From hackers and computer viruses to wiped hard drives and lost files, there are more threats to the security of your data than ever before.
Fortunately, as threats evolve, so does the technology to eliminate them. Nothing is 100% secure in the digital world but there’s a lot you can do to keep your data, money, and business safe.
Here are 13 best practices for locking down your business to keep the bad guys out, protect your data, and make sure your hard-earned money stays in your own damn bank account.
Disclosure: This post contains affiliate links. When you click on an affiliate link and make a purchase, I receive a small commission (at no additional cost to you). Affiliate links are marked with an asterisk (*).
Backup your hard drive on a regular basis.
If your computer is lost, stolen, or damaged, having a backup of your hard drive is critical. In fact, I recommend having two backups–one in the cloud and one on a backup drive you keep at home.
I use Backblaze for cloud backup. Pricing is affordable and easy to understand ($6/month, $60/year or $110 for 2 years). It backs up files continuously and you can restore via download for free at any time. You can also have a copy of your hard drive sent to you for a fee (which is 100% refundable as long as you send the hard drive back within 30 days).
I also periodically backup my hard drive to an external drive I keep at home. I use WD’s My Passport for Mac, which comes in 2TB* and 4TB* sizes. I like it because it’s portable, has plenty of space, and integrates seamlessly with Time Machine. It’s also great for storing files you don’t have room for on your computer.
Choose a secure web host & email server.
I can’t emphasize enough how important it is to have a secure web host. You can do everything else on this list but if you choose the wrong web host, it could all be for nothing.
Wordpress websites are particularly vulnerable to hackers. One of the best ways to protect your Wordpress site is to choose a secure managed host. I recommend WP Engine*. Cheap web hosts like BlueHost, HostGator, GoDaddy, and InMotion will save you money now but may cost you later on.
To drive home this point, let me just tell my own little horror stories about cheap web hosts. Years ago, when I was with BlueHost, my website was shut down for two weeks because hackers were trying to access the shared server my website was hosted on. Shutting everything down was the only way BlueHost knew how to protect the server. Not a great solution, if you ask me.
When I was with InMotion, my site was breached and hackers used my business email address (hosted on the same server) to send spam to over 300 people. Malicious scripts were also installed on my website. InMotion responded by shutting down my website and told me I would have to pay $200 to a third-party service to fix the problem. And all of this happened when I was using a popular Wordpress security plugin!
I’ve heard stories like this (and much worse) from so many people so please, choose your web host wisely! Being hacked can affect not only your bank account but also your reputation. Your business email or domain name can even be blacklisted.
I now use Squarespace, which I love for so many reasons. Among them, it offers better security than you could ever achieve with a Wordpress site for a much lower cost. My business email is hosted on G Suite, which is also very secure. And with Squarespace, you get your first year of G Suite free!
Backup your website on a regular basis.
If you have a Wordpress website, your web host may perform regular backups for you, so check to see if this is the case. If not, I recommend VaultPress, a backup and security plugin made by the creators of Wordpress. It comes with a Jetpack Personal subscription, which is $39/year.
If you have a Squarespace website, your data is safe unless something catastrophic happens to Squarespace’s servers or the company suddenly goes under–both highly unlikely events. Just to be on the safe side though, it doesn’t hurt backup your data in the following ways:
Write your blog posts in Google Docs, Word, Pages, or Ulysses (what I’m using now) and then copy and paste them into Squarespace. That way you have a backup copy.
Store any images you use on your website in a folder on your computer, external hard drive, or Google Drive.
Periodically download your XML file. If your website ever mysteriously disappears, you can use it to import your content to Wordpress. To do this go to Settings > Advanced > Import/Export > Export > Wordpress > Download.
Take screenshots of every page on your website so you have a visual reference. I use the Full Page Screen Capture Google Chrome plugin for this.
Read my guide on how to backup your Squarespace website for more details.
Enable SSL on your website.
SSL stands for Secure Sockets Layer, a protocol that encrypts data sent through a website. Websites without SSL have an http address whereas websites with SSL have an https address. Most modern browsers also indicate whether a website is protected or unprotected in the address bar.
SSL is important for all websites but it’s particularly critical for websites that collect credit card information. If you’re selling products through your website without an SSL certificate, you’re endangering your customer’s private financial data.
Squarespace makes it super easy to enable SSL on your site. Just go to Settings > Advanced > SSL.
If you have a Wordpress site, ask your web host about buying an SSL certificate. Good web hosts usually come with one but you should always double check just to make sure it’s properly set up.
Use a password vault to store login info.
Ditch the messy Word doc method and start using a secure password vault. I prefer LastPass because it works across multiple browsers (unlike browser-specific solutions like Safari’s Keychain or Chrome’s Password Manager).
Keep your business legal.
The last thing you need is to end up on the business end of a lawsuit, audit, or government fine. Learn the laws about running an online business and follow them to the letter.
Use a good anti-virus software.
Keep your computer virus and malware-free by using a quality anti-virus software. I use Intego, which is specifically designed for Mac OSX and has been shown to be more effective against a broader range of threats than generic anti-virus programs.
Use two-factor authentication whenever possible.
Two-factor authentication is when a system requires you to verify your identity on a secondary device (through a text message or authentication app) before it will let you login. It’s a pain but it makes it a lot harder for someone to hack into your accounts.
Block malicious ads and tracking scripts.
Ads are annoying but they can also install tracking scripts that follow you around the Internet. Some ads can even infect your computer with malware. I use Adblock Plus (available free for Safari, Chrome, and Firefox) to block ads and malicious scripts.
Keep your apps and plugins updated.
Always install updates on your computer and mobile devices as soon as they’re available. Many of these updates patch security holes. Also, if you have a Wordpress site, keep your plugins updated at all times!
Uninstall unused apps and plugins.
The more apps you have installed on your computer or mobile device, the more vulnerable you are to being hacked. If you haven’t used it in over six months, get rid of it.
The same goes for Wordpress plugins. If it’s not absolutely necessary to keep you site functioning properly, delete it.
Avoid public wi-fi networks.
I know you love working at your local café but it’s not safe to login to sensitive things like your email, bank accounts, website, etc. when using a public network. Save your café outings for leisure time or when you plan to work offline.
Open a second email account.
Every time you login to an online account, you have to enter two passwords. One of them is called a username but if you think about it, it’s really just another password. You don’t want to squander this added security layer by using a public email address (like your primary business email) that anyone could guess. Instead, open a second email account and use this as your login for accounts only.
Taking additional steps to keep your data secure isn’t convenient but it’s worth the effort. There’s nothing less convenient than being hacked or losing your data!