughts on digital agency security

If there’s one New Years’ resolution you should have, it’s to keep your agency more secure in 2020.

Sure, growth is important. We’re all for scaling and raising the bar, but you want to remain secure so you can focus on those efforts versus fixing issues that could’ve been prevented.

The first item at the top of our website security checklist is optimizing user permissions. This can be done for devices, apps, and software through manual checks or AI-driven solutions.

Similarly, securing passwords with two-step authentication and tools like LastPass will prevent breaches.

Agencies should also consider setting up their CMS and most used tools to update automatically. This reduces vulnerabilities and chances of conflicting errors.

You can put in the sweat equity to do these things yourself or make your team’s lives easier by opting for a tool like Morphio–the world’s first marketing security software. 

Start a free trial today to see how our AI-powered solution monitors digital marketing performance and risk detection.

Eric Vardon Profile image

Eric Vardon

CEO, Co-Founder @ Morphio

Stay updated with Morphio by subscribing to our newsletter.


We use cookies to collect data to improve your experience. By continuing, you agree to our Cookie Policy.