When most people think about security in respect to online businesses, they think of things like passwords and security certificates.
These are definitely valid points, yet securing your online business goes much further than that.
Let’s delve into the various ways in which you can help protect your online business, both on and offline.
Secure Your Site
By far the most common ways of securing your business is to secure the actual site.
Encrypt Your Site
Unless your site is incredibly basic and doesn’t handle customer data or take payments, you will want to install an SSL certificate on the site.
An SSL certificate encrypts the connection on your site making it harder for hackers to hijack the connections for their own nefarious devices.
Even if the site is basic, you’ll probably want to install one anyway as Google now uses SSL security as a ranking factor for search results.
A basic SSL certificate comes in at under $100 per year so there is really no excuse not to get one.
Does your secretary or VA really need admin access? Do your blog writers need access to customer data?
Do all your offline staff need access to the website admin area?
No, not at all. You should be limiting how has access to what when it comes to your site. WordPress sites make this easy via third party roles and capability plugins that allow you to give people specific access to specific areas.
Beyond that, giving only those who need it actual accounts can go a long way to ensuring site security,
Keeping your site code up to date is essential for minimizing security holes. With WordPress sites this is easy as making sure your various plugins and theme, as well as WordPress itself is updated.
Custom coded sites are harder to maintain, but still should be regularly reviewed by a professional coder to make sure there are no issues with security.
Back Things Up
From your site, to your documents, keeping a secure copy of your digital world is one of the best ways to protect your business from calamities such as destructive hack attacks.
Keeping the encrypted and in multiple locations (on and offline) is also a wise move as that way you have several secure redundancies.
As with any backup, doing one big backup every year is pointless. Schedule your backups so that key data is backed up more regularly than less important data.
Using cloud services for documents is an excellent way to keep copies of data, and sites running WordPress have multiple backup options such as BackupBuddy.
Get Rid of Customer Data
Does your business hold onto sensitive data like credit card information? If so, consider this: if you get hacked, it’s highly probable that all that data ends up in the hands of the hackers and who gets blamed for it? You do!
Reducing the amount of sensitive customer data you store can reduce your liabilities should the worst happen.
What about marketing I hear you cry? Well, you can still obtain data but why not use a service such as Aweber to hold onto customer information that you can then use in your email marketing campaigns.
Did you know that when you buy a web domain, your details such as name, address and phone number are attached to it? Not only that but anyone worldwide can search your domain and get that information.
Bigger businesses will have no issues with this, but for small business owners, the details that are shown are likely to be your own home address and phone number!
Luckily most domain registrars such as Namecheap offer and additional service called WhoIs Protection. For a small yearly fee they will change your details to private yet still route any communications via WhoIs to you.
For under $3 bucks a year, this can add an extra layer of privacy.
Secure Your Devices
More and more online activity, both personal and business alike are being conducted via mobile devices.
This means that more thieves, hackers and unscrupulous people are targeting phones and tablets. In order to help secure your online business, you need to be securing your devices too.
Two Factor Authentication
This is some times known as 2FA, two step verification or TFA, and it adds an additional layer of security when it comes to logging into various websites.
It works by combining a regular password with another piece of data that an attacker is unlikely to know.
Sometimes it’s in the form of a list of codes provided by a bank for instance. More commonly it uses a code sent via text message (SMS) to your phone that you need to enter into the site in addition to the password, to gain access.
While it’s more time consuming to do, especially on numerous sites, 2FA is a smart move when it comes to security – people who are lax when it comes to security often fall foul of hackers.
Sites that most small to medium business owners will use regular like Facebook, Google (Gmail, Docs, etc), Apple, Twitter and many more.
WordPress site owners can also take advantage of 2 factor authentication when logging into their sites, because WordPress has an array of plugins that can help with this.
Public Wi-Fi is really handy and perfect for getting work done in a coffee shop. However it also has a downside in that a skilled hacker can take advantage of the lack of security most public WiFi has to intercept your communications (and that means login details too!).
If you have to use public Wi-Fi, then make sure that you are connected via a VPN which can essentially secure your communication over a public network.
There’s a lot of VPN providers out there, so if you’re not sure where to start check out Buffered.
Encrypt Your Devices
If someone was to steal your phone that contains access to your online business, they could easily get into the phone and grab the data.
That is, unless you enable encryption! By encrypting your phone unless the person has the right passkey any data they get will be unintelligible to them.
Most iPhones are encrypted by default so long as you create a pass-code for the lock-screen (which is why that FBI vs Apple issue came up).
Android devices though tend not to be encrypted by default, so you will have to enable it. Rather than reinvent the wheel, How to Geek already has a tutorial on encrypting Android devices.
Secure Your Devices
It goes without saying that you have an anti-virus program on your desktop or laptop computer. Most new ones come with one, and we’re all quite aware how important they are.
If you don’t run one what are your doing?!
Your computer is a gateway that a hacker can use to great effect. A simple keylogger on your PC can result in access to your site, bank account and more.
If you use mobile devices for business you should also obtain ant-virus and malware software for them too, especially as they are just as prone to attacks as a desktop PC is.
Protect Your Browser
As well as making sure you have a robust anti-virus software on your internet connected devices, there are other ways to protect your online activity.
By disabling certain technologies such as Flash and Java you can remove a large number of threats that make use of vulnerabilities in those software.
Secure Your Life
When it comes to security, the weakest link in the chain is usually human. That’s why it’s important to make sure you and any staff you have do your own due diligence when it comes to protecting your business.
Update Your Passwords
This is common advice but one that really need re-iterating to make sure everyone is clear: keep your passwords as secure as possible!
If your password is weak, change it. If your password is easy to guess, change it!
Change your password regularly, at least every 6 months.
Hard passwords are often hard for people to remember, I mean very few people find it easy to remember a 16 character password containing numbers, symbols and different cases.
Instead try passphrases: a passphrase is simply several random words put together, e.g. plantminionbookbed. They create long passwords that are hard to break but easy to remember
The other main cause for concern with passwords is that we just have to use so many of them! Seriously if you’re like me you use at least 10 passwords a day, often more. With some many sites and services needing passwords, it’s easy to fall into the trap of reusing the same password for different sites.
Doing this is a security risk, so if you use multiple services and struggle to remember passwords, use a secure password manager like Last Pass, then you only need to remember one password!
This sort of email is notorious in security circles because it makes use of the weakest link; users.
By masquerading as legitimate companies and often using scare tactics to force people to click links, phishing emails can install malicious code on peoples computers or gain access to secure passwords.
While email services like Google do an admirable job of filtering these into the spam folder, sometimes they slip through and this is where you and your staff have to be vigilant.
According to Wikipedia, in the first half of 2016 alone, there were 873,488 unique phishing campaigns detected.
That’s a scary figure and emphasises how common these threats are. You need to make sure that any email received is checked to be from the correct source before clicking links.
Generally phishing attacks use big name companies like Facebook, PayPal and banks, but it doesn’t mean smaller businesses can’t be used too.
Return Path gives an excellent run down of things to look for when checking if an emails is a phishing email.
Save Your Email
While not really a way to secure your business, using a disposable email or a junk email account can sure go a long way to securing your sanity!
You know how it is, there’s always a new service, product or blog demanding your email address, but unless you want to get bombarded with both genuine emails and spam, don’t use your main email address!
Secure Your Business
Security for your online business comes in many forms, and a fair number of new business owners forget some of the more mundane ways to help protect a business.
Private Contact Details
I mentioned earlier how buying a domain name can have your address plastered across the internet, but there are other things that can cause this too. For example if you do email marketing you will likely need to follow the CAN SPAM act, and one of the rules is that your emails must contain a physical address.
This is fine unless the physical address is your home!
Instead of using your real address you can rent a mailbox from sites like The UPS Store that use real mailing addresses.
This gives you several advantages:
- You can collect mail from it
- It looks more legitimate than a PO Box address
- Can be used as a business address on documents
Taking it one step further you can also obtain a private phone number as well. Google Voice, MightyCall and eVoice are just a few of the companies that supply this service.
Trademarks, Copyrights & Patents
Protecting your business also means protecting your brand, and products.
You can do this by taking advantage of existing laws surrounding trademarks etc.
- Trademark: These help protect your brand
- Copyright: These protect intellectual property
- Patent: These protect your products
Depending on your business type you may need 1 or all of these, and you should seek professional legal advice when it comes to implementing them.
This method of protection focuses on the end result of having your own business: money!
Being a one trick pony in this world is going to end in disaster; if the markets change, or something unexpected happens you can lose your business overnight.
Diversifying your business means increasing the number of income streams and making sure they are varied enough so that if one stream dries up, there are still others there to keep you afloat.
Insure Your Business
Most entrepreneurs are more worried about getting their businesses of the ground rather than focusing on mundane things like insurance, but any serious business owner sh9ould take time to review their policies.
There are a lot of different types of insurance out there, so it’s a good idea to speak to an insurance company about your specific needs.
That being said, for an online business there are at least three types of insurance that should be looked at:
General Liability Insurance
This sort of insurance protects your business from claims by others of bodily harm, property damage and personal injury (slander).
Professional Liability Insurance
This helps to protect you against claims that your service or product has not been done right or cuased issue. This insurance covers a wide spectrum of businesses from lawyers, through consultants, to hairdressers! It’s also known as errors & omissions insurance.
Data Breach Insurance
If you do run the risk of keeping sensitive data on your own servers, or even in paper form, then this type of insurance is a no brainer!
The Bottom Line
Protecting your online business, your livelihood, is not just about passwords, it’s far more than that.
Putting in the proper checks and thinking about your actions both on and offline can go a long way to preventing trouble from happening.
Making sure that your entire team is also following the guidelines is just as important, as it only takes one weak link to break the chain!