When it comes to a cyber attack, it can be helpful to think about it as not if, but when it will happen to you and your business.

I used to think I was a relative nobody making a small income compared to other people, with no scandalous things on my phone, so what do I have to be afraid of? I knew a fair bit about cyber risks from a friend of mine who works in the industry, but it wasn’t enough to scare me into action.

Then, I went to a lecture on Cybersecurity for Small Businesses. Wow, did that give me a lot to think about. It doesn’t matter where you live, how many followers you have, or how much money you make.

I thought if people hacked my phone/computer and threatened to release my photos (like those Instagram reels or TikToks you might have seen) that I had nothing to worry about. It turns out, I didn’t understand ransomware.

As a small business owner, we need to be fully prepared to run our business in the case that someone actually blocks us out of our own networks and databases. I don’t care if someone sees my 300 photos of my cat, but if I couldn’t access my working illustrator files to current client projects, that would really hit home. Hackers know this, and they know what is a realistic amount of money to ask from you in order to get your files back if they hold them for ransom. There is probably no way that you could pay $1,000,000 for a few illustrator files or for your clothing designs, jewelry specs, etc, but if someone asks for a few thousand dollars so you can have your past few months of work back, it might be an offer you can’t afford to refuse.

I also listened to a podcast episode by Brian Hood at the 6 Figure Creative about his business Facebook getting hacked. The hackers used his account to buy ads and he was ultimately refunded for those purchases, but his own ads stopped running, so ended up missing out on the revenue generated by those ads for a few weeks. Which, depending on the scale of your business, could be thousands or tens of thousands of dollars.

As business owners, we should think about disruptions like these that we simply can’t afford.

Though I am not an expert in cyber or business, here is a list of easy and important tips to better secure your business ASAP:

1. Setup two-factor authentication on every app you use.

-It might be annoying when you are in a hurry, but you will be so thankful when someone tries to hack your social or financial accounts.

2. Download a free authenticator app, like google authenticator. 

-I like this because you don’t have to have your phone number tied to the account, which I also wouldn’t want a hacker to gain access to.

3. NEVER use public wifi (without a secure VPN)

-especially not with business accounts/devices/or finances.

-Brian Hood said he thinks this may be how hackers got access to his Facebook and were able to bypass his two-factor authentication.

4. Download additional anti-virus software. 

-Some computers come with basic protection, but it won’t protect against all forms of attacks. 

-Companies like AVG can provide anti-tracking, VPNs, and additional virus protection with a subscription. I think they also have a basic free version that is better than nothing!

5. Back up any information/files/accounts EXTERNALLY that you can’t work without.

-Don’t think that having backups on Google Drive will help you alone. If someone hacks your Google and your computer/desktop/harddrive, you would lose both copies. 

-This is why I went out and bought a second external hard drive that I manually back up and do NOT keep plugged into my computer and I don’t keep it in the same place as my main external hard drive.

6. NEVER use your flash drive or hard drive to plug directly into a public computer. 

-Viruses can be spread this way and my cyber friend freaked out when I told her I did that once…
-In addition, don’t ever buy used USB ports/harddrives if you can avoid it.

7. ALWAYS use unique passwords.

-This sounds like something everyone knows, but no one really follows… But imagine if someone hacks one account then gains access to ALL of your information. Very bad. Of course they are a pain to remember, but that is why you should.

8. Use a password manager

-websites like Dashlane and 1Password help keep all of your passwords protected and accessible when you need them. They make it easy to either automatically log into accounts on your computer or to copy and paste log in info whenever you need it.

-It might seem daunting to go add in all of your passwords into a new place, but honestly, it’s pretty easy and worth it. It also can automatically log any new account info as you create them- a serious time saver.

-Not gonna lie, I used to have to text my mom for the Netflix password, but now I don’t need to!

9. Create policies around cyber security for your employees/clients.

-Hackers can get into your system through your employees/clients networks if their security is weak. Protect yourself by having policies in place with your team.

-For example, don’t let employees use work email on public wifi, don’t let them attach unapproved devices to work devices, etc. 

-It’s best to have clear expectations beforehand as the best prevention (and to protect yourself in case something does happen).

10. Think about the client information you have and how you may be liable if that information is stolen/used by hackers.

-Try to keep this information very secure and find ways to protect yourself from legal risks.

-Make sure you have a Privacy Policy and Terms and Conditions on your website.

11. DON’T CLICK ANY LINKS IN EMAILS/DMS (basically never)

-Even emails that look like they are from trusted senders could be fakes. It is always best to go directly to the trusted website by typing in their URL, and then finding the page you are looking for from there. 

-This includes QR codes!! It took me until I was today years old to realize that scanning QR codes on posters or menus is basically clicking a link and you don’t know if someone has tampered with that link or if it will give you a virus. Menus are probably okay, for example, but just double check that the link that pops up is taking you where you expect to go!

– The easy thing is to say never click links, but also do your due dilligence and see if it is a trusted source from a secure sender, and try to preview where the link is actually taking you before you click it. 

Please do your own research on these topics!

There is so much more to learn about viruses, third party attacks, each website’s individual privacy policies, and so much more. But if you do just these small steps, it should equate to a very large leap in the right direction!