IMPACT Inbound Marketing Agency]

They Ask, You Answer Mastery

A coaching & training program that drives unmatched sales & marketing results.


Sales Performance Mastery

Improve the competencies and close rates of your sales organization.

Web design

Website Mastery

Web design, development & training for your team.


HubSpot Mastery

Everything you need to get the most from HubSpot.

AI Mastery

AI Enablement Mastery

Unlock the power of AI in all aspects of your revenue operations.

Discover how IMPACT’s services can help take your business to the next level. Book a free 30-minute coaching session Book a free 30-minute coaching session
Learning Center
Learning Center

Learning Center

Free resources to help you improve the way you market, sell and grow your business.

[NEW] The Endless Customers Podcast is now available everywhere. Learn how to earn trust & win more customers in the age of AI. Listen Now Listen Now

Free Assessment: How does your sales & marketing measure up?

Close Bottom Left Popup Offer

Free Assessment:

How does your sales & marketing measure up?
Take this free, 5-minute assessment and learn what you can start doing today to boost traffic, leads, and sales.
Alex Serrano

By Alex Serrano

Nov 28, 2019


Working With Marketing Agencies Data Security Executives and Leaders
Join 40,000+ sales and marketing pros who receive our weekly newsletter.

Get the most relevant, actionable digital sales and marketing insights you need to make smarter decisions faster... all in under five minutes.

Thanks, stay tuned for our upcoming edition.
Working With Marketing Agencies  |   Data Security  |   Executives and Leaders

Data security: Should you trust an agency with the 'keys' to your website?

Alex Serrano

By Alex Serrano

Nov 28, 2019

Data security: Should you trust an agency with the 'keys' to your website?

It seems like we hear about data breaches and customer data being leaked by hackers on a daily basis. It's no wonder public skepticism is on the rise and services like Lifelock and Lastpass have become increasingly popular. 

As a business, you are not just responsible for your own personal data, but for that of all your clients, employees, and vendors. To secure this kind of data on a commercial scale, you need services that offer better encryption, require two-factor authentication, and have been truly tested by ethical hackers. 

With so much risk and skepticism, is it really safe to trust a marketing agency with the keys to your website?

Working with an agency generally requires you to share sensitive information like login credentials. So, when an agency you are working with requests these credentials to your CMS or CRM system, what should you do? 

The answer is that it depends

It depends on what security measures the agency has in place, it depends on their reputation, and it depends on what method they use to request your sensitive data.

Giving your passwords to an agency

Here are some of the most common transmission methods an agency may use to request sensitive information:


Email is the most commonly requested delivery method. Usually, the agency will send you an email requesting login credentials and asking that you respond to that email without hesitation. Please don’t ever do this!

Email is not secure, and it doesn’t take much for a hacker to get a hold of your information. If you must use email for delivery, there are secure services like ProtonMail that offer end-to-end encryption and anonymous email. The data you send can’t even be seen by ProtonMail itself. Messages are stored on and transmitted between servers and user devices in an encrypted format.

Messages between users are also transmitted in encrypted form within a secure server network. Because data is encrypted at all steps, the risk of message interception is largely eliminated, thus providing a safer solution. 


Texts are even less secure than email. They can be intercepted, but even if they’re not, the information that is shared usually stays on someone’s personal phone. 

With the ability to sync your devices to the cloud and cross-device sharing, the security risk is increased. When someone switches phones they often forget to delete data.

The government and the phone company also have access to this information. Text is generally not an official communication method for most companies, so be wary if you are being asked to send your login credentials this way. 


If an agency asks you to send sensitive data over a fax line, RUN! Not only is it antiquated, but a fax machine creates a physical copy of whatever document you send that can roam around the office for everyone to see. Usually, fax machines are located in a public area of the office, too, which means anyone can see it — or worse, take it. 

Password management services:

Services like LastPass are a good way to send your credentials. We at IMPACT use LastPass, which uses multi-encryption security and does not store data locally, meaning the information will never exist on an employee’s computer or anywhere in their offices.

LastPass stores your encrypted data in the cloud so it does not reside on anyone's device, and password management is the company’s only business.
If you sign up for a free account you can store your passwords and share them with an agency via the platform.

A comparable service is 1Password. 1Password started off as a Mac-only product but now is available on most platforms. 1Password also has a slightly more secure login process, requiring not only a master password but a secret key as well.

LastPass works virtually anywhere with any device and browser and does not require you to install an app locally as 1Password does. LastPass also has an Emergency Access option, for cases when you may be very ill or die, then someone else can take it over and you don’t lose everything.

LastPass for business starts at $4 per user per month, and there are several plans that will fit different business needs. 1Password has one business plan, $7.99 per user per month. Asking your agency what it uses and why can also be helpful in determining what service to use. 

Educate yourself

Data security may seem like a foreign language to many, but arming yourself with the right information is key to making an educated and informed decision. Here are some definitions to help you when asking questions and doing your research.

Geo-Fencing: a virtual perimeter for a real-world geographic area. Some services use this to determine where you are logging in from to prevent logins from anywhere outside this area.

Data Encryption: a security method where information is encoded and can only be decrypted and accessed by a user with the correct encryption key. There are different levels of encryption. AES-256 is considered the most secure encryption method today.

Encryption takes place at the device level, then data is sent to TLS (Transport Layer Security), a cryptographic protocol that provides end-to-end communications security over networks, avoiding any middle-man attacks. AES-256 is widely accepted as impenetrable – it’s the same encryption type utilized by banks and the military.

Brute Force Attacks: (also known as brute force cracking) is the cyberattack equivalent of trying every key on your key ring and eventually finding the right one. Brute force attacks are simple and reliable. Attackers let a computer do the work – trying different combinations of usernames and passwords.

Asking the hard questions

The best way to help ensure your information is safe is to ask your agency. The agency you are working with should be open about its security policies, and if it isn't, that should be a concern. Here are some questions you should ask:

  • How do you treat your sensitive information?
  • What services or methods do you use to store, send, and receive sensitive data? 
  • How many people have access to your data? 
  • Have you ever had a data breach? If so, what was the resolution?
  • Has there ever been a misuse of a client’s login credentials?

At IMPACT, we take client data security seriously. We recommend that our clients use LastPass because we have done our research and its security measures are the best in the industry that we have come across. 

Whether it’s multi-factor authentication, geo-fencing, login controls, or risk assessment status, there are many available checkpoints in place to help secure your data. At IMPACT we use LastPass across the company. 

So, should you trust an agency with your login credentials? If they are using secure methods, are open about their policies, and limit who has access, then the answer is probably yes. 

At the end of the day, the time you put in to research what they are doing with your information can save you many headaches later on down the road.  

Free Assessment:

How does your sales & marketing measure up?
Take this free, 5-minute assessment and learn what you can start doing today to boost traffic, leads, and sales.