MBA2567 Q&A Wednesday: How Can I Protect My Business from Cyber Threats? - The $100 MBA Show

Summary6 min read

Podcast Summary: The $100 MBA Show - MBA2567 Q&A Wednesday: How Can I Protect My Business from Cyber Threats?

Episode Details:

Title: MBA2567 Q&A Wednesday: How Can I Protect My Business from Cyber Threats?
Host: Omar Zenhom
Release Date: January 1, 2025
Description: In this episode, Omar Zenhom delves into the pressing issue of cyber threats targeting small businesses. Drawing from over two decades of entrepreneurial experience and lessons learned from building and selling a seven-figure software company, Omar provides actionable strategies to safeguard businesses against evolving cyber risks.

Introduction

Omar Zenhom opens the episode by addressing the often underestimated threat of cyber attacks on online businesses. He emphasizes that cyber threats are pervasive and not confined to large corporations alone.

“Your online business is constantly under attack. You just don't know it.”
[00:00]

Omar acknowledges the rise in cyber threats targeting small businesses, citing statistics to underscore the urgency of the issue. He introduces the episode’s focus: answering Josh’s question on protecting businesses from cyber threats.

Understanding the Risks

Omar begins by outlining the landscape of cyber threats, highlighting that small businesses are increasingly becoming targets due to their perceived vulnerabilities.

“Did you know that 43% of cyber attacks target small businesses?”
[00:30]

Key Threats Discussed:

Phishing Attempts
Ransomware
Malware
Brute Force Attacks
Email Breaches
Payment Processor Breaches

Omar shares his personal experience with Webinar Ninja, detailing how attackers exploited software functionalities to send spam emails. This underscores the importance of understanding specific vulnerabilities within one's business operations.

Step-by-Step Protection Strategies

Omar outlines a comprehensive, seven-step plan to protect businesses from cyber threats. Each step is elaborated with practical advice and real-world examples.

Step 1: Understanding the Risks

The foundational step involves recognizing the various cyber threats that can jeopardize a business.

“Your business is an easy target when you’re not doing the simple, basic things to protect yourself.”
[03:15]

Action Step:
Consult with a cyber threat expert to conduct an audit of your business’s online presence. Omar recommends platforms like Upwork to find qualified experts who can identify vulnerabilities and recommend protective measures.

Step 2: Use Strong Passwords and Two-Factor Authentication (2FA)

Omar stresses the importance of robust authentication methods to prevent unauthorized access.

“Weak passwords are hackers' dreams.”
[07:45]

Key Recommendations:

Strong Passwords: Use random, complex passwords generated by tools like LastPass.
Unique Passwords: Avoid reusing passwords across different platforms.
2FA Implementation: Add an extra security layer by requiring a second form of verification, such as an authenticator app or SMS codes.

Action Step:
Adopt a password manager and enable 2FA across all business-related tools and platforms, including email, website admin panels, and payment processors.

Step 3: Keep Your Software and Systems Updated

Regular updates are crucial to patch vulnerabilities that cyber attackers might exploit.

“Outdated software contains vulnerabilities that attackers have already figured out.”
[12:30]

Best Practices:

Automate Updates: Ensure that software updates are automatic to maintain the latest security patches.
Monthly Maintenance: Schedule regular checks to confirm that all systems and plugins are up-to-date.

Action Step:
Activate automated updates for all business software and conduct monthly maintenance checks to verify their effectiveness.

Step 4: Back Up Everything

Data loss can be catastrophic, whether due to cyber attacks or hardware failures. Regular backups ensure business continuity.

“Regular backups ensure that you can recover whatever gets corrupted very quickly.”
[18:00]

Backup Strategies:

Cloud-Based Solutions: Utilize services like iCloud and Google Drive for automated, daily backups.
Physical Backups: Maintain external hard drives as additional backup sources.

Action Step:
Implement a multi-tiered backup system, combining cloud and physical backups to secure all critical business data.

Bonus Tip:
Consider using Apple computers for enhanced security, as they offer stricter software installation controls and built-in security features.

Step 5: Train Your Team

Human error remains one of the leading causes of cyber breaches. Educating your team is essential for maintaining security.

“Human error is one of the leading causes of cyber breaches.”
[25:10]

Training Focus Areas:

Password Management: Reinforce the use of strong, unique passwords and 2FA.
Phishing Recognition: Teach team members to identify and avoid suspicious emails and links.
Secure Practices: Establish protocols for logging off devices, especially in public or shared spaces.

Action Step:
Conduct live training sessions with your team to demonstrate security measures. Record these sessions for future onboarding to ensure consistent implementation of security practices.

Step 6: Use Secure Hosting and Payment Platforms

The security of your hosting and payment processing services plays a pivotal role in protecting your business.

“Do not go cheap in these two areas.”
[34:20]

Critical Considerations:

Secure Hosting: Choose hosting providers with built-in security features like DDoS protection and SSL encryption. Omar recommends WP Engine for its robust security measures.
Payment Processors: Opt for PCI-compliant payment platforms such as Stripe to manage customer transactions securely.

Action Step:
Research and select high-security hosting and payment processing services. Ensure they offer features like fraud monitoring and SSL certificates to safeguard customer data.

Step 7: Have an Incident Response Plan

Preparation is key to minimizing damage in the event of a cyber attack.

“Have a plan now before things get real and you’re nervous and you don’t know what to say.”
[40:15]

Components of an Incident Response Plan:

Key Contacts: List individuals and external experts to contact during a breach.
Step-by-Step Actions: Outline procedures to secure systems and control the situation.
Communication Strategy: Define how to inform customers and stakeholders about the incident.

Action Step:
Draft a one-page incident response plan detailing contacts, actions, and communication protocols. This proactive measure ensures swift and effective responses to cyber threats.

Conclusion

Omar wraps up the episode by reiterating the importance of a proactive approach to cyber security. He emphasizes that protecting a business from cyber threats encompasses understanding risks, implementing strong authentication measures, keeping systems updated, performing regular backups, training teams, securing hosting and payment platforms, and having a robust incident response plan in place.

“Protecting your business from cyber threats isn't just about technology. It's about being proactive, about being protective of your business.”
[43:00]

Omar encourages listeners to download the free checklist available at 100mba.net/worksheets to ensure they cover all critical aspects of cyber security.

Key Takeaways

Awareness is Crucial: Understanding the specific cyber threats your business faces is the first step toward effective protection.
Implement Strong Security Measures: Utilize strong, unique passwords and 2FA to create robust barriers against unauthorized access.
Stay Updated: Regularly update all software and systems to patch vulnerabilities and enhance security.
Regular Backups: Maintain multiple backups of all critical data to ensure swift recovery from any data loss incident.
Educate Your Team: Comprehensive training can significantly reduce the risk of human error leading to cyber breaches.
Choose Secure Partners: Invest in high-quality, secure hosting and payment processing services to protect sensitive customer data.
Prepare for Incidents: Develop and maintain an incident response plan to effectively manage and mitigate the impact of cyber attacks.

Resources Mentioned

Free Cyber Security Checklist: 100mba.net/worksheets
Password Manager: LastPass (lastpass.com)
Secure Hosting Provider: WP Engine (wpengine.com)
Payment Processor: Stripe (stripe.com)

By following Omar Zenhom’s detailed guidance, small business owners can significantly enhance their cyber security posture, safeguarding their enterprises from the ever-present threat of cyber attacks.

Loading summary

Transcript1 lines

[00:00]
Omar Zenhom
Your online business is constantly under attack. You just don't know it. That's what I learned after 10 years of building and selling a seven figure software company. On today's Q and A Wednesday's episode, we answer a question from Josh that asks how can I protect my business from cyber threats? Welcome. I'm Omar Zenom and this is the $100 MBA show where I teach you how to start, grow and scale a business three days a week. Josh's question is such an important one. Cyber threats are real and they're not just targeting big companies. Small businesses are in the crosshairs constantly as well. And if you're not prepared, it can cost you more than just money. It can cost you your reputation and even your whole business. To make today's lesson even easier, we've created a free checklist for you to Download. Just go to 100mba.net worksheets. You can grab it and follow along as we break down to Protect your. Did you know that 43% of cyber attacks target small businesses? That's according to Verizon's Data Breach Investigations Report. Many of these businesses, maybe even yours, are incredibly unprepared. But there's good news. There are some really simple strategies that you can implement to make sure your business is much harder to attack so that they just keep moving on. So today I'm going to show you how to safeguard your business. I'm going to show you what worked for me with my businesses, some of the things I learned the hard way. So if you're not a tech expert, don't worry. This is going to be easy. I want to start by saying when I started to get my head around this, like, what's going on here? Why am I being attacked? What did I do? Did I hurt somebody? Am I threatening somebody? And what I didn't understand is that there's just bad actors out there that just want to see the world burn. They just want to see what they can do that, what they can get away with. Sometimes they're doing this and they're not going to get anything in return. Like they're not going to make any money or they're not going to scam anybody into anything. They're just doing this because they can. So if I go back in time, I would just tell myself, don't worry so much about why these people are doing what they're doing. Focus on protecting your business. So that's where it starts. Step one, understanding the risks. The first step is protecting your business and knowing what you're up against. Cyber threats include a lot of things, but the most common ones are like, phishing attempts, ransomware, malware, brute force attacks targeting your website, email breaches, or even breaches of payment processors. Now, I'm going to give you a little secret. A lot of the reasons why this happens is because you're vulnerable. You're an easy target. You're not doing the simple, basic things to protect yourself. We're going to talk about more and more of what you can do to protect yourself. But I just want to say that whatever your business is, whether you have an online business because you're selling ebooks or courses or coaching, this applies to you even if you're not in tech, even if you're not selling a software. Obviously, if you're selling a software like I did at Webinar Ninja, which I did for 10 years, I was more vulnerable. There was more things I had to worry about because there was more things that could technically go wrong. For example, inside of our software, Webinar Ninja, it had the ability to send mass emails, like email marketing, to those who sign up for webinars. This is pretty cool for the user because when somebody signs up for their webinar, they can automatically send an email to remind them of the webinar and send them the replay and all that kind of stuff. But anytime you have any kind of functionality in your product, it can be abused. So we had people trying to go into our accounts, sign up for free accounts, and use that email service to send out, like, spam emails to get people to, like, sign up for some crypto scam or, you know, some fake pills. Luckily, we were able to recognize the threat early and allow us to act before the damage was done. I'm sharing this because most likely your product doesn't have sophisticated functionality, which makes you vulnerable, which requires a lot of sophisticated solutions. Like our team had to create honeypots. A honeypot's like a security mechanism that creates a virtual trap to lure attackers. We do it intentionally so that we can learn more about why they're attacking us and how they're attacking us, our vulnerabilities, so that we can study that and build security systems around it. I'm saying all this to say that there's a good chance that if your product is not a software, it's consulting, it's coaching, it's online courses, is E commerce, it's even you have a pizzeria and you have a website that allows you to do bookings. Most likely you're not going to do any kind of sophisticated, you know, cyber security that you're going to need to do. Like we had to do. What I'm going to share with you today, some simple things you can do that are going to lower your chances of being attacked because you're just not going to be easy target. But there is an action step to step one, knowing your risks that I would encourage you to do. And I did this especially because I had a software company, but it's really important is to consult with a cyber threat expert, right? You can find one on upwork or any freelance site and you could just consult with them for an hour or two. They can take a look at your website, take a look at your online presence and ask you a bunch of questions and give you sort of like an audit and say, hey, this is the things I would change. The things I would do here are vulnerabilities. I did this early on. I spent a few hundred dollars to consult with somebody who was really an expert, worked for the CIA and knows a lot about cybersecurity. And it paid dividends because it allowed us to build our policies and build a secure system. As they say, an answer prevention is worth a pound of cure. Step two, use strong passwords and Two Factor authentication. This is one of the simplest things you can do in your business that will really prevent a lot of problems. There are so many people that don't do this and it's very, very easy to implement. And I share that because if so many people don't do it and you do it, then you're not an easy target. A weak password are hacker's dreams, right? These are passwords that are easy to guess or they're common words or they're dates. You should always create passwords that are random and generated. I use LastPass and you can use LastPass even if you're not using the tool. You can create a random password with a random password generator on their website and creates like a string of letters and numbers and symbols that is just totally random. It's not something that you're going to remember, but you're going to save that password in some sort of Password security vault. LastPass, for example, is one of them. This is something that's also like built into the iPhone. I know Google has their own as well. So make sure your passwords are random and different across all your tools. Don't use the same password. The next thing is Two Factor Authentication. Two fa. This adds an extra layer of security, making it significantly harder for attackers to Access some of your systems. So we're talking about, you know, that system where you put in a password and then you have to do something else if it doesn't recognize who you are because you're a new computer or something like that and use like an authenticator app or you're using like an SMS service where they send you an SMS and you have to have put the number that they give you in your SMS into that authentication or email or whatever it might be. For example, when you have two fa, you will get a message and this happened to me at the hundred dollars mba. You'll get a message or somebody attempting to try to reset your password or go through your system because it's going to prompt and be like, hey, somebody's trying to get into my system. I never did that. I never tried to get into my system or reset my password. That means I need to go in and try to reset my password. At least I was alerted because I had that second guard. So as an action step, use a password manager like lastpass to generate and store strong passwords. Use 2fa wherever possible in all your tools. I'm talking about everything in your digital world, especially when it comes to your business. That means email, that means website, that means admin to your website. That means your payment processor where you're actually receiving money. That means your web host. If you have a web hosting company where you register your domain, like GoDaddy, have two FA there, because if they have control of your domain, they can control basically anything they want and create emails under that domain. And it's pretty dangerous. 2fa everywhere. Step three, keep your software and systems updated. Outdated software, like, say, for example, you're using an outdated release of WordPress. They contain vulnerabilities that attackers have exploited. This is why they're updating the software. There were some leaks in there, some problems the hackers figured out, and they're updating the software to protect you. So you got to make sure that all your systems are updated regularly. Most of the software and tools we use have automated updates, but make sure you have that switched on. Sometimes it's not on by default. For example, we got scare with an old plugin on our website that wasn't updated, leaving us a little bit vulnerable. I was alerted via email because we have these checks and balances on our system, letting us know that our plugin is outdated or not compatible with the latest software. So now what we do is we have a monthly maintenance where we have scheduled updates for all our tools, no matter what so make sure right now that all your tools are updated. Websites, plugins, operating systems, any software that you run your business, make sure you're using the latest version and then automate your updates where possible. Step four Back up everything. Ransomware and other attacks can lock you out of your own data on your own computer at home. Regular backups ensure that you can recover whatever gets corrupted very quickly. Sometimes it's not an attack, sometimes like what happened to me, my laptop just died. It just stopped working, it wouldn't boot up anymore and I took it to the Apple Store and it didn't work. And this happens with any manufacturer, right? But luckily I had several backups of my computer in the cloud so that I had no problem getting a new computer and just restoring everything as if nothing happened. So as an action step, use some cloud based backup solution for your computer to make sure that all your data is stored in the cloud and it's there as a backup set. An automatic backup every single day. I have three backups actually. One is icloud. I use Apple icloud to backup all my files because I'm in the Apple ecosystem. The second one is Google Drive. I also have a backup of Google Drive of my computer also on the backup in the cloud. And the third is, I also have a backup of my computer through what's called a time capsule here on the Apple devices that I use. And that's actually a physical backup where I plug in a hard drive and once a month it kind of backs it up and makes sure everything is there. So I have a physical backup as well. One quick tip, if you're looking to buy a new computer, consider buying an Apple computer. Apple computers are factually safer, right? They are less open, so therefore they are less vulnerable to any kind of breach or privacy concerns that you might have. You just can't install any kind of software you want on Apple. It has to come from the App Store. There's a lot of checks and balances with Apple, I have to say. You know, a lot of people like the custom ability of Windows or a PC, but the security and the privacy of Apple really is gives me peace of mind. As a founder of an online business, I want to make sure that security is a priority. Step number five, everything I just talked about, train your team, get everybody in your team to do the same thing. Strong passwords, two fa, right backups. All the things I mentioned today, make sure your team is in this process, right? They're in the loop. They understand what the risks are and they understand that this is a priority. Human error is one of the leading causes of cyber breaches, right? You have to have policies in place to make sure that people know that they have to log off their computers. They don't leave their computers, you know, kind of on or unlocked when they're at cafes or when they go to the bathroom or something like that. Even if they have maybe a busy home with a lot of traffic and extended family, they gotta be super careful because they gotta make sure that your company and your information is protected. They also need to be trained to recognize phishing emails, suspicious links. We have a policy in our company where you just don't click on links that we recognize. When we were at Webinar Ninja where we had our customer support team, we don't click on links, period, right? We just had a policy. If a customer sent us a link to a screenshot, we'd say, please attach a screenshot because we don't click any links to make sure that there's no vulnerabilities. These practices can prevent a lot of attacks from happening. So train your team. One of the easiest ways to do this is to just simply get on a live call, like a Zoom meeting, and show your team what you did to implement some of these security measures, right? The two fa, the, you know, strong passwords, making sure everything's backed up, showing them how you did all that and training them live on a call, get them to share screen and go through that with you, okay? And then you can save that recording. And anybody who gets hired on your team has to watch that recording and implement it and send you a recording that they've done it. Step 6 Use secure hosting and payment platforms. Do not go cheap in these two areas. Make sure you get the highest quality hosting and payment processing you can find. Because these are the biggest vulnerabilities you can have where you host your website and how you process payment, how you handle your customers, credit cards, all that kind of stuff. These are prime targets for hackers. So using secure hosting with CPI compliant payment processors reduces your risk. So processors like Stripe are compliant, but if you're thinking about shopping around for a different payment processor, make sure they're PCI compliant and they have high security measures when it comes to hosting. Just as important, after evaluating a lot of our options when it came to our hosting our website at the $100 MBA, we moved to a hosting provider with built in DDoS protection. DDoS stands for distributed Denial of Service Protection. Ensure hackers will do something where they'll flood your Servers with traffic to create a lot of load so it can go down, so your website can go down and you can have problems and then you'll be even more vulnerable. We use a host called WP Engine. We absolutely love them. We use them for years. They're expensive, but they're great. So as an action item, research your hosting and your payment providers. Make sure they both have really high security features like SSL encryption, like fraud monitoring, like DDoS protection. Guys, we're in step seven now. The last step, Very, very simple thing to do that's going to actually help you stay calm in an emergency. And that's have an incidental response plan. This is one of the first things we created as a document when we built Webinar Ninja, our software company. Even with the best defenses, breaches can happen. Even with all the software and all the things you've done to protect your business, you need a plan. You need to have a plan in place that ensures you can act quickly to minimize any damage. So ask an action step Draft a one pager, an incident response plan for your business. Include the key contacts, who you're going to contact. Do you have like somebody you can contact that's like the web developer, the web person that you can reach out to so they can fix the problem or, you know, stop the bleeding. If not, get one right. Have a step by step plan to secure the systems, to gain control, whatever it might be. How are you going to communicate with your customers? What's your communication plan? Draft it now before things get real and you're nervous and you don't know what to say. Josh, you asked a great question today. Protecting your business from cyber threats isn't just about technology. It's about being proactive, about being protective of your business. Understanding the risks, using strong passwords, two fa, right? Two factor authentication. Keep your systems updated all the time. Train your team. Make sure they know that this is a priority and that this is a part of them doing a good job. Most importantly, have a plan when things go wrong, because they could go wrong. Even after all this, we hope nothing goes wrong, but we don't want to hope. We want to be prepared. And don't forget, if you want to do this properly and you want to make sure you don't miss anything, download our free checklist@100mba.net worksheets. Thanks for tuning in to the $100 MBA Show. I'm Omar Zenholm. If you're watching on YouTube and you found this episode helpful and you want more lessons to help you build, grow and scale your business. Hit Subscribe. I promise you it won't hurt. It's absolutely free and I'll continue to give you valuable lessons to help build your business three days a week. If you're listening to this podcast on any podcast player, make sure you hit, follow or subscribe and continue in your learning journey to build, grow and scale your business. Thanks so much and I'll check you in the next episode.