How to protect your business from online hackers
Before we dive in on how to protect your business from online hackers, we want to take a moment to speak about a devastating experience that one of our past clients recently faced. An experience every small business dreads.
By now you have probably heard that the well known and loved small business, Chalke Valley Soaps, recently had their Facebook and Instagram account hacked and consequently taken down. Helga, the amazing lady and founder of Chalke Valley Soaps, had worked tremendously hard over the past 1.5 years to build and grow her community, reaching an impressive 35K follower base that was used as the business's main source of customers.
Chalke Valley Soaps account wasn’t just about the followers and customers though, the sentiment lay's within the documentation of their business's precious journey from the moment it was born to the day it was hacked. And for one whole week, all of that was gone.
So, not only were Helga's accounts removed in an instant, taking her source of income with them but so were her business's online memories.
Thankfully, after an incredibly stressful week, Helga was able to regain control of her Facebook and Instagram account, but sadly others aren't so lucky.
With over 2,200 online attacks taking place every day, we are constantly seeing small businesses losing what they had worked so hard to build, often losing their source of income too. Will you join that statistic? Well, we're here today to make sure you don't.
We are going to cover, in detail, how you can protect your business from online hackers and how you can be sure you won't be the next business to lose the valuable work that you have spent years building.
Here are six ways to protect your business from online hackers, starting today.
Securely Generated Passwords
No doubt someone has mentioned to you before how important passwords are, but more often than not it’s shrugged off and you carry on using that one same password across all accounts and devices, or if it’s not exactly the same password, it’s a variation of it in one form or another. But is that safe? Is it safe even if you use different passwords though?
The simple answer is no. The only way to be safe when it comes to passwords is by using unique securely generated passwords, alongside other security measures (which we will talk about next).
Securely generated passwords aren’t passwords made up of words, dates, or numbers. They are exactly what it says on the tin: secure, meaning they are much harder to crack.
Securely generated passwords are made up of a random sequence of numbers, letters and characters.
Here’s an example my password manager has generated for me today to use in this blog post:
Securely generated password: kS$#G45845Bpk9&g
You can see what I mean now, can’t you?
There’s no way a human could ever guess that password themselves, it truly is ‘secure’. Even if a person is using a computer programme to brute-force attack your account (running different sequences to crack your password), then your securely generated password will be much harder to crack than a normal one, providing you with your first layer of defence.
Tip: Always create unique securely generated passwords and never use the same password for any account. Using the same password for multiple accounts creates a weakness in your security as if one password is cracked - so would every other account using that password.
Now that we've discussed your passwords and lured you into thinking that may be all the security you need, as it sounds pretty secure, right? Wrong. You need to know that even securely generated passwords alone are still not enough. Sorry! Passwords are just the first wall of defence!
The next tool that’s essential to protect yourself from hackers, alongside your unique securely generated passwords, is 2 Factor Authentication(2FA).
2 Factor Authentication (2FA)
No matter how good your passwords are, there will always be a slight chance that your passwords may be compromised. From data breaches in companies to viruses and malicious code on your computers, there is a chance that your passwords could become exposed to hackers. This is why your passwords are just the first wall of defence, now you need to set up your second wall of defence: 2 Factor Authentication (2FA).
2 Factor Authentication (2FA) is where a randomly generated unique code is required, alongside your password, to access your account. Without this code, neither you or a hacker can access your account.
2FA comes in many forms, one of which is via a text message being sent directly from your account to your mobile, providing you with your unique code to log into your account. Another form of 2FA is through a secure authentication ID application that generates a code for you, which you then enter into your account when logging in.
We highly recommend the second form of 2FA, a secure authentication ID application, as this application can be downloaded onto multiple devices and you are not limited to your mobile phone.
2 Factor Authentication really is your second wall of defence, as whilst your password may be stolen or cracked, it is incredibly hard for a hacker to gain access to your unique code too; forming an optimal security system.
Finally, the last area and final wall of defence that’s essential when it comes to your account security is your password manager itself.
More often than not, we will store our passwords on the password manager that is set up on our device. This can range from Apple Keychain, Google Password Manager/Smart Lock or Windows Credential Manager, but are they safe?
That question isn’t entirely easy to answer, as whilst some, like Apple Keychain, are working tremendously hard to protect their users, there are still vulnerabilities and setbacks in usability.
The safest and easiest way to store your passwords though, across all devices, is by utilising an encrypted password manager. Not only does this provide you with full security protection, but it means that if the password manager itself is ever hacked then your information is encrypted and inaccessible, meaning your passwords are 100% secure. It also has the added benefit of ease of access, providing you with instant access to your passwords on any device when logged in, whether that’s your phone, laptop, tablet or computer.
Let's also not forget the fact that the only password you will ever need to remember is the password to your password manager. That's one password instead of hundreds.
Is this security extreme?
Securely generated passwords…. 2 Factor Authentication… Encrypted password managers…
I know, you’re thinking “isn’t this all a little extreme? Isn’t it going to take me forever just to log in to one account?”.
Our answer to both of those questions is no.
No, it isn't extreme. It may feel like it at first because it's highly unlikely you will have ever needed such high security. But when it comes to your business, you must take every measure to protect it. Your business is your income and your community, and if it was hacked it could all disappear in an instant. Our goal is to make sure that never happens.
Thankfully though, this level of security doesn't need to mean that it will take you forever to log into your accounts! By utilising excellent security software, you can log in to your accounts instantaneously.
Here's our top recommendation of which software to use.
Our password & authentication software recommendation
The application we recommend, for all three areas of your security system (Securely Generated Unique Passwords, Authentication ID & Encrypted Storage), is a software called LastPass.
LastPass not only provides you with an optimal security system, but it also provides you with a way to log into your accounts quickly and efficiently. Utilising both Touch ID and Facial Recognition Software, LastPass can log you into your account in an instant.
With 30 million people using LastPass on a daily basis, we are confident we are using the best security system out there and that you will be too.
LastPass offers a range of accounts, and to make it easier for you to know which to try, we have listed the two best accounts below for you as a small business.
Premium - £2.60 a month (charged annually)
Whilst LastPass does have a free tier, the free tier does not provide you with the ability to store and access passwords on multiple devices. As a business, it is essential you have access to your passwords on every device, whether that's your laptop or tablet for accessing your website, your online orders and emails, or your phone for your social media accounts and emails too. Premium provides you with an unlimited amount of devices, meaning you can use it on your laptop, desktop, tablet, phone and even your watch, instead of just one.
Please note by clicking this link, if you sign up to a premium account we will receive a small commission - this does not affect the price of your account.
Teams - £3.40 a month (charged annually)
With premium offering you all of the features you need to keep your business secure, across all devices, what it doesn't offer is the ability to have team members. As a business, when you grow, it's highly likely you will have a team, whether that be a two-person team or a ten-person team. Either way, Teams offers you the ability to run your business securely and easily, providing each member of your team access to their own 'vault' (security management) and the necessary passwords to run their department.
Please note by clicking this link, if you sign up to a 'teams' account we will receive a small commission - this does not affect the price of your account.
3 other ways to protect your business from hackers
Whilst password security should and always will be at the top of your list for protecting your business from hackers, there are other methods of hacking you need to be aware of to be able to protect yourself and your business in all areas.
Here are three more ways you can protect your business.
Be on the lookout for phishing
First of all, what is phishing? Whether you have heard the name or not, it's highly likely you have been the target of a phishing attack.
Have you ever received a text message from parcel deliveries, requesting you 'click this link' to 'rearrange your missed delivery'? Or have you received an email from your bank informing you that your account is being closed down and you need to take immediate action? Another popular one that we frequently receive is that 'Your Apple Account has been locked' and you need to 'click here' to reactivate it. Or, there are others that can very convincingly look like PayPal, Amazon, Facebook, Instagram, or other official companies. The list goes on and on. What do they have in common? They are all examples of phishing.
Phishing is where hackers will hide their identity and pretend to be somebody else in order to get you to take action. Often this is through clicking a link that then either encourages you to provide further information, often enabling the hackers to steal your identity and commit fraud, or the link enables the hackers to send malicious software to take down your device and steal your data.
Sadly, this form of hacking and theft happens every day and the hackers are becoming more and more convincing as time goes on. So, the question is; how do you know if an email or message is legit?
Unfortunately, it is difficult, but here are some methods that may help:
- Check the email address, is it legitimate?
- Is the email address urging you to take action? An email from an official company will never demand you complete an action or scare you into action.
- Never download an email file you was not expecting or click a suspicious link. Your friends can fall victim to hackers and have their email accounts taken over to send out harmful links or files. So always be on the lookout, even with emails or messages sent from your own friends, family, coworkers, etc.
- If you have received an email that appears to be legitimate, check with the provider before completing an action. Do not use the contact information on the email.
- Is the mobile number a recognised number showing the companies name? Hackers will use unknown numbers or mobile numbers to send out harmful and deceiving messages.
- Is the link legitimate? Whilst the message may be incredibly good and deceiving, often the link hackers attach to the message can still be spotted as suspicious. For example, an official Amazon link would be 'www.amazon.com' but a hacker may set one up titled 'www.amazon-deals.com'. Hackers also use link shortening software, such as xtinyurl, Bit.ly or Goo.gl to form small links that are made up of random characters.
The best course of action is to think before you click, take your time to analyse the email or message, rather than instantly taking action or responding. And if you still aren't sure, do not take action.
Sometimes, we can still fall victim to phishing even when we are on the lookout. So here are two more points to keep in mind.
- If you have clicked on the link, does it request personal information such as your name, date of birth, email address or home/work address? All of these details, when given together, can be enough to steal your identity and commit fraud.
- If you have clicked on the link, does it request you to pay a fee to retrieve information or rearrange a delivery? If so, never enter your details. Official companies will not request this.
With phishing becoming more and more popular among hackers, you will be targeted. It is inevitable. But with this information, you can stay alert and protect both your personal details and devices, as well as your businesses.
Update your applications and devices
We use our devices daily, alongside the programs and applications on them. Whether that's in the form of our email app, our social media apps, our internet browsers, our games, or any other number of applications and programs. We all use them.
And just as we are using our devices, programs and applications daily, so are hackers. They are constantly looking for ways to get into them and gain access to our personal information.
Thankfully, the software developers of our phones, tablets and computers, as well as the software developers of the programs and applications we use on them, are all working hard, constantly, to combat hackers and maintain a high level of security.
Often, this high level of security is provided through updates to our devices, programs and applications, as vulnerabilities can be located and then fixed within the update.
So it is essential to keep on top of these updates to receive the highest level of security. As without installing these updates, you may be leaving a door open for a hacker to walk through and steal your information.
Use AntiVirus Software
No matter what operating systems you use, whether it’s Windows, Mac or Linux, you must use antivirus software to ensure that you are protected from the modern attacks that hackers use.
Antivirus software is designed to detect, prevent and take action against malicious software on your computer. As even if you are careful about what websites you visit and what you download when using the internet, you are always at risk of coming into contact with a virus.
Antivirus software runs quietly in the background, constantly checking your computer, files and everything you do to see if there are any viruses or malware trying to attack you and gain access to your computer.
Antivirus is like insurance, you hope you never need it, but one day you may well be very thankful you have it.
A final recommendation
ClearScore: Credit Reports & ID Monitoring
ClearScore is widely known for its ability to provide you with a credit report and information on what credit cards, loans and banks you are signed up to. However, ClearScore also provides their account holders with free ID monitoring reports to check that your passwords have not been compromised on the dark web. Also, with the ability to have automatic alerts set up, you can be instantly informed of any breaches so that you can update passwords, accounts and banks immediately and avoid any further data breaches. Whilst we have an optimal security system in place at E-commerce Artisans, we regularly check our ID Monitoring with ClearScore to ensure we have constant awareness, just in case.
Your to-do list to protect your business
Now that you've read through our blog post, it's time to put what you've learned into action!
We've put together a free checklist to help you work through each essential step, and so that you can know you have done everything you can to proctect your business from online hackers.