How to Ensure Data Security When Outsourcing

The modern world is full of cyber threats and we often don’t know where they come from. 

While people take care of all the measures to improve the security of their web applications, they often overlook internal attacks. 

Good anti-malware software and firewalls help secure your data, but it also pays off to prevent the breaches that may come from the inside. 

In celebration of Cybersecurity month this October, we listed down tips on safely sharing your sensitive assets with third-party developers. 

4 Tips on How to Safely Share Sensitive Information With Third-Party Developers

Of course, it’s great to hire a developer from a reputable agency – but taking extra precautions never hurts. Here’s how to protect your data: 

1. Don’t provide all the accesses right away

Ask why the developer needs the requested details and how they plan to use them. It’s important to know the reason why they need them. So, don’t hesitate to always ask “why?” and “what for?” 

For instance, your developer would only like to replace theme files. Tasks like this don’t require access to your control panel. You can provide the FTP details instead or create a separate FTP account that they can use.  

2. Create a separate user

Instead of sharing your WordPress admin panel access, you can create a separate account with enough access. Then once tasks are completed, you can just delete the account. 

This way, you can track who made the changes. You can also restrict some actions, including post and plugins deletion, comments management, and the likes. 

3. Protect your control panel

Limit the people who get admin access to your control panel. As you know, control panel access allows anyone to modify your hosting settings – including removing access to your mailboxes or even your DNS settings. 

Anyone who can access your control panel can modify DNS settings. On top of that, they also get access to your personal mailboxes – if you use the mail service provided by your host. Besides, you’re provided with FTP accounts for file transferring and database management. 

For instance, if you use cPanel and need your dev to deal with WordPress, you may want to share FTP and database access separately. 

Here’s how: Log in to your cPanel > Find the menu FTP accounts > create user and password for your developer:

Remember, pay attention to the Directory and make sure that it’s the correct folder where you keep your website files.

Also, make sure to share the details in the format [email protected]. If only ‘mydeveloper’ part is shared, the system will not accept these details.

Now, it’s time to take care of database details. To perform some advanced data management commands, you may need some SQL training. These instructions, however, are much easier, so you will be able to manage it without any experience with SQL. Navigate MySQL databases menu:

Once there, scroll down to the section ‘MySQL users’

After it, assign the user to the necessary database.

Remember, the correct database for WordPress can be found in the File directory for your website > wp-config.php file.

In our case it’s wp_test.

Now you’re ready to provide the developer with access to your files and remote access to manage your database. 

The instructions above aren’t exclusive only to WordPress. For any cases where you need to provide someone with separate access to your files and databases, you can use the same commands to avoid sharing control panel credentials. Just remember the config files for other CMS: 

• Joomla-  configuration.php
• Magento – env.php (new versions) and local.xml at /app/etc for the installation directory (old versions)
• OpenCart – config.php

4. Share passwords with caution

Share your passwords with extra caution, not only for your control panel but in general. Refrain from sharing passwords in plain text by using tools like KeePass. This allows you to store the protected passwords on your local machine or bring them with you through a flash drive. 

Another thing, as much as possible, don’t disable 2FA authentication if your accounts use it. In the event that your developer requires access, agree on a time that works for both of you. This way you can authenticate the login attempt without disturbing each other.  

Final Thoughts

Always delete all extra accounts you created for specific tasks only. Also, don’t forget to update your account details to prevent any potential risks.  

While external cyber threats are something to keep an eye on, it’s important to also protect yourself and your business from internal threats.  

For maximum security, it’s also a good practice to have a backup to keep your data safe!