Think cyber attacks only happen to big companies? Think again! In a way, small businesses are actually more vulnerable because they usually don’t have a dedicated security team to keep a watchful eye.
An ounce of prevention is worth a pound of cure when it comes to keeping your stuff safe online. These 9 digital security essentials will help you protect you.
Listen now!
I checked the headlines today and there are news of huge companies preparing for cyber attacks…Toyota actually went ahead and suspended some of their operations after a suspected cyber attack. So it’s a real issue, it’s happening out there in the world as we speak.
In light of recent events, I thought now would be a great time to go over digital security for solopreneurs, small business owners, and honestly – everyone!
While none of us are running businesses as large as Toyota, we are, unfortunately, still at risk for being attacked. In a way – small businesses are perhaps MORE vulnerable, since most of us don’t have a dedicated security team…people aren’t working round the clock to make sure we’re safe.
Take my word for it….it can happen to you. I’ve been working with clients online for over 9 years now, and I’ve seen it firsthand. I’ve had numerous businesses come to me, looking for help cleaning up a hacked website.
An ounce of prevention is worth a pound of cure.
Honestly, you can’t be 100% protected from the threat of a cyber attack or getting hacked – BUT. There are A LOT of fairly simple, straightforward measures you can take to mitigate your risk. 9 times out of 10, when I think back to the hacks I’ve personally seen in all my years online, the protective measures we’re going to talk about here today would likely have worked and put an end to the threat.
Digital Security Tip #1: Take Ownership
I want to remind y’all of something: you’re in the driver’s seat.
You’re the owner, the founder, the creator, the “CEO” of your brand, right?
Then you need to take responsibility and make sure you know what’s going on inside your business.
Most solopreneurs and super small, micro business owners don’t have separate tech, IT, or cyber security departments….so it’s up to YOU to step up and oversee everything. Make sure you’re protected.
Know Who Has Access & What They Have Access To
You should always know who has access and what they have access to.
I have seen some of my clients hire consultants:, for example, someone to create and publish content on their website. These consultants are given access to the entire back-end of the website. Of course, that’s usually fine, as they likely need that in order to perform what is expected and required of them.
But, what I commonly see is the consultant and the business eventually end up going their separate ways. Yet, the consultant still has access to the back-end of the website months or even years later.
Clearly, if the consultant wanted to be vicious and do something bad, they wouldn’t have to try very hard since their access was never revoked! This is a huge security hole.
I like to think that most of the time, people are good and would never be up to anything malicious – BUT it’s still an issue because it’s one more account, out there in the world, that has access to all your stuff. And if that account were to all into the wrong hands…maybe it has a weak password associated with it, or something like that…that becomes a HUGE issue for you. And, it could easily have been prevented if you had just revoked the consultant’s access the moment you stopped working together.
Naturally, this depends on the size of the business and what you’ve got going on, but for most solopreneurs and microbusiness owners, I recommend performing an audit where this is concerned once or twice per year to make sure no one slipped through the cracks.
Know What Accounts You Have, What Software You Use, Etc.
On this whole “taking ownership” note also, you should also be completely aware of what you have set up, what software you’re running, where you have accounts, and so on.
I always recommend making a spreadsheet of EVERYTHING you have that’s related to your business. Include the name, what it’s used for, and also the cost and renewal date, if applicable. The spreadsheet is important because, as your business grows and you continue to require more and more stuff for your business…more software, more accounts, that sort of thing…it’s really easy to forget everything you have associated with it.
It’s kinda like your real life wallet or purse. If your wallet was stolen right now, would you KNOW for a fact which credit cards were in that wallet so you could report them as stolen? Or would you be scratching your head because you have NO idea what was inside of it?
When you don’t keep track of what accounts and such you have online associated with your business, a couple issues arise. Practically speaking, this can be an issue because maybe you don’t have something on auto-renewal and it ends up lapsing or something.
Or, maybe you have something on auto-renewal but you aren’t even using it anymore – and you end up paying hundreds of dollars for something even though you haven’t used it in 2 years.
From a digital security perspective, it’s just a good practice to have a working knowledge of all of your accounts, what’s going on with them, and so on. It’s all about taking ownership and knowing what’s up!
Digital Security Tip #2: Keep Software Up To Date
Keeping your software up to date is crucial because most software updates contain security patches. These patches fix vulnerabilities that were previously identified.
Software vulnerabilities are little flaws, and hackers love to take advantage of them.
Most of us probably aren’t in the habit of looking at changelogs when we update – but if you do, you can find some pretty interesting stuff. Changelogs routinely mention the update contains “various security fixes.” You can usually read more technical details about the fix and the vulnerability it is repairing, if you are so inclined.
Pretty much every software out there has vulnerabilities like these, because tech changes so rapidly. Everything is constantly being improved upon. So it’s very important to get into the habit of downloading the latest version because these little flaws are fixed.
Like, imagine if you were running software that you hadn’t updated since 2000. First of all – it probably wouldn’t work. Second of all – it would be extremely insecure.
Update Your Internet Browser, Your Apps, Your OS, & Your Website.
Protect yourself by keeping everything up to date. This applies to everything from your internet browser to your apps to your operating system (OS).
When it comes to your website – if you are using a closed-source software like Squarespace, you don’t really have much control over this as Squarespace performs the updates for you.
If you’re running a self-hosted WordPress site, then it’s extra crucial to make sure you are putting in the effort and action to keep your stuff up to date, because you’re responsible for this. You can generally turn auto-updates on which – personally, I don’t really like but I won’t get into that here — but just make sure you’re aware that if you’re using a self-hosted WordPress site, you are responsible for updates.
And if you’re not sure what any of this tech talk about website building platforms means but are curious, check out my Website Building Platforms: Review & Comparison.
Digital Security Tip #3: Back Up EVERYTHING
And I do mean everything. Phones. Laptops. Your website. Important emails. Tax documents. Passwords.
Mark your calendars because March 31 is world back-up day! I didn’t even know that existed until I was putting together the notes for this episode.
Their website, worldbackupday.com, offers some great statistics:
- 21% of people have never made a back-up.
- 113 phones are lost or stolen every minute
- 29% of data loss is caused by accident
- 30% of all computers are already infected with malware
Yikes, right?!
Sometimes the threat isn’t so malicious: sometimes, your hard drive or computer just wears out and bites the dust and you lose your data.
And sometimes, when it comes to online stuff, data loss is due to just not being on top of your stuff.
I’ve had clients come to me because their websites were erased because they failed to renew their account with Shopify, Squarespace, or their web host or whatever and they didn’t have a back-up. And that’s why “take ownership” was tip #1 here, because simply being on top of what’s going on in your business can prevent a lot of hardship.
What Back-Up Method To Use?
You’ve got options!
- External hard drives
- USB flash drives
- The cloud
- Physical copies
- Back-up services
It’s also good to mix: keep one back up on the cloud, and another on an external hard drive.
Physical copies don’t work in all situations, but is certainly a good idea when it comes to physical documents, like tax records and financial stuff.
Be aware that back-up services may be included in what you are already paying for. For example, some of the better web hosts now offer back-ups included in their plans. In my opinion, you should also be doing routine manual back-ups, but having automated back-ups running in between times is wonderful reassurance.
Digital Security Tip #4: Use Safe Passwords
Using safe passwords is crucial.
A lot of people use shockingly insecure passwords. (I know this because I routinely have to acquire login details from clients in order to do my job.)
If your password contains any of these, listen up:
- The word “password”
- Your name
- Your brand name
- A family member’s name
- Your birth date
- “123” or consecutive letters or numbers
These things do NOT make for secure passwords.
It’s also a best practice to avoid keyword combinations that look random, but actually aren’t. For example, asdfgh987 seems random, right? But if you have a keyboard nearby, check it out. You’ll see that the combination actually isn’t so random. It’s just part of home row and 3 numbers that are right next to each other on the keyboard.
How To Pick A Good Password:
The best passwords are:
- Contain a combo of words, numbers, symbols, and uppercase/lowercase letters
- Long! 16 characters (or maybe even longer)
- Unique: don’t use the same password for every account you have
Digital Security Tip #5: Set Up 2-Factor Authentication
2-Factor Authentication (2FA), honestly, is a bit of a pain BUT it can certainly protect you, so it’s definitely worth setting up.
2FA adds an extra step to the login process.
For example – normally you would just login with your username and password and you’d be in, right?
With 2FA, you login with your username and password, and then you additionally have to verify your login via a code on your phone, or with another verification method.
For a lot of stuff online, 2FA seems to be automatically enabled. Have you ever tried to login to your Google account from a device you don’t typically use? You probably were asked to verify your login.
For your website, you usually have to turn 2FA on yourself. Self-hosted WordPress sites can use a Wordfence plugin to install this feature. If you’re using Squarespace, you can turn 2FA on in your account dashboard.
This is likely the case for other platforms too.
You’ll typically need to download an authenticator app, and, after enabling 2FA, you’ll need to access the app when you login to grab your authentication code. You can usually modify the settings so you don’t have to authenticate EVERY time you login…instead, maybe once every 30 days.
This is one thing I’m REALLY recommending right now to protect your accounts, so do it!
Digital Security Tip #6: Be On Alert For Suspicious Emails
We all know about the Nigerian Prince scam, right? Long befor the Tinder Swindler – although kinda in the same vein – we had the “Nigerian Prince” email scam. This was apparently one of the first to flourish on the internet, and it’s still going on today.
The premise: the Nigerian Prince poses as a person of wealth and position, and guess what? He needs YOUR help – more specifically, he needs your bank account number for a small advance payment. If you help him, you’ll get a reward of a large sum of money for your assistance.
Of course – it’s all a scam. In reality, if you give the Nigerian Prince your bank account info – and, spoiler alert, the Nigerian Prince is not an actual Nigerian Prince, in case you haven’t caught on…he’ll drain your bank account. Oh, and there’s no reward for you. Only a big fat 0 in your account.
Most of us online these days are wise to the scam of the Nigerian Prince – and a lot of email scams are very blatant and obvious that they are scams.
But, honestly, these schemes have grown more elaborate and believable over time. The scammers have adapted because they know the Nigerian Prince stuff isn’t gonna fly.
Keep Your Cool
Email scammers really rely on us normal folks not being savvy to their ways. If you get an email that seems a little “off,” my first advice is to always do a Google search with keywords that describe the email to see if there’s anyone online talking about it. Keep your cool, stay levelheaded, and don’t let your emotions get the best of you.
Some of the scammy emails seem very threatening, so it’s hard to not let your emotions take over. But you can usually just do a simple Google search using keywords that describe the email, like “Nigerian Prince wants money,” and you’ll easily be able to figure out it’s a common scam and you have nothing to worry about.
Be Cautious Of Anything That Looks Suspicious Or Is Unexpected
Use caution even if it looks like it is coming from a sender you recognize.
In the past, I have received emails from names I have recognized, but the email content clearly was not legit. (This is what “spoofing” is all about, which we’ll talk about in a sec).
Be cautious with links and attachments because they can contain malware or lead you to some place malicious. If you’re on a laptop or desktop computer, you can typically hover over the link to see where the link is really pointing to. (It’s easier than you think to make it look like you’re clicking a link to paypal.com or something, but the actual destination is paypal.xyz or some other non-legit place.)
Digital Security Tip #7: Prevent Email Spoofing
What’s email spoofing? It involves the creation of email messages with a forged sender address. So, emails could look like they are coming from you@yourcustomdomain.com name email, but they actually aren’t.
Scary, right? Email spoofing can trick people into thinking a legit company is emailing them, when in reality it’s a bad guy with ill intent.
Email spoofing is weird and complex. There are several different things you can do to prevent your email address from being used in this type of scam. Here are two:
Set Up The Right Records
If you have a custom email set up at your domain, like you@yourcustomdomain.com (and if you don’t…but you want one…check out The (Kinda) Quick Guide To Domain Name Email), then you will want to set up some additional records to prevent against email spoofing:
- SPF record
- DKIM record
- DMARC record
You can typically find instructions for setting this up with your email provider, like Google Workspace or Microsoft 365.
Use A Throwaway Account For Registrations
I’ve heard using a throwaway account, rather than your important email address, when you’re registering for stuff online can help too.
I can’t vouch for its effectiveness, but supposedly this can help prevent your regular email address from getting on lists that are used for sending spoofed emails out in bulk.
(This can also help keep your regular email inbox clean and free of promo emails.)
Digital Security Tip #8: Be Mindful Of Where You Store Sensitive Data
If you’re doing business online, you’re probably collecting customer data, right?
Even if you aren’t directly handling credit card data — the likes of Paypal, Stripe, and other processors usually take care of that on our behalf — you still are likely collecting name, email address, phone number, mailing address, etc. You need to do what you can do to protect it.
A lot of the other tips we talked about previously will help protect your customer or client data. In addition, be cautious with any third-parties you share customer data with. They may not be 100% safe.
This doesn’t apply to customer data, but there was a case a few years ago where people stored passwords in Trello. Now – they probably shouldn’t have been storing passwords there in the first place. But it turns out, because Trello boards can be public and indexable by search engines, some of this password data was public to anyone looking for it.
Bottom line: make dang sure if you’re storing sensitive data somewhere, where you are putting it is safe! Otherwise, you’ve just got a mess waiting to happen.
Digital Security Tip #9: Perform Audits Often & Stay On Top Of It!
Digital security for solopreneurs and small businesses is something you can’t wait around on. Take action today! Remember: an ounce of prevention is worth a pound of cure.
Don’t wait until your website gets hacked or your email gets compromised to deal with your digital security.
- Regularly change your passwords
- Check software and apps for updates
- Ensure only people who need access have access
- Make sure YOU’RE up to date and knowledgable
Remember that technology changes rapidly. As it evolves, so should your strategy.
Wrapping It Up
We’ve only scratched the surface with our security tips here, but this gives you a good place to start. Honestly – if you follow these 9 tips discussed here, you’re in a much better place than a lot of people, since a lot of them aren’t even using safe passwords!