How Secure is Your Mailchimp Account?Your audience is the most precious asset your business has... is it safe?
Your business burns… what happens next?
Many years ago, I remember attending a workshop on marketing.
It was a broad workshop and covered many things, but there is one thing I kept going back to again and again, and that was “what would happen if something catastrophic happened to your business?”
It burnt to the ground?
You had to take 12 months off for health related reasons?
…and if something like that DID happen… what would the most important asset you had that would help you get back on your feet?
The answer was quite simple.
The most valuable asset your business has is your “list”
No matter what happens to you or your business, the most important asset you have is your list of prospects and customers. Without this, you don’t have a business, and if something was to happen, you’d struggle to recover from the setback.
…yet despite this, I’m consistently surprised by how people manage access to their Mailchimp accounts – essentially, their list.
I’ve seen people share passwords openly. I’ve seen 10 people using the same password and login within a business. I’ve seen businesses who give outside agencies access to their data… and even though the agency has finished the work years ago, they still have access the data.
The bottom line is that you need to ensure that the only people who have access to your data at anytime are those who you specifically want to be able to access your account… and that you limit access to what those people need to do what they’re hired to do.
In a world of data protection and GDPR, managing access to your Mailchimp account is essential to protecting your business from abuse and misuse.
Never share your Mailchimp username and password
When you set up your Mailchimp account for the first time, you are the account owner and the one who is fully in control.
Your login gives you full access to everything in the account, whether it’s the audiences your business has, the emails you send, or the back office settings you have.
It’s a powerful position and has full access… and this is why you should NEVER SHARE YOUR LOG-IN WITH ANYONE ELSE.
I really can’t emphasise this enough… anyone who has access to your log in has access to everything… and thus can steal your data, contact your audience with unwanted emails… it’s like giving someone your business front door keys and saying “I trust you”… even if you’ve only met this person once or twice.
If anyone asks for your log in and password, you should avoid providing this at all costs – it just doesn’t make any sense, especially when there are several alternatives built in to your Mailchimp account by default (at every level) that allow you to manage access without the need for giving out passwords etc.
So what options are available to provide access?
How to provide access to your Mailchimp Account to internal staff
Having access to data (and sending emails) is something that you may want to delegate to another staff member, with you in overall control.
If you want to do this, then do not share your log-in details (got the message yet?). If you do, and these people leave the business, they’ll still be able to access your data (not good!)
You need to add them as a new user, and when you do, set the level of access they have to the account.
To do this, log in to your Mailchimp Account and click on your name/account name in the top right hand of the page, and then click “Account”.
This will take you to the Account settings page, where you click “Settings” and then “Users”.
You are now on the page that manages who has access to the data in your Mailchimp account.
To add a new user, click on the “Invite A User” button and a new window opens up so you can invite someone and provide them access to the account.
You can give them one of four different levels of access:
- Viewer – a viewer can only see the reports that are produced for each campaign – so ideal for Admin staff who’s responsibility is to pull together performance data on your list and campaigns (and nothing else).
- Author – the next level up is Author, and they have access to the reports, but also the ability to create campaigns, templates and automations on the account. They however, can’t send campaigns. Ideal if you’re using a designer or copywriter to create the content of your campaigns, but want to be in control of the sending.
- Manager – Has the ability to view reports and create campaigns, but also has the power to press “send”… In fact, a manager has access to most of the account, but can’t see things like billing info, add-on data, they can’t manage users and can’t export any data. For the majority of situations this access is ideal for users.
- Admin – much like you, the owner, an Admin has access to everything. In fact, the account owner is seen as an “admin” by Mailchimp.
Once you’ve selected their level and added their email address (and any message you want to add), then just click send invite and they’ll receive an email where they can click, create their own log in and password, and then have access to your data (at the level you prescribed).
…but how about adding someone who’s external to your business, like a VA or an Agency?
Using the Mailchimp Agency Set up
If you’re working with an external support company, like a Virtual Assistant (VA) or an Agency, then you could give them access as if they were a member of your team, using the above process.
I used do this with most of my client accounts (want to work with me, click here), but once I realised that there was an alternative with a key benefit, I moved over to that.
I now use the “Mailchimp for Agencies” option.
It offers the same levels of access as the standard “add a user” option… but also gives the agency some flexibility.
If your Agency/VA has an “agency account”, then they can send an email to you requesting access to your account.
As the account owner, you can still restrict the access you give to an agency (i.e. viewer/author/manager/admin), but once you’ve granted the agency access, the agency can add other ‘collaborators’ to the agency account – thus letting them allow other specialists access to your data (e.g. a designer/copywriter), without having to share their log in details – and you can see them on your account as well.
…and you can still “remove them” from your account once the relationship is over (much as you can a standard user).
Actions you should take
If you’re not sure about what you should be doing now here’s a quick hit list of specific actions you should take:
- Change your Mailchimp password – if you’ve got more than one person who’s got access to your account with your username password – change the password NOW, and then go in and add each as a new user for the account. If you miss anyone, don’t worry, cos they’ll surely reach out when they can’t get access!
- Add new internal Mailchimp users as “users” – Get them to set up their own log-ins and control their access at Account >> Settings >> Users
- Add new external Mailchimp users as an “agency” – If you’re working with an external agency/VA get them to apply to manage your account as an agency – so you can see who else they use to access your account (and adding another level of safety).
- Review existing users regularly – if you’re already using users to manage your account, great… but when was the last time you reviewed access?… I know I’ve stopped working with a couple of clients… and I’ve still got access to their data.
If you are an Agency/VA…
- Set yourself up as an agency – it’s pretty easy, just go to Account >> Settings >> Details and scroll down to the Mailchimp for Agencies tick-box and set it up
- Request access to your client accounts – Once you’ve set it up – you can see a new tab on the Account page – Clients – where you can request access to your client’s Mailchimp accounts.
It’s your data… Protect it
In a data protection/GDPR world, from a legal point of view, you need to make sure your data is only accessible to those who you want to give access to – it just makes sense.
…but from a business protection point of view, ensuring that the most valuable asset you have, the one that will help if anything ever goes wrong, is essential.
Make sure you’re covered as soon as you can and limit potential data abuse/misuse.
Robin Adams is a business owner who is passionate about helping businesses build effective marketing systems that work and don't waste money. Having a lifetime of Marketing experience (he's got a degree in Marketing before there were degree's in Marketing!) and having worked for big and small businesses and both client and agency side, he understands not only the theory, but the systems that are required to underpin everything.
51% marketer and 49% Chimp, Robin is the main man behind chimpanswers.com and the Mailchimp Answers Facebook Group - the world's biggest Mailchimp User Group. Connect with him on Linkedin.