Basic Online Security For Your Small Business

My first 'Local Biz Spark' article in the July edition of Hornsea Community News focuses on some basic online security tips and and checking control over your online business assets. I have added in extra information here since I don't have the constraints of physical paper space I do with the newspaper.


I have an earlier blog post where I talk about why I am writing that newspaper column and introduce a bit about myself. >>> Read that here <<<


Think of these questions as a checklist and go through them. They are intended to help you identify where you are in control and perhaps where you need to take some steps to re-gain control. I see these problems cropping up time after time. Trying to sort them out when they are already a disaster is difficult. 


It may be that you do all your 'techy stuff' yourself, or maybe a friend helped you out, or perhaps you pay other service providers to look after your website. Please don't be embarrassed  or afraid to ask them these questions. A competent service provider with your best interests at heart will be happy to answer fully.


And maybe you've had your website or whatever, for several years. What was best practice years ago, is probably no longer so. Also people move on, businesses close, employees move on. Same for software and tools, website plugins - all that stuff. Out-of-date, and no longer supported software is an absolute online security hazard. It's also probably slow, and doesn't give the best user experience, and may no longer do well in search results, so people are less likely to see your stuff.


I've certainly been kept busy keeping my own stuff up-to-date over the last few months, and I  know I still have things to improve. 


Your online presence is NEVER FINISHED! You might find it useful to block out some time in your diary every month to review your website, apps & tools.

If You Have A Website

  • do you own and control your domain
  • do you know when the registration is due for renewal
  • who else has access to your domain registration account
  • do you have full control and access to your website hosting account
  • who else has access to your website hosting account
  • does it have an adequate SSL certificate installed (so it shows https://)
  • where are the backups
  • if you have a website maintenance contract, what are the renewal and cancellation clauses, notice periods, details around handover


    • There’s more but that’ll do for starters.

    Passwords & access control to your various online tools’ accounts

    • If you have a website maintenance package, or some sort of ‘seo package’ with someone, what exactly are they doing? And how often. And how do you control their access.
    • Same goes for any external service providers, what access do they have. 
    • Who's in control? It should be you.... but so often it isn't!
    • Most online tools these-days have an ability for you as the business owner, to add others as a lesser admin role. But you are the one who controls their levels of access.
    • Don’t give external service providers your account id and password.

    PASSWORDS: yes you’ve heard this before… but are you doing it?

    (note: I dive into this topic in more detail in my article in the August 2024 edition.)

    • Please use long secure passwords. Using 3words as the basis for your passwords can be effective, secure, and easier to remember.
    • Please use a different password for each online service you use.
    • Using a password manager makes this a lot easier to manage.
    • And I prefer to NOT link any of my online accounts to Facebook and Google profiles etc.

    External Validation / 2 factor authorisation (2FA)

    • Wherever you can, please switch on ‘external validation’ also known as 2 factor authorisation 2FA.
    • Basically when you sign into something, you get a text message or have to enter a code from an app on your phone.
    • Please Set up 2FA wherever you can.

    And finally, if you are using Facebook, please set your Friends List so that only you can view them.

    • Many FB scams originate when people clone your FB account – then start messaging your friends.
    • If they can’t see your friends list, they can’t message them! So no point in cloning your account therefore.
    • In most cases where people say they've been hacked, they haven't - they've been cloned 'cos of their publicly visible friends list.

    Go into Facebook, Settings, Settings & Privacy, Audience & Visibility, Who Can See Your Friends List? Set to only you.

    • Whilst you are there have a good poke about to see what settings are there and decide what levels of privacy & security you require. 
    • New things get added all the time, so it’s a good idea to make a regular note to do some security and privacy settings checks, on all your online accounts, social media, website, and software tools and apps.


    Whew! Yes a lot of questions, prompted by experience of seeing many small business owners get into an online pickle.

    A valuable, reliable and practical source of information to help protect yourself, your family and your business online is The National Cyber Security Centre
    https://www.ncsc.gov.uk/

    Any Questions?

    I'm also happy to answer questions, or take suggestions for future column topics too!

    Please use the Contact Form here on my website.

    What ACTION will this SPARK for you?

    I'm always cheering you on!

    Sue xxx 

    AND IF YOU WANT TO HIRE ME FOR A BRAINPICKING / TROUBLESHOOTING / ADVICE SESSION I have a special support offer for my local Hornsea business community  >>>> details here: 

    https://bookme.name/susanweeks/hornsea-local-power-hour