When we start following our dreams of building a business, we get emerged in the flow. We are inspired and excited about this new chapter in our life. We are flooded with enthusiasm and joy. And then, we get really, really busy. There is lots of work that needs to get done in so many areas; many of them we never had to do before and are just not familiar with.
Security matters is one of those areas. For a solopreneur, security often isn’t top of mind until their website is hacked or a computer dies and leaves a big black hole.
To put it bluntly, there is no miracle way to absolutely prevent an attack or accident from ever happening, but there are some solid steps that can be taken to minimize your risk of having a security issue leave a negative impact on your business.
There are four basic building blocks that make up a business security strategy:
- an awareness of keeping your website protected from common security threats
- the habit of creating regular backups
- the responsible use of cloud data storage applications, and
- the use of secure passwords
It’s never too early to start putting these steps in place. Let’s dive in.
1. Apply website security
Making sure a website is protected against common threats is a key step in establishing a business that’s seen as trustworthy. Many entrepreneurs understand the urgency behind this topic, yet they lack the knowledge of how to implement basic security features on their websites.
A fair majority of websites are run on WordPress today, which is fortunate as the software is pretty safe in and of itself. However, there are always possibilities for hackers to access other people’s WordPress applications, from themes to plugins. And it most often has to do with users not taking the required steps for an appropriate security setup.
Reasons for this are manifold. Not being very tech-savvy and not knowing how to get started is one cause — but let’s not let that be yours. Here are some steps I recommend to everyone in order to close commonly weak security spots:
- Delete the default admin user from the system: the “admin” user is the user — that is, the account that has the username “admin” — that is most commonly attacked by hackers. Not having this username in your system at all closes a security hole. To remove this user, I suggest you create a new user with administrator rights first, and then delete the admin user. To create a new user, go to Users in the WordPress menu and click on Add New. Provide name, password and email for the new user, and choose the role Administrator. Now, log out of WordPress and log in with the newly created user. Go again to the Users menu and then All Users. You can now delete the admin-user from the system. (For an in-depth tutorial, go here.)
- Create a strong password. We’ll get further into what makes a solid password below.
- Secure your login screen. There are phases from time to time when WordPress sites all over the web notice massive attacks. An excellent way to protect your site from bots that try to enter your site by massive brute attacks is to install a plugin that puts some sort of captcha onto your login screen.
- Keep your WP software, the theme and the plugins up to date. The best way to maintain a secure application is by updating all the components your website is made of. Keep an eye on the little update notification in the top left area in your WP dashboard and apply the updates as soon as possible.
- Delete unused/inactive plugins and themes. This is also a common entry point into WordPress applications. Remove the pre-installed themes from WordPress (if you are not using them) and delete plugins that you don’t really need.
- Install one or two security plugins and follow their instructions to secure your site. There are a handful of very good plugins that will take care of security threats on your website. WordFence Security is the most downloaded security plugin for WordPress, and even its free version is pretty powerful. Other recommended security plugins are Sucuri Security, iThemes Security or Acunetix WP Security.
2. Create regular backups
Even though it’s not that rare of an event that a computer’s hard drive or external hard drive dies or a website is hacked, it’s surprising just how many businesses don’t get into the habit of backing up their data.
In your online business, there are basically two areas that could be affected by a digital calamity: your computer and your website. Having a backup on hand that can replace a corrupted website or a dead hard drive is an incredibly valuable thing.
Here’s what I recommend for every solopreneur or online business:
- Invest a few dollars into two external hard drives (1-2 TerraByte each)
- Commit yourself to a backup schedule: run computer backups on a weekly and monthly schedule (one hard drive for weekly; one hard drive for monthly backups)
- Get familiar with a professional backup software that you can schedule accordingly (TimeMachine is great for Mac computers)
What applies to backing up your computer’s files is also true for your website files.
Your website is the central spot of your business. Developing the habit of backing up your website won’t take away the risk of any one of the imaginable ways your website data could suddenly be lost, but it will make recovery an easy option.
Running backups is a different matter depending on which platform your website is run on. If you have used a website builder (e.g. Weebly, Wix, SquareSpace) to create your website, you might be bound by the website’s builder rules. I recommend contacting their support hotline to find out how backups are handled, and how much control you have over what is happening with the backups created. It’s often a disadvantage of website builders that the users are not in control of their own data.
Working with WordPress allows users to take steps on their own with little effort to backup their website’s data. The best option is the installation of a plugin that can schedule backup runs and store them in cloud storage or locally on a computer, such as:
- BackupBuddy – $$ – A popular, premium plugin that lets you backup your site and easily schedule upcoming backups. You are licensed to use the plugin on the number of sites mentioned in your plan. You get access to premium support forums, updates, and 1GB of cloud storage to store your backups.
- BackWPUp – Free – A plugin that is extremely easy to use and allows you to schedule automatic backups according to your site’s update frequency.
- UpdraftPlus – Free – The #1 most installed WP backup plugin with a 4.9 star rating (out of 5).
- VaultPress – $$ – A subscription-based service from the makers of WordPress that offers automated, real-time cloud backup solution starting at $5/month.
3. Cloud data storage
Cloud services are amazing: They allow us to save our data in a very convenient way, and make our files accessible everywhere and anytime. Using services like Dropbox, Google Docs or Box to store our data offers more effective and collaborative working routines that weren’t possible before.
But let’s also be aware that by using them, we give up several layers of control.
Being realistic here, none of us have the time to study vendor policies, so making an informed decision is a tough thing to do. But you can put certain parameters in place to protect yourself. I recommend you use a multi-faceted strategy:
- Don’t save anything in the cloud that contains confidential data for yourself or your business
- If you really need to store some of your confidential files online, either encrypt those files before uploading them, or choose a file storage service that provides secure encryption to protect your files. SpiderOak and Wuala are both secure cloud storage applications that encrypt your files before upload. All you need to do to encrypt your data is have a solid password available; both storage applications encrypt your data before upload. Witkit is another data storage, but also a collaboration platform with highly sophisticated security features that uses end-to-end encryption for all your data.
- Don’t use the same password for all of your cloud applications and apply a safe password strategy (see below)
4. The art of creating secure passwords
It’s easy to get overwhelmed by the sheer amount of passwords to memorize for the dozens of applications we all use.
Here’s the sad truth, though: when Adobe got hacked and the list of passwords circulated, the amount of accounts using ‘123456’ or ‘password’ as their choice of security was amazing. When these lists circulate in the dark web, together with the associated email addresses, it is all too easy to connect the dots and use the same combination on other web applications.
To prevent your personal accounts being hacked and your business being affected by it — and vice versa — it makes sense to invest 10 minutes to learn about a password strategy that is safe. This technique creates safe passwords that are easily adjustable and easy to remember.
Here’s how it works:
- Choose a long-tailed word first, that preferably cannot be found in any dictionary. The purpose is that it cannot be figured out by trial and error, so it’s time to get creative and have some fun here. (Mine below: BananaTeahouse)
- To add an additional layer of security to it, add a 2-4 digit number (to be placed at the beginning, end or middle), as well as one special character and at least one capital letter.
Example: “73BananaTeahouse%”. That is your password basis and all you need to remember for now.
- Next, set up a rule of how to implement parts of the website’s domain name into your master password, so you know which password goes with which site. For example, use the first and second letter of the site name and add it to your password basis. Optionally, you can also add up the number of letters in the site’s name and add it to the end of your password.
Example: if you were applying this to a password for Dropbox, then your “individualized” Dropbox password would be: ’73BananaTeahouse%dr7′.
You can, of course, make adjustments to the letter and number combinations, or even include a simple mathematical series instead of a number if you are good with mental arithmetic. But surely, with this method you can quickly and easily create unique passwords for any service you use, and can be assured you have handled the password part of your business’ security strategy with the appropriate responsibility.
Take a multi-faceted approach
A business’ security strategy is all about the preservation of the confidentiality, integrity and accessibility of your information.
Many solopreneurs are not aware of potential security risks and therefore don’t prioritize the improvement of their online security for future business growth. Managing these risks by developing the habit of applying website security, creating regular backups, and using responsible authentication techniques, are solid steps toward protecting your data. The most dangerous thing you can do? Disregard potential threats. There’s no better time to start mitigating your risks than today.
Latest posts by Katrin Anger (see all)
- The 4 Building Blocks of your Solo Business’ Security Strategy – November 10, 2015