You are a target.
The average household has more security than most of the businesses we work with. They have a car with an alarm, a security system or cameras, a doorbell camera, and maybe even a dog that would defend them in case of an intruder. (Mine? She would just sprint over to meet her new best friend.)
There was a recent news article that told the story of small business Tiny Pies and their hacked Instagram account. Tiny Pies is a quirky, loved Austin business that grew from pop-up shops to two brick-and-mortars. (I bet you can guess what they sold.) Arnold Marketing Consultants had partnered with them with former client Meridian Hive – if pizza and beer are a good pair, try pie and hard honey!
Last year, Tiny Pies’ Instagram, which was their primary marketing channel, was phished. They lost control of the 55k-follower account in September. They still don’t have it back.
Every single day of running this business, we see security behaviors that would make our client, MC Austin (a communications technology company), jump in fright. And we get it–it’s hard to always do “the right thing” when you’re in a hurry and just want to send the darn marketing agency the login so they can start the ads or send the email campaign.
Common behaviors we see from our clients include:
- Plain text passwords – sent through email
- Sharing logins instead of access
- Passwords that clearly have not been updated for years (hint: if the password still says 2014, it’s time to change it.)
Does this mean we are claiming to be perfect? No! But we are working daily to improve. We take your business’s security (and our own) seriously.
Here is a list of simple and relatively painless ways you can adopt better security online:
- Change your passwords every 6 months.
- Review account access information every 6 months.
- Set up 2-factor authentication, even if it’s a pain. A temporary, small pain = way less major pain later.
- Share access, not logins.
- Use One Time Secret or WeTransfer to more securely send logins and customer data files instead of through text, email, or chat.
- Consider a password management system like LastPass.
- Hire a pro. You may consider a provider like MC Austin or a contractor to do this faster and more securely than you can. We use Alicia on Upwork for things like 2-factor authentication, G-Suite security, migrating domains, and more.
Phishing Scams
Scams involving fake emails have been around for years, and Facebook’s popularity makes it’s pages and profiles a prime target for cybercriminals.
Phishing email will include a link and some wording that encourages you to follow the link to Facebook — except it isn’t the real Facebook, just a spoofed website. Here is an example one of our clients received recently (and thankfully did not click on it!)
Sometimes the issue will be that you have compromised accounts. Other times, it will ask you to validate your login information. Or, you may receive an email link claiming that your Facebook account has been disabled for security reasons, asking you to reset it.
Whatever the reason, the goal is always the same — to trick you into providing confidential information to scammers.
Unfortunately, if you fall for this common scam, cybercriminals have all the information they need to wreak havoc in your life and business. Depending on the information you provide, they might also be able to access and drain your bank account or use your credit card to rack up fraudulent purchases.
We know this isn’t the coolest topic of conversation, but it is critically important. There are hackers and scammers specifically looking for and targeting small businesses because they know their security is lax and they aren’t likely to have a tech pro around.
Protecting your data as well as that of your clients and consumers is of utmost importance. It also doesn’t have to be prohibitively expensive for small businesses. There are many sites that offer free services or extremely economical paid ones. Even the tiniest businesses require access to secure data systems, so a number of organizations, including watchdog groups and financial institutions, are committed to making sure they can do so. Do yourself and your customers a favor by investigating some of the ways you can secure their data today!
