In recent years hacking is getting more common especially with Medibank and Optus getting hacked last year and many other institutions around the world being affected too. As a small business owner you’re probably not sure if your website or online platforms are protected or if your business and/or personal information is falling into the hands of hackers, that’s why I’ve written How Business Owners Can Stay Safe Online & Avoid being Hacked so you know exactly what to do to stay safe online.
Cybercriminals are out there, and always looking for ways to find more peoples personal information or data to use, sell or benefit them in someway. This means you need to be thinking ahead and being proactive so if someone does attempt to hack your website or other platforms you’ll be so secure they’ll give up easily.
How do you do this? Let me share with you the essentials on being safe online and remove the fear of a hacking gremlin.
1. Secure Logins
Everyone thinks just having a secure password will keep you safe but I also want to stress how important having an unguessable username is too. For example, a hacker could guess your username, and if your password was leaked via a data breach it won’t take them long to gain access to your website. But if you have a username that isn’t obvious (i.e. admin, yourname, your business name etc.) then you add an extra security barrier to your website making it harder for them to get in.
If your a WordPress user, please go to your dashboard > Users tab to make sure your username settings only display your name and not your username to keep this private and secure.
Next is your password, it’s an obvious one and probabaly the most annoying. Creating a password that’s complicated, not easily guessed by hackers but still easy for you to remember, isn’t an easy task. If you’re anything like me you’ve reset your password to something super secure, only to forget it the next day and have to reset it all over again.
So here are some ideas to help you create a strong password while creating one that only you can remember (this has worked for me). Try using your first car’s number plate and year you purchased it. Your childhood street and current year, plus a symbol. Your (or your child’s) favorite book (acyronyms are great if it’s a long title). I’m sure this has sparked some ideas on new passwords for yourself. It needs to be something only you would know.
Unfortunately any public information like your street address, your /childs/pets names aren’t safe enough. Make sure whatever you end up choosing has a capital/s letter, lowercase letters, numbers and even add a symbol or two. The harder it is to guess, the safer you will be.
Please never use “password” as your password.
If you know your website is getting frequently hit by hackers, I would highly recommend you enabling a two-factor authentication (2FA) to your website, and is very easy to do within WordPress. This layer of protection will send you a code or an email to confirm you are logging in, something a hacker does not have access to, and making it 98% impossible for them to hack your website by logging in.
I’ve spoken a lot about your webiste here and I want to stress how important it is to have secure logins for your other website items like hosting platforms and domain register. Hackers have been known to login and steal domains and sell them for extortionate amounts. f this happens to you please report any dodgy behaviour to your hosting/ domain platform so they can investiage it, and then report it to a government body so you can take furture action. Check out ICANN for any .com, .org, .net domain extentions, but if you have a .com.au, .au or australia specific domain extention please contact our local government body AuDA who looks into such issues.
2. Keep Up-to-Date Software & Apps
This recommendation is less obvious but from my experience there’s been an increase in hackers getting into your webiste via a plugin or app that wasn’t up to date. Word spreads within the cybercriminal community and they all go after the same app/plugin to gain access through the backdoor of your website. No password required, which is super scary.
This means if your website is built on a CMS like WordPress, Drupal or similar, please ensure your code is up to date, any app or plugins are updated and your PHP is at the current recommended version (7.8+). Hackers will look for vulnerable websites with outdated software and/or apps, so don’t make this easy for them. Keep it up to date.
Login to your website now to see if it’s safe and up to date, and please ensure you do a backup of your website first.
3. Stay away from spammy emails
It’s easy to say stay away from spammy emails, but how exactly can we do this? They’re constantly flooding our inboxes and it can be hard to spot real from fake. We’ve all been there, we see an email come into our inbox saying login to your account to update your expiring card details or your paypal account has been hacked and changed your account details.
Next minute, you’re handing over your personal information to hackers and they’re ordering who knows what from your credit card.
So what can we do about this?
First up, never click a link in an email you didn’t ask for, subscribe to or that isn’t familiar to you. If you get a message saying your account details are expiring, open a new browser and type into the url the website in question to login and check your account details. Alternatively, call the company directly. They will usually inform you of a scam or if any action if reuqired from you.
Secondly, report this scam to the organisation. They can take legal action if required towards that person and shut down the scam, saving others from being going through the stress of having their details in the hands of nasty people.
4. Security when using Wi-fi
When logging into your private accounts always try to do so from home. But what happens from you’re working form the library a co-working space or a cute cafe oversea? you need to still access these accounts and don’t always hvae the time to find a secure network like your home.
I‘d highly recommend you use a VPN in this case, to secure your business and personal information and make it wayyy harder for hackers to see what you’re doing online.
5. Always Backup Your Data
When the worst has happened, I have always been able to reassure my clients that I’ll be able to get their website back to how it was before a hacker took over their site and uploaded spammy information.
How? Because rule 1 of having a website is always back it up!
Back it up before you make an edit. Back it up before you update software, an app or a plugin. Back it up daily with your hosting platform.
This means that if something breaks, your website starts acting a little buggy, or a hacker ruins your website, you have a previous version of your beautiful webiste to fall back on that you can easily upload and go back to business as usual. An easy fix in a stressful situation.
Wrapping up this post, I want you as a small business owner to be safe online and these days we need to be a little more proactive to protect yourself online. By following my recommendations above, you can significantly reduce your risk of being hacked and keep your business and personal information safe. Just remember the secret to having unguessable login, regularly check your software, apps and plugins are all up to date, never click lins in emails or in text you didn’t ask for, access private information on public wifi, and please, please, please, always backup your website.
By adding these security measures to your website, you will keep your business safe, with the added bonus of knowing you are annoying thousands of hackers who can no longer easily hack your website.
If your a WordPress user and unsure of your website’s health when it comes to security or are feeling a little overwhelmed and unsure where to start, please check out my new service Website Security & Safety Audit that can help you with this. It’s a monthly subscription where I regularly check your website for opportunities that hackers may be looking for and ensure your website is always safe and up to date. Taking that extra layer of stress (and admin) of your plate.