In this post, I am going to share some more information about a very important topic when it comes to development, namely security. In one of my most popular posts, I shared a 27 point checklist of everything that you need to know when it comes to starting your own blog, an important part of this list is dedicated to security.
Before I go into more detail I want to share a story. Today one of my friends contacted me that his phone had been hacked and he was a victim of an aggressive kind of malware. This malware was so aggressive that ultimately there was no other choice but to do a hard reboot of his phone, losing all his information in the process. Can be this be prevented completely, maybe not, but there are a lot of things that you can do to protect yourself.
Why is online security an important topic?
Everything you do online could pose a potential security risk and could impact all your information and data. Any small opening could potentially impact many aspects of your online presence which should be enough to keep you up at night when you have an online business.
Looking at my personal situation, I have tons of different websites, affiliate marketing accounts, services I use, email addresses and apps that I use to run my business. In case there is a security threat, my entire business is potentially at risk, something I can not afford to happen.
When it comes to security there is no such thing as a 100% safe, however, there are a lot of things that you could do to mitigate the risks of being hacked. In this post, I am going to share some important tips for when it comes to security.
How to Secure Yourself?
Now that we have established that online security is a vital aspect of running a business, I want to shift the focus to tips and tricks that you can implement to protect yourself. I have categorized these tips and tricks to make it easier to comprehend. So without further ado, let’s get started!
General Security Tips & Tricks
1. Be careful with WiFi
As an avid traveler myself, I am no stranger to public WI-FI, yet it makes me very uncomfortable. Call me paranoid or overly secure, but I am very cautious when it comes to using free/public WI-FI.
I realize that for many people public WI-FI is something that they deal with every day. Maybe they use public WI-FI during their daily commute, or maybe while working in a coffee shop or a public place. I understand the temptation to use such internet connection to get some more work done on the go, or to simply switch the environment where you do your work. However, I personally refrain from doing so, unless I really have to.
The reason I do not use public WI-FI is because unlike your home network, public WI-FI does not have an encrypted connection in most cases. When you use your home network, your connection is encrypted, meaning that people, even on your network, are less likely to view the data between your device and the internet, this is not the case when it comes to public WI-FI.
If you use public WI-FI you voluntarily expose yourself and your online business to an enormous security risk. I would highly recommend using public WI-FI altogether. If you do find yourself working outside your home or office network you can consider the following:
- Leave your device disconnected from the internet when you do not absolutely require an internet connection;
- Use your phone network as a hotspot, yes it is more expensive but if you really have to it is better to spend a little bit more money than exposing your online business to a security risk;
Bonus tip: When you really have to use public WI-FI consider to use a VPN client. A VPN client makes your connection private by anonymizing it, this helps you to make your connection more secure. Most reliable VPN clients cost money, VPN service is not an area to save money. Installing bad software or even malware on your computer hidden as free VPN could pose an even bigger security risk.
Personally, I have been using Astrill for over three years and I never had any problems with them. I found their service very reliable, fast and plenty of different options when it comes to servers. What is suitable for you depends on your personal needs and budget.
2. Use complicated passwords
Passwords and password protection are vital when it comes to your online security. Among the most popular passwords are variations based on; password, 12345 and qwerty. Over 75% of respondents of a recent study used duplicate passwords for different accounts. This is very serious.
Weak passwords can mean that your accounts are easier to hack and your data can be compromised. A duplicate password makes this even worse, a hacker now only has to hack one password to access several accounts. In other words, they might be able to not only hack your email but also your WordPress installation and affiliate accounts. That could seriously cripple your business.
For online entrepreneurs passwords are even more important than for the average internet user. Your passwords protect your livelihood and everything that you have worked so hard for. Imagine the damage that you and your business could be exposed to in case something happens.
Having an online business unfortunately also means the vast amount of different accounts and passwords that you are required to remember in order to operate your business. If I am only considering my business related accounts that I have, it would be almost impossible to remember even with an eidetic memory.
The answer to this problem is a password manager. A password manager allows you to use unique and very strong passwords for all your different accounts. Passwords will be saved in encrypted files, meaning that without encryption key your passwords are not visible. I understand that having yet to buy another software or tool
I understand that having yet to buy another software or tool can be a financial burden for you or your business, however, security is not something to save money on. There are a lot of different tools out there, 1Password and LastPass being the popular options.
3. Secure your home network
A secure home network means that all devices connected to this network have safe connections, both to each other and the internet. Make sure that the connection through your router is encrypted so that data is not visible.
The more devices that use your network, the more complex your home network potentially gets. For example, when you use a network storage for backup purposes, you might want to consider to limit access to this said storage.
Use a separate guest network for visitors and try to separate your business environment from the personal/leisure environment in your network. Of course the extent to which this is important also depends on the type and sensitivity of your business.
For more tips about securing your home network please refer to this easy and comprehensive guide.
4. Firewall and Anti-Virus tools
Firewalls and anti-virus software add another layer of security to your devices. They help to protect your computer against malware, adware, hacks and malicious software. Having a decent firewall and anti-virus software on your computer is vital to its security.
Let’s use home security as an analogy. You can put all the locks, bolts, alarms, lights and security measures around your home, but if someone really wants to break in, they can. But if your neighbor leaves their windows open, it is more likely that their house is targeted instead of yours. Using security measures decreases the likelihood that your property is targetted, but there is no such thing is completely secure.
The same goes for the adage that Mac does not require security. While it is true that most Mac’s are less/not prone to (Windows based) malware, there always is a possibility to be targetted. Using the internet always come with a certain risk, while this risk is marginal it is important to realize that there is no such thing as completely protected. For a peace of mind, you could consider getting anti-virus software for Mac if you have a lot to lose it’s a small price to pay.
You may also want to check with your internet service provider (ISP) if they offer professional grade firewall protection and anti-virus. There is an increasing number of ISPs that offer such services included in their packages.
5. Be careful of Phishing
Phishing is the fraudulent act of scammers that pretend to be a certain company through emails, phone calls or even fake websites. Usually, these scammers reach out to you with the request to update your account information or you will risk losing your account/information. If you follow their links or guidance they will be able to steal your information.
Phishing scammers can pretend to be a range of different companies, from banks to hosting providers and from software developers to your local florist. It is very important that you recognize fake emails and that you only take actions on protected websites.
The image above shows that the connection to this particular website is private and that the security certificate has been verified. It is important that you ensure that you use verified websites when accessing important personal accounts.
Personally, I never take action directly from an email that I receive. For example, an affiliate sends me a notification that I made a new sale when I want to check this information I simply directly access their portal, of course while verifying that the connection is private and secure. I do the same with all my other important accounts.
6. Use software from trusted developers
Be careful with installing software by unknown developers as they could potentially expose you to serious security threats. Only purchase software through verified marketplaces and developers and do not install any illegal software on your devices.
Be very careful when it comes to hacked or cracked software, aside that using cracked software is illegal, it could also open a backdoor to your system. Often hacked or cracked software uses a small software program to bypass security, the same program could be used to bypass your own security.
Not sure if you want a particular software, try to borrow it from a friend or see if there is an official demo available if you have an online business it is simply not worth the risks.
Website Security Related Tips & Tricks
7. Keep your website updated
In a recent post, I talked about the importance of updating your website, it is crucial that you make running your updates a habit. If you run your website on WordPress you can use auto updates so that you are always ensured to have the latest version installed.
Most updates of just about anything are focused on two different things, 1) fixing bugs and security issues and 2) adding new features. Even if you do not care about new features, you should care about fixing bugs and security issues.
My hosting company of choice, SiteGround, offers an auto-update service for all my WordPress installations. Once they have updated my websites to the latest version I simply receive a confirmation that everything is updated.
8. Limit the number of plugins
The more plugins you have installed on your WordPress installation the bigger the risk that you run into problems. WordPress is open-source, meaning that anyone can make changes and offer their plugins.
Plugins could pose security risks on two different aspects, 1) the plugin is from an untrustworthy developer, or 2) the plugin is not frequently updated and because vulnerable. The key when it comes to plugins is to balance the functionalities that you want to add while keeping security and performance in mind.
Try to keep the number of plugins limited and always choose for plugins that are frequently updated and have a large user base, this will mitigate potential security risks.
9. Make use of security plugins
There are several plugins out there that help you to protect yourself against security issues for your WordPress website. There are a plethora of free and premium WordPress plugins available that help you to secure your website.
One of the most popular plugins to protect you against brute-force attacks (automated bots that fire a series of login attempts at your site, red.) is included in the Jetpack plugin, which is also from the same developers as WordPress. I would highly recommend using the Jetpack plugin to as basic protection of your website, their Akismet plugin is great additional and helps you to combat comment spam!
The most popular WordPress security plugin is Wordfence security, which features blocking, login security, security scanning, WordPress firewall and monitoring options to analyze the security of your website. This plugin is free to use but offers a premium version for premium support and access to advanced settings and automation.
If you are looking for premium and high-grade professional security for your website you can check out Sucuri. Sucuri has a free plugin that requires some configuration to set it up and they also offer advanced support in their premium plans. Sucuri offers a free malware and security scanner to help you to identify potential problems with your website.
It is important to know what your options are in terms of security plugins. For smaller websites and for those that are just starting out a free plugin might do the trick. As you get bigger and are more likely to become a target, it might be a choice to work with a premium security company.
10. Keep your backups
In case something goes wrong you will want to have the assurance that you will be able to restore your website. Backups are as much a layer of protection for your business as they are for a piece of mind. You never know when disaster strikes and having regular backups could help you get up and running in no time.
There are several plugins and tools that can help you to backup your website, ranging from free to paid plans, depending on your specific needs. A popular paid plugin is BackupBuddy and they offer different plans for different types of users.
A free solution to backup your website is the Duplicator plugin that I have discussed in earlier tutorials. The backup process is not automated but the process itself is very easy and straightforward. This is suitable for those that are not doing daily updates and that manage only a few websites.
Regardless of the backup solution you choose, be sure to keep a backup locally and in the cloud, doing this you will always have access.
Server Security Related Tips & Tricks
11. Choose the right hosting partner
Choosing the right hosting service provider goes a long way. A hosting company dislikes security problems as much as you do and will do anything in its power to mitigate risks. Now, most big hosting companies have measures in place but be sure to also consider other aspects such as customer service and response time.
I am personally using SiteGround because they have resolved any issues I had in less than an hour, auto update all my websites and automatically backup all my websites daily. In case something happens they also guarantee to restore my work, I sleep better at night.
12. Be careful with hosting multiple websites on the same server
Every website you host on a server can be a potential opening for hackers or for those with malicious motives. The same goes for every plugin installed on all those different websites. Now let’s say you have a hosting account that hosts 10 different websites that each have 10 plugins installed, that is 100 potential security risks in case
Now let’s say you have a hosting account that hosts 10 different websites that each have 10 plugins installed, that is 100 potential security risks in case you forget to run your updates. It does not stop with security risks of plugins alone, you also risk that one website is hacked and you experience a domino effect where other websites are also compromised.
Try to remove inactive websites from your hosting account and aim to keep the number as low as possible. If you have to host several websites on one account, remember that updates are crucial.
So there you have it, 12 tips and tricks that you can implement right now to upgrade the security of your online business. There is no such thing as 100% secure, security is all about putting to safeguards in place. If you make security a habit, you will significantly decrease the likelihood that you will become the victim of cybercrime. What are the security measures that you use to protect your business, let me know in the comments below!
I hope that these tips prove useful to you and good luck with implementing them right away! The 12 points above by all means constitute a modest list, I am looking forward hearing your additional suggestions to help fellow online entrepreneurs protect their online business.
Thanks in advance for sharing and stay safe!