MBA2567 Q&A Wednesday: How Can I Protect My Business from Cyber Threats?

A

Do you own a business that's ready to Thrive? Let Intuit QuickBooks take things like unpaid invoices and tracking expenses off your plate to take things to the next level. Intuit QuickBooks is an all in one business platform that can help with day to day tasks like invoicing and expenses. Manage and grow your business all in one place. Intuit QuickBooks your way to money. Money movement services are provided by Intuit Payments Inc. Licensed as a money transmitter by the New York State Department of Financial Services.

B

If your small business is booming and ready to expand, you might say something like it's happening.

C

Crushed it.

B

But if you need someone who can actually help protect your growing business, just say, like a good neighbor State Farm. He's there. And just like that, your State Farm agent can help you get the coverage you need for your new space for your small business insurance needs. Like a good neighbor State Farm is there.

C

Your online business is constantly under attack. You just don't know it. That's what I learned after 10 years of building and selling a seven figure software company. On today's Q and A Wednesday's episode, we answer a question from Josh that asks how can I protect my business from cyber threats? Welcome, I'm Omar Zenholm and this is the $100 MBA show where I teach you how to start, grow and scale a business three days a week. Josh's question is such an important one. Cyber threats are real and they're not just targeting big companies. Small businesses are in the crosshairs constantly as well. And if you're not prepared, it can cost you more than just money. It can cost you your reputation and even your whole business. To make today's lesson even easier, we've created a free checklist for you. To Download, just go to 100mba.net worksheets. You can grab it and follow along as we break down to protect your business. Did you know that 43% of cyber attacks target small businesses? That's according to Verizon's Data Breach Investigations Report. Many of these businesses, maybe even yours, are incredibly unprepared. But there's good news. There are some really simple strategies that you can implement to make sure your business is much harder to attack so that they just keep moving on. So today I'm going to show you how to safeguard your business. I'm going to show you what worked for me with my businesses, some of the things I learned the hard way. So if you're not a tech expert, don't worry. This is going to be easy. I want to start by saying, when I started to get my head around this, like, what's going on here? Why am I being attacked? What did I do? Did I hurt somebody? Am I threatening somebody? And what I didn't understand is that there's just bad actors out there that just want to see the world burn. They just want to see what they can do, that what they can get away with. Sometimes they're doing this and they're not going to get anything in return. Like, they're not going to make any money or they're not going to scam anybody into anything. They're just doing this because they can. So if I go back in time, I would just tell myself, don't worry so much about why these people are doing what they're doing. Focus on protecting your business. So that's where it starts. Step one, understanding the risks. The first step is protecting your business and knowing what you're up against. Cyber threats include a lot of things. The most common ones are like, phishing attempts, ransomware, malware, brute force attacks targeting your website, email breaches, or even breaches of payment processors. Now, I'm going to give you a little secret. A lot of the reasons why this happens is because you're vulnerable. You're an easy target. You're not doing the simple, simple, basic things to protect yourself. We're going to talk about more and more of what you can do to protect yourself. But I just want to say that whatever your business is, whether you have an online business because you're selling ebooks or courses or coaching, this applies to you even if you're not in tech, even if you're not selling a software. Obviously, if you're selling a software, like I did at Webinar Ninja, which I did for 10 years, I was more vulnerable. There was more things I had to worry about because there was more things that could technically go wrong. For example, inside of our software, Webinar Ninja, it had the ability to send mass emails, like email marketing, to those who sign up for webinars. This is pretty cool for the user because when somebody signs up for their webinar, they can automatically send an email to remind them of the webinar and send them the replay and all that kind of stuff. But anytime you have any kind of functionality in your product, it can be abused. So we had people trying to go into our account, sign up for free accounts, and use that email service to send out, like, spam emails to get people to, like, sign up for some crypto scam or, you know, Some fake pills. Luckily, we were able to recognize the threat early and allow us to act before the damage was done. I'm sharing this because most likely your product doesn't have sophisticated functionality, which makes you vulnerable, which requires a lot of sophisticated solutions like our team had to create honeypots. A honeypot's like a security mechanism that creates a virtual trap to lure attackers. We do it intentionally so that we can learn more about why they're attacking us and how they're attacking us, our vulnerabilities, so that we can study that and build security systems around it. I'm saying all this to say that there's a good chance that if your product is not a software, it's consulting, it's coaching, it's online courses, is E commerce, it's even you have a pizzeria and you have a website that allows you to do bookings. Most likely you're not going to do any kind of sophisticated, you know, cyber security that you're going to need to do, like we had to do. What I'm going to share with you today, some simple things you can do that are going to lower your chances of being attacked because you're just not going to be easy target. But there is an action step to step one, knowing your risks that I would encourage you to do. And I did this especially because at a software company, but it's really important is to consult with a cyber threat expert, right? You can find one on upwork or any freelance site, and you could just consult with them for an hour or two. They can take a look at your website, take a look at your online presence and ask you a bunch of questions and give you sort of like an audit and say, hey, this is the things I would change. The things I would do here are vulnerabilities. I did this early on. I spent a few hundred dollars to consult with somebody who was really an expert, worked for the CIA and knows a lot about cybersecurity. And it paid dividends because it allowed us to build our policies and build a secure system. As they say, an ounce of prevention is worth a pound of cure. Step two, use strong passwords and two factor authentication. This is one of the simplest things you can do in your business that will really prevent a lot of problems. There are so many people that don't do this, and it's very, very easy to implement. And I share that because if so many people don't do it and you do it, then you're not an easy target. A weak password are hacker's Dreams, right? These are passwords that are easy to guess or they're common words or they're dates. You should always create passwords that are random and generated. I use LastPass and you can use LastPass even if you're not using the tool. You can create random passwords with a random password generator on their website and creates like a string of letters and numbers and symbols that is just totally random. It's not something that you're going to remember, but you're going to save that password in some sort of Password security vault. BlastPass, for example, is one of them. This is something that's also like built into the iPhone. I know Google has their own as well. So make sure your passwords are random and different across all your tools. Don't use the same password. The next thing is two Factor Authentication. Two fa. This adds an extra layer of security, making it significantly harder for attackers to access some of your systems. So we're talking about, you know, that system where you put in a password and then you have to do something else if it doesn't recognize who you are because you're a new computer computer or something like that and use like an authenticator app or you're using like an SMS service where they send you an SMS and you have to have put the number that they give you in your SMS into that authentication or email or whatever it might be. For example, when you have two fa, you will get a message and this happened to me at the $100 MBA. You'll get a message or somebody attempting to try to reset your password or go through your system because it's going to prompt and be like, hey, someone's trying to get into my system. I never did that. I never tried to get into my system, reset my password. That means I need to go in and try to reset my password. At least I was alerted because I had that second guard. So as an action step, use a password manager like lastpass to generate and store strong passwords. Use 2fa wherever possible in all your tools. I'm talking about everything in your digital world, especially when it comes to your business. That means email, that means website, that means admin to your website. That means your payment processor where you're actually receiving money. That means your web host. If you have a web hosting company where you register your domain, like GoDaddy, have two FA there, because if they have control of your domain, they can control basically anything they want and create emails under that domain. And it's pretty dangerous. 2fa everywhere. Step three, keep your software and systems updated outdated software. Like say for example, you're using an outdated release of WordPress. They contain vulnerabilities that attackers have exploited. This is why they're updating the software. There was some leaks in there, some problems the hackers figured out, and they're updating the software to protect you. So you got to make sure that all your systems are updated regularly. Most of the software and tools we use have automated updates, but make sure you have that switched on. Sometimes it's not on by default. For example, we got a scare with an old plugin on our website that wasn't updated, leaving us a little bit vulnerable. I was alerted via email because we have these checks and balances on our system letting us know that our plugin is outdated or not compatible with the latest software. So now what we do is we have a monthly maintenance where we have scheduled updates for all our tools no matter what. So make sure right now that all your tools are updated. Websites, plugins, operating systems, any software that you run your business, make sure you're using the latest version and then automate your updates where possible. What if you can make your New Year's resolution automatic? Acorns makes it easy to start automatically saving and investing so your money has a chance to grow for you, your kids and your retirement. And listen, you don't need to be an expert. Acorns will recommend a diversified portfolio that fits you and your money goals. You don't need to be rich. Acorns lets you invest the spare money you've got right now. You can start with $5 or even just spare change. You don't need to feel like your financial wellness is impossible. Acorns gives you small, simple steps to get you and your money on track. Basically, Acorns does the hard part so you can give your money a chance to grow. Head to acorns.com mba or download the Acorns app to start saving and investing for your future today. Paid non client endorsement compensation provides incentive to positively promote Acorns Tier 2 compensation provided investing involves risk. Acorns Advisors LLC and SEC registered investment advisor. View important disclosures@acorns.com MBA do you own.

A

A business that's ready to Thrive? Let Intuit QuickBooks take things like unpaid invoices and tracking expenses off your plate to take things to the next level. Intuit QuickBooks is an all in one business platform that can help with day to day tasks like invoicing and expenses. Manage and grow your business all in one place. Intuit QuickBooks your way to Money Money movement services are provided by Intuit Payments Inc. Licensed as a money transmitter by the New York State Department of Financial Services.

C

Step four Back up everything. Ransomware and other attacks can lock you out of your own data on your own computer at home. Regular backups ensure that you can recover whatever gets corrupted very quickly. Sometimes it's not an attack, sometimes like what happened to me, my laptop just died. It just stopped working. It wouldn't boot up anymore and I took it to the Apple Store and it didn't work. And this happens with any manufacturer, right? But luckily I had several backups of my computer in the cloud so that I had no problem getting a new computer and just restoring everything as if nothing happened. So as an action step, use some cloud based backup solution for your computer to make sure that all your data is stored in the cloud and it's there as a backup set. An automatic backup every single day. I have three backups actually. One is iCloud. I use Apple iCloud to backup all my files cause I'm in the Apple ecosystem. The second one is Google Drive. I also have a backup of Google Drive of my computer also on the backup in the cloud. And the third is I also have a backup of my computer through what's called a time capsule here on the Apple devices that I use. And that's actually a physical backup where I plug in a hard drive and once a month it kind of backs it up and makes sure everything is there. So I have a physical backup as well. One quick tip, if you're looking to buy a new computer, consider buying an Apple computer. Apple computers are factually safer, right? They are less open, so therefore they are less vulnerable to any kind of breach or privacy concerns that you might have. You just can't install any kind of software you want on Apple. It has to come from the App Store. There's a lot of checks and balances with Apple. I have to say. You know, a lot of people like the custom ability of Windows or a PC, but the security and the privacy of Apple really is gives me peace of mind. As a founder of an online business, I want to make sure that security is a priority. Step number five, everything I just talked about, train your team, get everybody your team to do the same thing. Strong passwords, two fa, right backups. All the things I mentioned today, make sure your team is in this process, right? They're in the loop. They understand what the risks are and they understand that this is a priority. Human error is one of the leading causes of cyber breaches, right? You have to have policies in place to make sure that people know that they have to log off their computers. They don't leave their computers, you know, kind of on or unlocked when they're at cafes or when they go to the bathroom or something like that. Even if they have maybe a busy home with a lot of traffic and extended family, they got to be super careful because they got to make sure that your company and your information is protected. They also need to be trained to recognize phishing emails, suspicious links. We have a policy in our company. We just don't click on links that we don't recognize. When we were at Webinar Ninja, where we had our customer support team, we don't click on links, period. Right? We just had a policy. If a customer sent us a link to a screenshot, we'd say, please attach a screenshot because we don't click any links to make sure that there's no vulnerabilities. These practices can prevent a lot of attacks from happening. So train your team. One of the easiest ways to do this is to just simply get on a live call like a zoom meeting, and show your team what you did to implement some of these security measures, right? The two fa, the, you know, strong passwords, making sure everything's backed up, showing them how you did all that and training them live on a call, get them to share screen and go through that with you, okay? And then you can save that recording. And anybody who gets hired on your team has to watch that recording and implement it and send you a recording that they've done it. Step 6 Use secure hosting and payment platforms. Do not go cheap in these two areas. Make sure you get the highest quality hosting and payment processing you can find because these are the biggest vulnerabilities you can have. Where you host your website and how you process payment, how you handle your customers, credit cards, all that kind of stuff. These are prime targets for hackers. So using secure hosting with CPI compliant payment processors reduces your risk. So processors like Stripe are compliant, but if you're thinking about shopping around for a different payment processor, make sure they're PCI compliant and they have high security measures when it comes to hosting. Just as important, after evaluating a lot of our options when it came to our hosting our website at the $100 MBA, we moved to a hosting provider with built in DDoS protection. DDoS stands for distributed Denial of Service Protection. Ensure hackers will do something where they'll flood your servers with traffic to create a lot of load so it can go down. So your website can go down and you can have problems and then you'll be even more vulnerable. We use a host called WP Engine. We absolutely love them. We use them for years. They're expensive, but they're great. So as an action item, research your hosting and your payment providers. Make sure they both have really high security features like SSL encryption, like fraud monitoring, like DDoS protection. Guys, we're in step seven now. The last step. Very, very simple thing to do that's going to actually help you stay calm in an emergency. And that's have an incidental response plan. This is one of the first things we created as a document when we built Webinar Ninja, our software company. Even with the best defenses, breaches can happen. Even with all the software and all the things you've done to protect your business, you need a plan. You need to have a plan in place that ensures you can act quickly to minimize any damage. So as an action step, draft a one pager, an incident response plan for your business. Include the key contacts, who you're going to contact. Do you have like somebody you can contact that's like the web developer, the web person that you can reach out to so they can fix the problem or, you know, stop the bleeding. If not, get one right. Have a step by step plan to secure the systems, to gain control, whatever it might be. How are you going to communicate with your customers? What's your communication plan? Draft it now before things get real and you're nervous and you don't know what to say. Josh, you asked a great question today. Protecting your business from cyber threats isn't just about technology. It's about being proactive, about being protective of your business. Understanding the risks, using strong passwords. 2fa, right? 2 factor authentication. Keep your systems updated all the time. Train your team. Make sure that you know that this is a priority and that this is a part of them doing a good job. Most importantly, have a plan when things go wrong, because they could go wrong. Even after all this, we hope nothing goes wrong, but we don't want to hope. We want to be prepared. And don't forget, if you want to do this properly and you want to make sure you don't miss anything, download our free checklist@100mba.net worksheets. Thanks for tuning in to the $100 MBA Show. I'm Omar Zenholm. If you're watching on YouTube and you found this episode helpful and you want more lessons to help you build, grow and scale your business, hit subscribe. I promise you it won't hurt. It's absolutely free and I'll continue to give you valuable lessons to help build your business three days a week. If you're listening to this podcast on any podcast player, make sure you hit, follow or subscribe and continue in your learning journey to build, grow and scale your business. Thanks so much and I'll check you in the next episode.

D

Is it time to reimagine your future? The right business skills may make a difference in your career. At Capella University, we offer a relevant education that's designed to focus on what you need to know in the the business world. We'll teach professional skills to help you pursue your goals like business management, strategic planning, and effective communication, and you can apply these skills right away. A different future is closer than you think with Capella University. Learn more at Capella Eduardo.