I was reading an article in the local newspaper the other day about the rise of hacking attacks on small business websites. As it turns out, small businesses are a fun target for hackers!
The article came with the usual warnings about using strong passwords, not writing passwords down (seriously? who can remember all of them??), not sharing access with people who don’t absolutely need it, and using secure website hosting.
In many ways, it reminded me of the many safety briefings and training courses in our industry. We’re all aware that “safety first” is a critical part of the work, and that a poor safety culture leads to unnecessary injuries, lost time, increased Worker’s Comp insurance rates, and even worse.
So what if we think about our company’s online work in the same way as we do our IRL work (“in real life” for those of you may not be familiar with all of today’s online jargon)?
Our websites, social media accounts, email addresses, Angie’s List profiles, etc. are important assets for the business (just like our people) and are vulnerable to “injury” if we don’t make online safety a priority.
I recently heard Terry Mathis, founder of ProAct Safety, speak about building a safety culture. He focused on three things
- Identifying what can hurt you.
- Determining how to prevent it from hurting you.
- Figuring out what you can do to consistently take relevant precautions.
So how do those apply in the online world?
Step 1: Risk Identification
First, we need to understand the types of online injuries we can experience and what causes them.
According to Terry, those fall into two areas – conditional (the conditions or situations that increase risk) and behavioral (what we do to make the risk higher or lower).
Here are a few of the conditions that put you at risk online:
- a hosting platform that’s vulnerable to attack
- old technology and software that doesn’t have the latest security features
- unclear (or no) processes for how to do things online, so everyone on your team does it differently
- outdated or missing information on your online profiles, websites and accounts
- weak passwords (the three most commonly-used passwords are 123456, qwerty and password – if you use one of those, change it now!)
Behaviors that increase the risk of online injury include:
- always leaving your computer, laptop, tablet or phone on, even when it’s not in your full view (this is especially problematic if your device isn’t password protected)
- failing to update your software, apps, plugins etc. when a new release is available
- using the same password on all accounts
- sharing your password with others
- writing your password down, even if you think you’ve put it in a safe place
- never checking your online accounts to make sure they’re up-to-date and working properly
- not responding to emails, online reviews or comments (particularly negative ones)
Step 2: Injury Prevention
How do you prevent those conditions from occurring? Or change the behaviors to deal with the conditions?
Other than permanently turning off all connection to the internet and never going online, there’s nothing you can do to 100% eliminate online risk.
If you find yourself in any of the situations above, or recognize your own behaviors in the list, then it’s only a matter of time before you will get hurt.
So your best course of action is to take precautions before the situation or behavior occurs.
Step 3: Reasonable Precautions To Keep You Safe
If you knew that something could possibly hurt you and you knew how to prevent it from happening but doing so took up a lot of your valuable time, was complicated and frustrating to do, or required specialized skills you needed to get trained on … would you do it?
Maybe. It probably depends on how bad the injury could be. If you didn’t see the damage as being major, you probably wouldn’t bother with prevention, right?
And that’s how most people see online “injuries” – as no big deal.
But when your business can be virtually shut down by online problems, it is a big deal.
So how can you take reasonable precautions to keep your online properties safe? Things that you can do yourself, that don’t take a ton or time or money, and that don’t require extensive training.
The two best ways I’ve found to prevent or address risk are (1) knowledge and (2) tools and processes.
If you know and understand what can hurt you, you’re more able (and motivated) to avoid it in the first place, right?
And if you have the tools to deal with it, and can easily follow the right process steps to use those tools properly, then the risk of injury goes way down.
Here are some of the best and easiest tools I’ve found to reduce the risk of damage to your online presence.
Protect Your Passwords With LastPass
No one can possibly remember all the passwords they’ve set up for the zillions of online accounts we have these days. Each one seems to have different rules for what you can and can’t use in your password. Rather than writing them all down, use a password manager like LastPass. All you need is one master password and it then creates strong passwords as you need them and remembers them for you.
Get Secure Website Hosting With WP Engine
Your website is only as good as the platform it’s hosted on. Website hosting is often viewed as a commodity – find the cheapest option available and call it a day. But it truly is a case of “you get what you pay for” – and cheap comes with a lack of security, infrequent or inaccessible backups, inadequate customer support, slow speeds, little storage and a poor online interface.
Enable Auto-Updates to Website Plugins, Themes, Frameworks, Etc.
If you have time to manually run updates at least once a month, do it. That way you’ll be able to check each one to make sure that there are no conflicts and that nothing “breaks.” But if you aren’t going to do it regularly, then enable auto-updates for all the online tools you use.
Most hacking attacks target out of date plugins and vulnerable themes or frameworks. Updates are intended to patch (or fix) problems as soon as they’re identified. Ignore the update and you leave yourself open to attack. Plus, as technology continues to improve, you may find yourself with a website or functionality that just won’t work with everyone else’s newer technology.
Receive Credit Card Payments Using Stripe
Most companies want to accept credit card payments but they’re not sure how to do it easily and cost-effectively (and without compromising security). Your best option is to use Stripe. This is an online payment gateway that lets you capture credit card details online or by phone and sends the money to your bank account. It’s easy, seamless and costs just 2.9% plus $0.30 per transaction.
There are many more tools I can recommend but these four are going to have the biggest impact on your online safety. If hackers can’t find an easy way into your website, they’ll move on. If no one can access your passwords, they can’t break into your accounts. If credit card details aren’t lying around, it’s harder for fraudulent charges to happen. And if you have great hosting with daily backups, you can recover your site in the unlikely event that something does go wrong.
Are you using any of these tools today? Any others you’d suggest? Share your thoughts in the comments below!