Digital Property is Real Property: 5 Ways to Treat it That Way
Recognizing and respecting that digital property is in fact “real” property requires organizations to (1) make sure they own their own domain name(s) and lay claim to related social media properties, (2) require all official email be sent via domain-linked accounts, (3) take cybersecurity seriously, (4) maintain a presentable web presence, and (5) create policies and procedures (and commit necessary resources) to maintain digital property in the best possible condition at all times. (August 9, 2014)
Author: Courtney Hunt
Although we’re in at least the seventh decade of the Digital Era, and people realize how integral social and digital technologies are to both our personal and professional lives, there is still a very strong tendency to underestimate the critical role of digital property in managing a brand identity, pursuing goals and objectives, and managing risk. Digital property is often treated as if it’s less important than more traditional notions of property like physical assets and tangible goods (including paper-based goods). The main reasons for this are likely:
- It’s something that many people haven’t given much thought to (unless they have a tech company or online business). Everything’s been changing so fast, particularly over the past few years, that many folks haven’t had enough time to slow down and think about what their digital identity and activity should look like, or how they need to protect their brand(s) and organization(s) in cyberspace.
- Compounding that issue is the fact that many people – particularly leaders – are still fairly illiterate when it comes to digital technology, and they often “don’t know what they don’t know.” As a result, they are generally unaware of the kinds of factors they should be paying attention to and taking action on, particularly when it comes to managing risk. They also haven’t prepared themselves to commit the necessary resources to ensure their digital property is well maintained and protected.
- Finally, there is the issue of digital’s “false invisibility.” Unlike physical assets and other tangible materials, digital property is basically only seen when someone makes a point to look at it. So if an individual or organizational leader isn’t paying attention to it, it’s easy to forget it’s there. Ironically, however, it actually creates much more exposure for both individuals and organizations. The number of people who can access a piece of digital property in cyberspace at any given moment is far greater than the number who can access any physical, earth-based equivalents.
Recognizing and respecting that digital property is in fact “real” property requires a real commitment to at least five key actions. These actions are critical for organizations of all types and sizes, including “single shingle” business owners (e.g., executive coaches, consultants). Depending on their digital engagement, other professionals should consider them as well. In a nutshell, organizations should:
- Make sure they own their own domain name(s) (and related social media accounts)
- Restrict email communications to the organization’s domain-related address(es)
- Take cybersecurity seriously
- Maintain a presentable a web presence (at all times!)
- Implement policies and procedures (and allocate time and resources) for maintaining digital property
Treating Digital Property as “Real” Property: Recommended Actions
Every organization should own their own domain name(s). This may seem obvious, but there are a lot of organizations that have never taken ownership of this key piece of digital property. I have a website client, for example, that has a valuable, well-established domain name, which is owned by their former web host. If they wanted to, they could hold the domain hostage, either refusing to transfer ownership or holding it for ransom. When scoping out work for another prospective client, I discovered they had somehow lost ownership of their domain and have had to lease it back from the legal owner to maintain their web presence. Since it’s unlikely that the owner will transfer ownership to them, they will probably have to embark on a rebranding effort and acquire a new domain to secure their future ownership rights.
In addition to owning the primary domain, it’s a good idea to acquire the domain names for variations on an organization’s core identity to protect the main domain and redirect people who may misspell or mistype the correct url. In addition to denovati.com, for example, we own denovati.net and denovati.org, as well as the domains for the alternative spelling, denovani.
Organizations may also want to engaged in what I call a “digital land grab” to claim related social media properties such as YouTube channels, Twitter handles, and Facebook pages. Even if they’re not needed in the short term, it’s better to reserve them just in case. I have a digital coaching client, for example, who owns several brand names and domains and is trying to decide which will be her primary digital brand. I encouraged her to reserve related Twitter handles until she makes her decision, so she doesn’t run the risk of losing any of them (which is what happened to another client of mine).
Email communications should be restricted to the organization’s domain-related address(es). I can’t emphasize enough how important this is, and how not doing it creates unnecessary exposure and risk for an organization, particularly when email messages include proprietary and confidential information. Let me start by sharing some “unrecommended practice” examples I’ve encountered:
- Years ago I worked at a firm that had a group of employees who never read their work emails. Rather than insist they they use their work email, the firm accommodated the employees by sending messages to their personal Yahoo, Hotmail, Gmail and other accounts on public email providers. More recently, I worked with a non-profit social services organization in which virtually everyone communicated using their personal email accounts even though they all had work accounts.
- The employees of two other non-profit organizations I have been working with recently use email addresses associated with academic institutions that provide some support for them (e.g., office space) but with which they’re not officially affiliated, rather than addresses connected to their own digital identity.
- The staff of the management company that runs my condo building use either personal email accounts or accounts associated with the management company for all building-related correspondence, rather than using email addresses attached to the domain for our building (which just so happens to be owned by a board member rather than the condo association – oy).
Some may think these examples are no big deal, but they create both risk and confusion. The first risk, as noted above, is that confidential and propriety information is not only being communicated via unofficial (and in some cases insecure) channels, it’s also being stored offsite. If an organization would not want an employee to take certain work documents home and leave them there, why is it okay to allow them to do the digital equivalent?
There’s also the risk that the organization can’t properly lay claim to or manage their own email property. Obviously it would be virtually impossible to retrieve all the organizationally-focused messages and related materials stored in people’s personal email accounts. But it could also be tricky to retrieve digital property that’s effectively owned by another organization (i.e., the academic institutions and management company in the examples above), particularly if the relationship with them ends on bad terms.
And finally, using a domain that isn’t associated with the organization or its brands can create confusion and may undermine the organization’s objectives. In the case of the non-profits, for example, people may think they’re dealing with an employee of the university, and/or that the communications and activities of the non-profit are officially-sanctioned university activities. They could also get the impression that the non-profits receive significant financial support from the academic institutions, which could hinder fund-raising efforts.
Note: although I am not as familiar with how this practice works, there may also be some risks for small organizations (in particular) who choose to use an email platform like Gmail, but mask it with their domain-focused email address. Anyone choosing this option would be well advised to read the fine print in the user agreement to ensure they have full rights to the content they create and all related Google data (e.g., contacts, calendar info), in addition to having their privacy rights reasonably protected.
It seems that not a day goes by that we don’t hear about some security breach that puts both individuals and organizations at risk. We may be fighting a losing battle to some extent, but there’s no excuse for not using good cybersense. One of the most important things we can all do is to establish strong (and unique!) passwords for every site we use. As noted in this article, “The question you need to ask yourself is would you trust (a) site to have a copy of your house key. If your house key could be copied instantly and used anywhere in the world by any person in the world, you wouldn’t.” They go on to advise, “Use a different password for each account you use — you wouldn’t use the same key in all of your locks, so the same goes for passwords.”
As with individuals, good password security for organizations means not picking obvious choices. For example, a hot dog stand that was established in 1932 should avoid passwords like “hotdogs1932,” “hotdogs32,” “hotdogs32!” and even “23sgodtoh,” as they are all easy to guess. Good password security is especially important for accounts that include confidential and/or financial information (e.g., PayPal accounts).
To reduce vulnerability to spam, unauthorized website access, and the malware that can be transmitted via email, organizations should not include individual email addresses on their website(s); they should use generic addresses like info@ or email@ instead. Better yet, all communication from a website should be funneled through an online form that includes a Captcha or some other feature to prevent bots from getting through.
As much as possible, organizations should limit access to digital property (even through their physical property!) to ensure that the smallest number of people necessary have access to various accounts. This applies to employees, of course, but also outsiders. Access for vendors or service providers should be deactivated after their contract ends, just as you would with an employee as part of the exit process.
And of course education is key. Everyone in an organization should be aware of the potential risks of exposure, as well as the possible entry points into various systems. Even the most sophisticated software in the world can’t protect against what is often the weakest line of defense: people. It’s important to make sure they’re informed, and that they are smart about where and how they engage.
If an organization is going to have a website, it should look good and be a positive representation of the organization and its brand(s). Even if a site doesn’t still have the flying flag gif (remember those?), that doesn’t mean it not’s conveying a sense of being old and out of date. Here again are some cautionary examples from clients and other connections:
- A single landing-page only site intended to be temporary but persisting for years
- A static, anemic site with little relevant info
- Broken links, missing images and other significant errors
- An unsophisticated site with an out-of-date look and feel (think shag carpeting, avocado green appliances, fussy furniture)
- A (many years out of date) blog, and/or one with only a few entries
Websites have changed a lot in the past couple of years, particularly to accommodate mobile devices, and if your website is your main digital hub you want it look good and reflect positively on your organization/brand. If you and your staff no longer wear giant, face-filling eyeglasses, muttonchop sideburns, big hair, and/or oversized shoulder pads, why would you want your digital property to convey the sense it was designed by Mike Brady or that your personal stylist is Austin Powers?
Maintaining a decent website requires a lot of time and hard work. Don’t have a website just because you think you have to have a website. Make sure it’s necessary for your objectives and brands. If you’re a “single shingle” professional, for example, you may only need a personal LinkedIn profile (especially now that they include a blogging feature) and possibly a company page. Again, use a physical world equivalent (e.g., a storefront, an office) to decide how important a website is, and whether it’s worth the effort to create and manage.
Although they’re unlikely to look dated in the same way, social media profiles can also poorly reflect on an organization and its brand(s) by not making proper use of the core design elements for things like Twitter accounts, brand and company pages on Facebook, Google+ and LinkedIn, and YouTube and SlideShare channels. Problems also arise when these profiles/accounts include erroneous or out of date information, such as Christmas hours in April, and old phone numbers and addresses. In addition to poorly constructed and managed organizational profiles, missing, anemic and inaccurate individual profiles on platforms like LinkedIn can be problematic as well – particularly if they’re associated with organizational leaders and other professionals with an external focus (e.g., sales, business development, recruiting).
And of course there’s the problem of what I refer to as “digital detritus,” which often happens when organizations abandon certain platforms or accounts without making an effort to board up, tear down, and or redirect visitors from digital property that is no longer being used. What kind of message does this convey to clients and prospects about the care and attention you’re likely to give to their accounts and the products and services you provide them? Would you want your company sign hanging on a building or office you no longer use (particularly one that looks dilapidated)? Once again, if that’s not a choice you’d make in the physical world, it shouldn’t be okay in cyberspace…
Organizations need to implement policies and procedures (and allocate time and resources) for maintaining digital property. One of the things that has become clear in the digital audits I’ve conducted, however, is that many organizations haven’t yet extended thinking about their operations from the physical world to cyberspace. I think the primary reason is the “false invisibility” of digital property. For example, one of my clients, a high-end grocery retailer that takes extreme pride in the quality of their brand, would never allow out-of-date signage in their stores (e.g., announcing Christmas hours around Easter), but there were numerous instances of that very thing on various pieces of their digital property (e.g., store-based websites, Facebook pages). Similarly, another client that runs an annual event is not nearly as quick at tidying up their website after the event ends as they are at putting away all the physical artifacts.
If you were to ask the grocery retailer how they keep their stores in such great shape, they would likely explain that they have various maintenance procedures in place, as well as a system for tracking and monitoring to make sure everything is in order. They would also say that responsibilities are clearly defined and that they make sure staff are properly trained to successfully complete assigned tasks.
That kind of operational logic, which is so well established in the physical world, has to be extended to digital property as well. Organizations have to build digital maintenance into people’s jobs, ensure staff have the required knowledge, skills and abilities, develop and implement a set of maintenance procedures, and monitor digital spaces on a regular basis. Doing this requires time, so leaders need to be sure staff have the capacity to incorporate digital activities into their regular work schedules.
If current staff don’t have the time or skills to take these tasks on, organizations should add a full or part-time position or outsource the activity. If there aren’t enough financial resources to add staff or hire outside help, it may be necessary to pull back on digital commitments. In most cases, a small (or nonexistent) digital footprint is likely better than a poorly maintained and managed one that reflects badly on the organization and its brand(s).
As always, I welcome your feedback. What questions has this piece raised for you? What would you add to, change, or delete from the recommendations provided?