Securing your online business isn’t only for the Fortune 500 companies. Hackers are also busy finding ways to gain access to your info or attack your website.
If you’re a solo boss on a budget, you may not have the resources to hire a cybersecurity pro, but there are lots of tips + tools to keep your info safe, website secure, and desktop (and other devices) protected from attacks.
This post contains affiliate links, this means I receive a commission (at no extra cost to you) if you make a purchase using one of my links. Thanks for your support!
Tired of being stuck on how to set up Dubsado or HoneyBook?
Want to know the right things to say to new leads and clients?
Ready to focus on connecting with your audience knowing everything is running smoothly in the backend?
Get instant access to done-for-you templates to help you improve your client experience!
Use a password manager
No need to remember 20+ passwords when you’re using a password manager like LastPass (free or $24/year).
After you save your accounts/profiles to your LastPass account, alls you have to do is sign in using just your email and one master password to gain access to your vault (where all your usernames and password hang out). When you sign up, you’ll have access to your vault whether you’re on a desktop, laptop, or mobile device.
Using the same email and password combo for all your accounts? If your G Suite/Gmail account ever gets hacked, the hacker can try to use the same password on your social media, bank accounts, or WordPress website.
Let LastPass generate a strong password that’s hard to crack and it will save this info for you. A strong password will have at least 8 characters including upper and lower case letters, numbers, and special characters (!@#$).
Use different emails for your accounts. Example – firstname.lastname@example.org for your finances, email@example.com for general, and firstname.lastname@example.org for clients. Use Google Domains to set up extra emails (alias) for your domain.
Related: How to Create a Secure Password You Can Remember Later: 4 Key Methods (Buffer)
Do remote work privately
Whether you’re using public WiFi at Starbucks or a coworking space like WeWork, it’s a good idea to use a Virtual Private Network (VPN) to keep your info secure.
Companies like Private Internet Access ($6.95/month or $34/year) lets you hide your IP address and browse the web without ads or trackers getting your info (IP address, location, what kind of device you’re using).
One account can protect your laptop, phone, and tablet when you sign up and install the app on your browser and iOS or Android device.
Remember: Always screen locked on your devices if you’re stepping away – even for a few minutes.
Related: How to Safeguard Your Data From Searches (The New York Times), Privacy 101: Why You Need a VPN (PC Mag), Worried about companies spying on your browsing? Here’s what you can do (CNN), The Best VPN Services (MakeUseOf)
that thing all things up
All of your hard work can be gone just like that. You don’t want to start from scratch if your device is lost, stolen, or damaged. So add your files, photos, and apps to the cloud storage. Backblaze ($5/month or $45/year) has unlimited cloud storage for your Mac or PC.
Just download the app + it will copy everything on your laptop to the cloud. You’ll have a full backup of your laptop where you can get access to your files from your iOS or Android. And when you make changes or add a new file, it runs in the background and autosaves it for you.
You can also locate your computer if it’s lost or stolen. And if you need to restore a backup, Backblaze can send you a hard drive with all of your data so you can upload everything to your new device.
Tip: For a mini backup solution, don’t forget to save your important files (contracts, proposals, client list) to Dropbox or Google Drive. Check out 101+ Free to Affordable Business Tools for other tools you can use for your business.
Secure accounts + get notifications
Many accounts like Gmail or banks offer something called Two-factor Authentication (2FA). This lets you take an extra step to verify that it’s you.
For example, logging in to your Capital One account with your username and password, the app will ask you to enter a 6-digit code (sent via email or text) to gain access to your account.
Some social media accounts will send you a link to the email or phone that’s linked to the account. Clicking that link will confirm it’s you and then takes you to the page you’re trying to view.
Look under security settings on your profiles to set up 2FA or use Google Authenticator. You can also sign up for email alerts so you’ll know if someone is trying to log in to your account.
Update your desktops + mobile devices
To protect your computer from viruses and malware, make sure you install any updates for your operating system (Windows or Android), anti-virus software, and enable firewalls.
If you’re on a Windows device, go to Settings > Update & Security > Windows Defender then Security Center to keep your desktop protected.
For your Android device, Lookout takes care of malware scans on your apps, protects your data from threats, backs up your contacts, and locate your device if it gets lost or stolen (must turn on your location settings).
For Mac users, go through The Ultimate Mac Security Guide: 20 Ways to Protect Yourself for tips.
Keep your website up and running
Just like your desktop and devices, your website needs to be protected and updated. Hackers can find ways to hack into your site and install malware that can send your visitors to another site, add spam links, and mess with your Google ranking.
Use plugins like BackWPup or Updraft Plus to back up your website. You can save a full backup (database, theme, plugins, posts, settings) to Dropbox or Google Drive. And choose from one of the 12 Best WordPress Security Plugins to Keep Your Site Secure.
If your username is “test”, “admin”, or domain name (yourwebsite.com), you can change it to a username that’s hard for hackers to figure out or your email. Use LastPass to generate a strong password. And after you back up your site, you can delete that admin, test, domain name account.
Tip: Create an Editor account for when you or your writer need to publish a blog post, for example. So only you and your web developer will have access to use your Admin account for tech updates. After you backup your site, go to Users to add or delete a user.
Turn on your alerts so you’ll know what’s going on behind the scenes. Also go through your security settings on Jetpack to handle login attempts and spam comments. And for extra security, use Google Authenticator to log in to your account.
After backing up your site, always keep your plugins and theme updated (and delete the ones that you’re not using). Some web hosts like Siteground automatically updates to the latest version of WordPress. And having a backup helps so if the latest update messes up your website, you can restore the last update to fix the problem.
If you’re having problems logging in to your dashboard, scan your site with the Sucuri SiteCheck scanner. It will check the website for known malware, blacklisting status, website errors, and out-of-date software for free.
If you’re hacked you can follow the directions to clean up your site or use their service to do it for you.
There’s also WP Fix It and they can clean up + secure the site to prevent future infections.
Related: 7 Signs Your WordPress Website Has Been Hacked (Domain Name Wire)
For the tech-intimidated, hire a dope developer that can take care of all of that for you.
If you’re handling sensitive info like credit cards, you can get a SSL certificate which will encrypt any personal info that’s being transmitted on your website. Learn how to How to Install an SSL Certificate or use Let’s Encrypt. Some web hosts like Siteground offer free SSL for your site.
Tip: Try Hover or Google Domains to keep your contact info private. Prices start at $12/year and privacy is included. And use the password generator to create strong passwords for your web host and domain name accounts.
Most important thing to remember: Backup then update.
– Keep clients + team members in the loop
Let’s not pull an Equifax and wait until months later to tell your customers/clients. Notify your clients, team, and contractors ASAP. Let them know about your security issues and what steps they may need to take to protect themselves (reset passwords, close accounts). You want to keep your data safe but if you have access to SSN/Employee IDs, credit cards, and contact info, you should also let them know what’s going on.
– Know what’s going on around the web
Sign up for emails from your web host, WP Beginner, Small Business Administration, Inc.com, and Private Internet Access Blog. Sign up for Google Alerts and get notified when someone posts on WordPress security, cybersecurity, or whatever topic you’re interested in.
– Privacy on your browser
Is Chrome your default browser? Click the 3 dots that are under the close button (X), go to settings, and click Advanced on the bottom of the page. Then go through the options to make changes to your privacy settings – turning on settings for “Send a “Do not track” request with your browsing traffic” and “Protect your and your device from dangerous sites”. Want to keep your searches private? Use DuckDuckGo for your search engine.
Things happen. Things get hacked or stolen. You want to prepare for the worst-case scenarios so make sure you take the time out of the day or on your next break so your business can keep going + growing with no problems.
Don’t forget to pin this to your business boards if you found this helpful!