Episode 364: Scared of getting hacked? Try this
In this episode, Fiona shares practical solutions surrounding hacking concerns. She also talks about security measures to safeguard your personal and business data. Tune in!
Topics discussed in this episode:
Introduction
Researching before purchasing
Identifying red flags on social platforms
Enhancing security through Authenticator apps
Implementing multi-step verification
Regular password changes
Importance of saving and storing externally
Conclusion
Get in touch with My Daily Business
Resources and Recommendations mentioned in this episode:
One of the most hacked elements for small business owners is social media. As I said at the start, that can be something that people are scared of and fearful of, but yet at the same time, they haven't set these things up. It's like, well instead of worrying about it so much, let's be solution-focused and figure out how we can do our best to protect. I'm not saying this is perfect by any means, and that it's hacker-free or hacker guaranteed to be free, but I think that you give yourself the best shot.
Welcome to episode 364 of the My Daily Business podcast. Today is a coaching episode, and if you've ever worried about getting hacked or somebody getting into your data, then this is the episode for you. Before we get stuck, I want to acknowledge the traditional owners and custodians of the beautiful land on which I record this podcast, and that is the Wurrung and Wurundjeri people of the Kulin Nation. I pay my respects to their elders, past, and present, and acknowledge that sovereignty has never been ceded. The other thing is that we are getting to the end of the year. This is where people buy a lot of gifts. They send things, they do things. One, I would suggest thinking about who you are supporting when you are sending gifts and how you might contribute to making the world a better place.
Looking at ethical manufacturing and where things are coming from and also how you might even collaborate with somebody who maybe you haven't before on a Christmas gift or an end of your gift or a Hanukkah gift or any of those sorts of things. The other thing is that if you are looking for a gift for business owners, we of course offer a bunch of things in our shop. You can find all of that at My Daily Business Shop. If you want to buy something for somebody else, like a coaching episode, or coaching session, then you can't buy a coaching episode right now. Who knows, in the future, maybe we'll monetize this podcast. Coming back to the gift. If you want to buy something for your significant other or a friend and you want to keep it a bit of a secret, then you can just email us at hello@mydailybusiness.com. We can organize that for you and then send out all the information to that person once it is closer to whatever the date is that you're giving them a gift. That goes all year round, not just at this time of year. Let's get into today's coaching episode.
I wanted to start this episode by relaying a story of what happened to me. Maybe like five years ago now. I was in another state in Australia for a speaking gig, and I was there and I was being put up in a nice hotel and it was really lovely. I had a couple of hours to myself after one of the speaking gigs and before this sort of dinner and things that they'd put on. I decided that since my hotel was smack bang in the middle of this beautiful shopping area in one of our capital cities here in Australia, I would go and have a bit of a look around the shops. I have two young children. It's very often that if I'm at the shops, they're also with me.
Anyone who knows that, it's not necessarily the most enjoyable, pleasurable experience to just wander around having a look at things when you have children that are like, “Can I get a monster truck? Can I get this? Can I get that? I need to go to the toilet.” All the things. I thought, I'm interstate, I'm by myself, I'm going to go and have a look at some of these shops. I went into one of the biggest department stores here in Australia, which is called David Jones. I was looking around at bags, I love bags. I used to work at a bag company and I just love them. I have way too many of them, to be honest, and not like super fancy. I just like interesting cool bags. I was looking around and I found this bag.
This bag was in my absolute favourite colour combination, which is pink and red always hashtagged pink and red forever. I saw this bag and I was like, “This is perfect.” It was the last one. I was like, “Should I buy it? Should I not?” Because it was a little bit scuffed because it was the last one, it had been sitting there, I think it was like a display model. I was like, “Really? If I'm going to get it, I'd rather get it new, so that it doesn't have these little marks on it.” I thought about it and I was like, “You know what? I'm here for another day. I have to stay overnight, I'm here tomorrow and if I really cannot stop thinking about it, then I will go back and get it.”
That happened. I stayed at the hotel and I kept thinking about it, and then I thought, “No, but I don't want to buy it at that price when it's got all these scuff marks on it.” What should I do? I went to the internet and I was like, “I know the make, I know the model, I know the brand.” I looked it up and I could not find it anywhere. It took me ages and ages. I was trying to find it. I was in the back of this Uber I remember and I was like, “I'm going to give it one last shot.” I looked for it and I found the exact bag on this Italian e-commerce website. It was even cheaper than it had been on this sale in David Jones because it was the last one in stock.
I thought, “This is it. It's all meant to me.” I was going through it. I was like, “This exact same bag and the website looks great.” I put it into my cart and I got my credit card out in the back of the taxi and I was literally about to plug in my numbers into this platform when I thought, “Let me just check.” Because whilst this platform looked legit, there are lots of different ways to try and check if a platform's legit, but it did look like a proper website. It had hundreds of products. It had good footers, privacy notices, shipping information, and a lot of good stuff that I would like. I've worked in e-commerce for probably 15 years. I've worked with lots of e-commerce brands.
I worked at Amazon, I headed up their kitchen and home team in the UK. I worked for them again in Australia. I've worked for huge companies where a bulk of their money is coming from e-commerce or in the case of Amazon, all of it is coming from e-commerce. I understand all the different things that go on in e-commerce shops. I feel like I'm pretty tech-savvy. Something about this website, I just thought, “Before I put my credit card details in, I'm just going to check.” I typed in Google the brand name of this website and then scam because that's what I often look at. It's a very simple way to have a look at things. I looked it up and there were many comments and many forums about “Never buy from this, it's a complete scam, all of it's made up, you will never get your money back.”
I just went through page after page and I thought, “I was about to hand over hundreds of dollars.” Just that split second of thinking. How has that got to do with today's podcast episode? Today I wanted to go through five or six ways that you can help yourself not get scammed, but also as a small business owner, you can help yourself not get hacked. I'm not saying this is guaranteed, and I always feel a bit weird whenever I do these episodes about getting hacked because I feel like there are hackers out there waiting to be like, “I'm going to take you down.” Please don't. Today I just wanted to go through kind of ways that you can think about your own security in your digital footprint as both an individual, but also as a business.
I've seen many businesses build their whole marketing on Instagram and I love and hate that relationship with social media, but I've seen many people build everything on a social media platform only for them to get hacked and not be able to retrieve any of the information, especially things like photos or things that they'd taken videos, site visits or other things that are important to them and would be great for like case studies on a website or other marketing that they could do off social media. But because a lot of the time people are still only creating content within the app itself and then not saving that to a camera roll or anywhere else, and not downloading their data they then lose everything or feel that they've lost everything if they are hacked. Let's talk about scams and hacking.
I'm going to go through five things or five tips that may help you in this, but I would also say do your research. Like me in the back of that taxi, if it felt a little bit like, “This is a bit too good to be true, it's cheaper, just all of these things.” I was like, “How have I been able to find this bag there when I couldn't find it anywhere else? It felt like it was completely sold out, it was completely un-stocked everywhere, and then suddenly I found it and it's cheaper than everywhere else.” It just felt a little strange. But also that simple Google search. I think people don't do that enough. You could put in anyone's name and scam any course and scam, any reviews. There are so many review sites now, and I get that also, you've got to be kind of conscious of that, especially if you're looking at a service provider or in some cases a venue.
I do feel like it's skewed because if you have a pretty decent experience, a lot of people don't bother leaving a review. If you have a horrible experience, then you will be more inclined to leave a review. Take that as you're looking at reviews, but there's so much out there. That's what I'm trying to say. There's so much out there for us to be able to access this information before purchasing from a website. If you feel even the slightest bit of like, “Let me double check this,” go and have a look and see if it's legit. The other thing I always will have a look at is whether they have a social media presence. You see so many ads for things online and a lot of them I get are coming out straight from a factory in China or somewhere else, and they don't necessarily have a social media presence for every single brand that they're trying to sell you on, let’s say meta ads.
Sometimes just looking at that and going, I'm just getting sidetracked here. But another thing I would look at is the social media presence for people as well. I have found, I do a lot of shopping on Facebook marketplace and I sell a lot of stuff on Facebook marketplace. I am all about recycling and wherever I can, I will try and buy secondhand, whether it's an app shop, Facebook Marketplace or Gumtree. One thing that I've noticed is that when you try and buy things from the Facebook Marketplace lately, there are so many scammers. The other big thing is a lot of people I talk to who do this, don't go to the profile of the person that they're buying from before they start messaging. If you do that, you'll see that a lot of the time these people just joined Facebook in 2021, 2022, 2023.
That is a gigantic flag. I don't feel like the uptake of Facebook as a platform is that huge. I feel like a lot of people have been on it since 2008, 2011, 2012, and early teens in the two thousands. That looks legit. If somebody has just joined Facebook in the last 12 months, that to me is a gigantic red flag. If they have very few friends, if not only eight or six friends, that's an obvious red flag as well. There's lots of things, that's what I'm saying, I'm kind of rambling here, but there's a lot of ways to check stuff before you buy as an individual. As a business, what are some of the ways that you can create security for yourself when you are using these different platforms? You're using social media for your business or you're using your website, or you're using some sort of pay app or checkout point of sale, there are so many ways that you can protect yourself now. Here are six of them.
The first one is authenticator apps. If you have never heard of this before, what does it mean? It authenticates or verifies that you are the right person when you are logging into something. Instead of just using your name or email and then a password, there's an extra step involved. With an Authenticator app, you can set up an extra step for every platform that you use basically. You would get an authenticator app, you would get it on your phone, and you can download it. Google has one of the biggest ones, the Google Authenticator app. Lots of people hate Google or don't want to support Google. There are other authenticator apps that you can download and then you set it up. Let's say, you Shopify for your business, you may go, “You know what? I want to have a third-party kind of authenticator app involved in this process when I log in.”
I want to have a third-party kind of authenticator app involved in this process when I log in. That it's me. What would happen is that you would open up the authenticator app on your phone. Usually, once you click on Shopify, it will give you a QR code to use on the Authenticator app or vice versa. Once you've put that in it, it's set up and it just means that instead of you just putting in a name and password, it will then ask you for another step, which is to go to your authenticator app, look for that particular platform that you've set up. In this case, it will give you a number. That number, that code changes every few seconds. You are putting it in and once you put it in, then it unlocks the whole thing.
Without that indicator code it won't open. It can be frustrating sometimes. If you have the Authenticator app on your phone and you're trying to do something on a desktop and maybe a phone is, you're entertaining the kids, it's with the kids or it's in the car or it's somebody somewhere else, you cannot access it without that authenticator app once you have set it up. It's important that if you're doing this, that you keep your phone around or, that the big stress of having to go and walk a few minutes and get your phone and come back is so much less than the stress of somebody hacking into your Shopify account. That is the best Authenticator app, and as I said, there are so many around, Google is one of the biggest ones.
There is also Microsoft Authenticator, there's one called Authy, and there is Duo Mobile. There are Two Factors, which is two-factor authentication. There's a bunch of them, but I would say that Google and Microsoft have the biggest ones that are out there, or the most common. That is a really handy thing to set up. I have an authenticator app on my phone and I have every single tool that we use in the business. I have that set up. If you have staff, sometimes this can be frustrating because they need to ask you for the number. It depends on how you set all of that up. In my business, sometimes my assistant will need to message me and be like, “Hey, I am trying to get into this and I need it.” That's fine. It takes a little bit longer and sometimes I may not be available right that second, but overall I'd rather be doing that and spend extra minutes when I'm trying to log in than potentially get hacked and then have to deal with all of that.
That is the first one, Authenticator Apps. I would suggest those if you are not already using them. The second, which sounds similar and can be set up, but not necessarily with an Authenticator app, you can have different ways to authenticate things. That is two-step verification. As I've just mentioned the two-step, sometimes three-step verification process is something that I use on every tool in my business. One of the most hacked elements for small business owners is social media. As I said at the start, that can be something that people are scared of and fearful of, but yet at the same time, they haven't set these things up. Instead of worrying about it so much, let's be solution-focused and figure out how we can do our best to protect.
I'm not saying this is perfect by any means and that it's absolutely hacker-free or hacker-guaranteed to be free, but I think that you give yourself the best shot. If you are again on social media and you have different accounts that you set up, instead of signing into the app, you can be prompted to add more information. Sometimes that might be an authenticator code from an authenticator app as I've just mentioned, like a bunch of numbers, but it could also be that you need to go to your email and click something. It could be that you're going to get a message sent to your phone number and you need to enter that message in, but set these things up. The Google Authenticator is one way of doing that, but there are other ways to verify things as well.
One way you can do it is to go to an app like Instagram, you can go to your profile, then settings, then security, then two-factor authentication, and then additional methods. You can put that first just make sure that two-factor authentication is turned on, but then figure out which are methods you want to verify this and what is the second or third step going to be. In some cases, yes it can be an authenticator app, in some cases, it could be something else. I know with my parents who both passed away, unfortunately, when they were getting older, I was their authenticator app. If my dad ever logged himself out of different accounts or banking or anything else like that, it would send me a text.
There was no point in sending my dad a text because he didn't always know where his phone was. It was like he wouldn't have been able to necessarily do all of that. It was easier for me to phone him and be like, “Hey Dad, are you trying to get into this or that on your iPad?” He'd be like, “Yes.” I'd be like, “Here's the number that's come through or here's this that you need to do.” I could walk him through that over the phone, which was easier for him in some respects than having to do all of that himself. It could also be something that you set up for loved ones or elderly people in your life that will help them as well because hackers do try and target them.
They try and target everyone, but I think in particular older people who maybe aren't as tech savvy as other people, I know that's a generalization, there are lots of older people who are, but I just think that can help. That's the second one, two-step verification. The third, and this is something that again, I can't believe in 2023, I'm recording this at the very end of 2023, almost 2024 people don't realize that this exists. That is social media data download. This is an easy and impactful step. I've done a whole episode just on how to download your data from social media, but I'm going to go through it again now as well. This is because I just think that so many people are using social media all the time and they're in the apps and they're uploading photos and it could be personal photos as well, it could be like your kids, family, dog, meals, that you want to keep, but you're not saving them to your camera roll.
I get it that sometimes you don't want to save every single thing because it clogs up your data and storage. The big guns at social media platforms don't promote the fact that you own that content and you are licensing it to these platforms. If you look at the fine print for when you sign up for these or when they change their agreement processes, you'll see that you are licensing them to use all of your content. They also need to give you a way to download all of that content out of that platform, not necessarily out of it, but download it for yourself. That is all your photos, your information and contacts. I don't think it gives you actual details, but it gives you this handle for people who follow you. People you follow, messages.
You can choose what you download, but particularly photos and videos, I think they're so important. I had a client years ago who came to a workshop and she had built her whole business on social media, she was devastated because it did get hacked and I think she lost like 32,000 followers or around 35. The main thing was that all of her photos were taken in the app and that they were stored in the app and they weren't being transferred into a hard drive or anything else for repurposing. I always talk about how social media is kind of down the bottom when you look at your marketing strategy and not down the bottom, but as in you want to have your content first and then distribution and connection channels and social media is one of those.
If you're creating content, and I get that you want to create it in the app sometimes, but then download that, save it somewhere because you might want to repurpose that on your point of sale, on your product detail page, on your checkout, on anything else that you're doing. Case studies. Make sure to leave all of your content on social media, but get back to the point of downloading. You can do this literally by going into your social media account. I'm using Instagram as an example. You go into your Instagram profile, you go to settings, security, then data and history, download data, and then you put your email address in. You go through that, it'll ask you for an email, it'll say once you hit submit, I think it's submittal whatever the button is, it'll then say, this is now being processed. It may take a little while.
I think it can take up to two days for them to send you a link. It's kind of like WeTransfer, if anyone's used that or Dropbox, it sends you a link to download all of that stuff onto your own hard drive. It's quite a large file and I think it only expires pretty soon after that. I think once they send you the link, you've got like four days to download it before they just get rid of it I guess. On Facebook, the same sort of thing, you log in, you go to your profile picture, you go to settings and privacy, your Facebook information, then download your information and then click view. You do need to answer some questions. You need to put your email address in.
I think you also need to click create file but it's pretty simple and it walks you through the exact steps. Both of these do take a while so you don't get an instant download. You do have to look out for an email in the next couple of days to say your Facebook data is now available or your Instagram data is now available to download. What I do is download them every couple of months. I think it's every four months, I just have a reminder in my calendar to do it and it takes two minutes and then I put it onto a hard drive. I get that there are hard drives that just sit there and never get used again, but I'd rather have that as a backup than potentially lose everything and be like, “Look at all those photos”, especially my personal photos I would say of my kids and you know them growing up because I'm a mom, I'm like everyone else you snap photos, you put them on your Instagram, I have a private Instagram for that.
Then it's like, that's such a good photo. That was beautiful light or whatever. Then you haven't, haven't got them anywhere. If you're not already saving them to your camera roll, then this is another way to get that. But also get other information like messages and other information that you may not have access to if somebody suddenly hacks your account. That is the third one, social media data download. The fourth one and this is important, especially if you're changing staff or you have like remote workers or you have people that kind of contract people come in and out, especially if they're looking after your content, your social media, your marketing, and that is Apple Safety Check. I'm coming at this from using an iPhone. I've always been like an Apple person. I mean I get it that they just trap us, but the Apple Safety Check.
They may well have something similar on an Android. This was introduced in 2022 by Apple and it helps you identify who has access to your stuff. It could be that at some point you gave somebody access to your notes on your phone or you gave them access to certain apps on your phone or you gave them access to your photos or your contacts or something else. I found that when I went through this the first time, I was like, I completely forgot about this contractor that had worked for me like years ago that still had access to a couple of things on my phone. You log in and to find it, you can find it on an iPhone or iPad, you go to settings, privacy and security safety check.
In there, you can see firstly which people have access to your apps, your photos, and your location settings. Sometimes that is turned on and you didn't realize that it was turned on. I gave access to that in 2015 to one of my friends because I had gone to visit in New York and I gave them access because I was trying to find them and they were trying to find me and didn't realize that I just left that on. It's fine, we're like really good friends. I was just like, I didn't realize that person has complete access to my location at all times. That's the first one. You can see people that have access to your apps, photos, and location. The second one, which is also important, is to which apps you have access to.
Things like your camera, your microphone, your location. Then the third thing that it shows you is which devices have access to your Apple account. This is important, especially if you've like sold your phone or given your phone to like a family member or a friend whose child is coming up to that age and you're like, instead of trading it in, I'm just going to say that they can have my old phone and we don't realize that these things still have access to our Apple account or other things that we've given them access to. It's one of the people who have access to your apps, phone, photos, and location. The second is which apps that you've let have access to. Things like your camera, your microphone, your location. Then finally the third one is which devices have access to your Apple account.
If you're on an iPhone or iPad, like I said, you can go to settings, privacy and security, safety check, and then you work through the steps. All these people have different access to all these different things and I just want to clean slate and maybe you've even shut down your business and started a different business, you can do an emergency reset, which just takes everyone's access away instantly. If you are using Apple Products, you want to be aware of this sort of stuff. It's easy to give people access to things at the moment. I'll just give you access to the note and then you'll be able to see it all or I'll just give you access to this app and then you forget that you gave that person temporary access.
Even not that long ago, I realized on Asana that I still had contractors and people that I'd hired over the years who had access to one particular board that we'd been updating. I was like, “Why do they still have access to this?” Just went through and removed them and it was simple and I was like, “Why haven't I done that?” That is the fourth one, the Apple Safety Check. The fifth one, which seems simple, but I know even I've been super guilty of this and I will think about these things quite a lot, is to change your password. I know that on Apple it shows you when you log in that all of these apps have the same password or all of you know these logins are very similar and you might want to change it.
One of them recently sent me an email saying the data hacks that have happened around the world mean that for this particular app, you should change your password because there's a potential that it was leaked. When I worked at Amazon, that was a good 13 or 14. One of the things that happened is that across the Amazon platform, you were forced to change your password every three weeks or every four weeks. It used to get annoying because I just remember being like, “I have to think of something else.” Whenever you put it in, it was like, “No, you used that password three passwords ago, you cannot use it.”
It's like, “What I took to doing.” I remember we had this floor of like three teams. It was me with the Home Kitchen team. Then we had the Garden team, and then we had the Toys team. There were about 40 people on that floor. What I did was I started down the bottom and I was like, let's say the guy's name was Ryan. I was like, “Ryan, underscore password,” that was my password. Then it was like, next month, “Who's sitting next to Ryan? Dan underscore password.” I just went through the whole office because that was an easier way for me to remember. I put a post-it note to say like, Dan, like I'd be up to Dan. I'd be like, “Marie sits next to Dan Marie underscore password.” Probably not a great way to do a password, but Amazon is a gigantic company that I do remember it did, and I don't know if it got hacked, but it shut down for like 10 minutes in the UK something happened and it wasn't working and it was millions lost in revenue in that short amount of time.
That's a company that is trying to make sure it doesn't get hacked. Especially now when it would have billions of people's details and bank details and everything. The point is I think we can get complacent about either using the same password across lots of platforms or just not changing our password. I'd look at whether you use a platform like 1Password and LastPass, I mean there's a lot around where you can put in all your passwords and then you just have one password to remember. It's also good if you've got remote workers to use one of those tools like LastPass or 1Password because then you don't have to give people lots of different passwords. Changing your password regularly is a really important thing to get used to. It could be that the first of the month you go, “It's the first of the month, I have to change my passwords” and I get, it's really difficult.
We have so many things to remember, which is why a platform like LastPass or 1Password can help because it just gives you one thing to remember across all of these. Sometimes though you think, is that going to get hacked and then I'm stuffed again. I did see somebody actually one, a lovely person who did group coaching a while ago suggested that if you're looking at passwords, you should just use the company, like let's say Shopify. You'd be Shopify underscore and then whatever the password is. You could use the same password like rocks are cool. Shopify underscore rocks are cool. Then if you were using a bank, you'd be like, bank underscore rocks are cool. The password is kind of the same, but you just use the name of the brand or the platform that you're logging into and underscore and then the normal password.
I'm not a cybersecurity person, I don't know if that's better or worse. The point is to think about your passwords and when you're going to change them and change them regularly. That's number five. Just to recap, you've got your authenticator apps. Number two was two-step verification. Number three is social media data downloads. Number four is Apple's safety check. Number five is changing your password on a regular. I want to add here just another one, which again, I've done a whole podcast episode just on this as well, but that is Apple's legacy contact. If you are using Apple products, then they do have a legacy contact. What happens is that if you die, and let's hope you don't, but if you do, everyone will at some point, a lot of your data and information will just go to Apple.
You don't know how that's going to be used where it's going to be used or if it will be used. If you are running a business, you may well have a bunch of information on your phone or on your iPad that you don't want to just be out there in the ether. What you can do is you can assign a contact to receive the ability to log into everything that is related to your Apple product. Within basically your Apple ID. That is your Apple Legacy Contact. That could be your significant other, it could be a family member, it could be a business partner. Setting them up, all Apple does is then send you a QR code. You can print that out or put it in with your will and you should definitely have a will.
We will definitely be doing an episode on that, but you can put that in to make sure that when you do die, somebody else is able to go through the things that they need to. As somebody who has lost both my parents as well as other incredibly wonderful family members, it's really hard to be in the grief process, but also be going through the paperwork and having to do the tedious things like shut down bank accounts and do other things. I just think whatever you can do to lessen that on the people that are left behind is important. That is Apple Legacy Contact. Just another little bonus thing in there that may well help your security. You just go to settings, sign in and security and then legacy contact. They need to be a contact in your phone.
They don't necessarily have to have an Apple ID, but they have to have a phone number that can be added as a contact into the phone. We will link to all of the things that I've just mentioned and have all of this in text format on the show notes for this episode, which you can find over at mydailybusiness.com/podcast/364. I hope that everyone has a wonderful end to the year without hackers, without any kind of security issues. I would also suggest that the things that I've talked about today might take 10 minutes to set up or do and they could very well have a huge impact on how secure your business and your personal data are. That is it for today's coaching episode. If you found it useful, I would love it. If you could take two seconds and leave a review, it help us get found. I know that lots of people start thinking about starting a business or how to better their business around about this time for the following year. If you can leave us a review, it just helps other people find this podcast and maybe there's something in here that is going to help them and it'll help us too. Thank you so much for reading and I'll see you next time.