eCommerce Made Easy - Growing your Online Business
Ever wish you had a technical business mentor with over two decades of experience breaking down the tech into understandable pieces to help your eCommerce business thrive? That's what you will get when you tune into our eCommerce Made Easy podcast with your host Carrie Saunders. Her specialty? Breaking down the tech and overwhelm of running an eCommerce business into actionable step-by-step processes and ideas designed to get you results with a whole lot less stress.
Tune in, learn, get inspired, see what's possible and get ready to discover why tens of thousands of eCommerce business owners have turned to Carrie and her team for help and guidance when it comes to all things online eCommerce business including online shopping cart reviews, SEO, Online Marketing, Client Spotlights, how to communicate with developers and so much more.
Whether you are a new eCommerce owner or are looking to take your eCommerce business to the next level, each episode is designed to help you take immediate action on the most important strategies for starting and growing your online business today.
You can find us on the web at: www.bcsengineering.com
And our show notes are at: www.ecommercemadeeasypodcast.com
eCommerce Made Easy - Growing your Online Business
Secure Your Online Business: Understanding Passwords, Authentication, and Internet Security
Are you guilty of reusing the same password across multiple platforms? Find out how this common mistake can leave your online business vulnerable to cyber threats.
This week, I will be taking you on a deep dive into the interconnected world of personal and website security. Drawing from my two decades of experience in the eCommerce and web development industry, we'll explore the importance of secure passwords, two-factor authentication, and the dangers of insecure Wi-Fi connections.
Did you know that emailing passwords can be a huge security risk? Learn why this practice can be detrimental and the best methods to share sensitive information. We'll also delve into the significance of HTTPS secured websites and recommend some secure password stores. By the end of this episode, you'll understand why using a secure VPN on public networks is a must and how it adds an extra layer of protection to your online activities.
Let's empower you with knowledge and tools needed to navigate the complexities of web security. Tune in and let's secure your online business together.
Mentioned Resources:
Episode 016: How to Protect Your WordPress Site: Simple Steps for Optimal Protection and Peace of Mind
Join entrepreneurs and online business owners just like you in my Free Facebook Group “Website & Tech Tips for Online Business Owners”
Where we help break down the tech and hurdles Online Business Owners encounter!
Simply to go ecommercemadeeasypodcast.com/facebook/ and answer the membership questions so we know you are a real, warm-hearted, online business owner.
Be sure to subscribe to our podcast where ever you are listening!
You can find our show notes at:
https://www.ecommercemadeeasypodcast.com
Find more of our resources and newsletter subscription here:
https://linktr.ee/bcsengineering
Web and website security has been something I've always been into. I know it might sound super geeky to admit that, but what can I say? I love helping educate others, and especially on this topic, as I wouldn't want someone to fall prey to the malicious people out there on the internet. So let's jump right in and break down the tech and jargon to help you and your website stay safe. Welcome to the eCommerce Made Easy podcast. I'm your host, Saunders. When we started this business, all I had was a couch, a laptop and a nine-month-old. My main goal To help others. Now, with over 20 years in the eCommerce building industry and even more than that in web development, I have seen a lot. I love breaking down the hard tech and to easily understandable bits to help others be successful in their online business. Whether you're a seasoned eCommerce veteran or just starting out, you've come to the right place. So sit back, relax and let's dive into the world of eCommerce together.
Carrie:Welcome back to this week's episode of eCommerce Made Easy podcast. Today, we're talking about personal and website security. These two topics will blend together as we discuss some today, because they really do work hand in hand and work together, and a lot of these topics are things I've encountered over the past 20-some years of working in this industry. I want to make sure that as many of you are educated on some of these things as possible, because many of them are pretty simple to prevent. One of the first set of defenses is secure passwords on every website and minimize how much you reuse your passwords. This includes passwords to your website as well as passwords to websites that you use. In episode five we talk about WordPress security. I go into detail on that episode on tactics to create very secure but easy to remember passwords. So check out that episode if you haven't yet, even if you don't have WordPress. But in a nutshell though, the longer the password is, the better. Short passwords are very easy for a computer to crack, even if they have special characters, upper and lowercase characters, etc. So be sure to check out at least the show notes on episode five if you don't have WordPress. And if you do have WordPress, I highly recommend you check out episode five. You can find that at ecommercemadeeasypodcast. com, and we will also be sure to link to it in the show notes.
Carrie:In addition to secure passwords, if the application you use offers two factor authentication or two FA you might see it called or MFA then all the better. You really should enable that. If that website offers that. Many of you are probably already familiar with it, but what it does is it just requires another known device that you would have for you to be able to finish logging into a website after you enter your username and password. A lot of the ecommerce systems and content management systems, such as WordPress, now have this option. So, like I said, be sure to enable it if you have it. It's just a double layer of protection, and you can find some applications out there that make this a little bit easier to handle, because I know some of them can be frustrating, but it is something that is important to use.
Carrie:While we're talking about passwords and security too, how do you share those with your web developer? For one, never email your passwords to anyone or to a web developer. We have found that most customers of ours don't realize that email is not secure. If I wanted to watch your email server, I would be able to read your emails. It's really not that hard if somebody is techie and knows what they're doing. Once you strip out a little bit of the extra stuff surrounding the email, then it becomes basically plain text to be able to read, so it's really not that difficult. So we highly recommend that you use some sort of secure portal to give your information to your web developer. Now, many of them will have this, and you can put your password in a website that's HTTPS encrypted and that generally works fine. Now, I would be very wary of a web developer that does not have a way for you to send your login information to them. Security securely that is a huge red flag, so beware of any web developer that does not have a way for you to provide it securely.
Carrie:Speaking of passwords and all these passwords that you're going to have if you do the best practices and not reuse your passwords on all your websites, you're going to need a way to store these passwords. Now, we have been using a password store for a very long time probably gosh, maybe more than 15 years I do know that Probably more like almost the whole 20 years that we've been in this business, and so you need to have something that is convenient yet secure. Some of the names out there that I know of are like key pass, kee pass or last pass. I think there's also one password. So do some research and some digging as to what will work with you and your devices best. And then also do some digging Make sure they're secure types of password stores. But there are password stores out there that make managing your passwords much easier and more secure, because then you're not reusing you're not being tempted to reuse your password on all these websites.
Carrie:Now, going back to the HTTPS that we talked about a little bit, when you want to give your information to a web developer, making sure whatever website you're putting it in is HTTPS secured. It's pretty much a given anymore that our websites nowadays are protected with a security certificate or an SSL certificate. Now there are a few websites that don't have this, and our browsers actually do a really good job anymore of really alerting us if the website is insecure. It used to be. You really kind of had to pay attention to see what the website is insecure or not, but you still want to make sure you are paying, paying attention to this as you're browsing the web and using the web. But, like I said, the majority of websites out there are HTTPS encrypted and so people can't see the information that you're transporting in the website. But that is just one little caution there. Make sure, whatever websites you use, always have that lock symbol that your browser isn't saying this website has insecure means to it, and just make sure that your websites that you use are secure. So this is a little bit tricky.
Carrie:Here too, in addition to making sure that the websites you use are secure, you need to make sure that you only use secure Wi-Fi connections, and why I say this is tricky is a lot of people nowadays like to go to coffee shops, restaurants, hotels etc. And work while they're away from their home or their office. I can go into great technical detail here about how this is bad if you use an insecure Wi-Fi, but I'll spare you the details. It really just doesn't help you solve the solution, solve the problem, really, of why we need to use secure Wi-Fi connections. But when you connect to a public Wi-Fi or insecure Wi-Fi, that's not your own Wi-Fi connection that you know is secure. You need to be super cautious of what you do. I'd recommend only doing basic web browsing, searching, etc. I would only recommend doing local file edits. You're not going to be wanting to log into, like your banking websites or your own administrative website, the administrative side of your website or anything like that, because people can eavesdrop on public and open Wi-Fi connections Connections that are not secure and it's really hard for the common person to be able to see if that coffee shop, restaurant Wi-Fi etc is secure, unless you're really techie enough to know how to check that.
Carrie:So that's why I would recommend that if you don't know how to check whether a Wi-Fi is secure or not, you need to be really cautious and careful and just do basic stuff on your computer, your laptop or your tablet when you're on an unknown Wi-Fi connection. Or what you can do if you're a company or if you have a service for a secure VPN. You can go on a secure VPN and then use the public or the open networks and you're then protected because you're using the virtual private network is what a VPN stands for. So it encrypts the information between your computer and the Wi-Fi before it then goes in to the internet. So everything is locally encrypted on your PC and you don't have to worry about the information going in the Wi-Fi network that could be potentially watched. The reason for the public network to be really careful there is there is not that hard to do session hijacking things that are called man in the middle. Whether they pretend to be your computer, they intercept your connection, basically ease eavesdropping. So, like I mentioned earlier about man on watch your email, for example, this would be a perfect way for them to do some eavesdropping on you, etc. So that's what can happen on the public network. There's other things as well, but those are the main basic ones. So, again, I would advise you to be very cautious when you're in a restaurant, coffee shop, etc. Especially if you don't have enough tech background behind you to know whether that network is actually secure or not.
Carrie:So another thing that's really popular right now, that's well, I mean, this has been happening for many years which is email phishing, but lately is getting so much better. Just the other day I actually had to do a double take on this email. It looked legit. I can't remember who it was pretending to be from it might have been from my cellular network provider or something like that but it looked pretty darn legit and it looked really like it came from them. And you really have to be careful with the emails that you're getting nowadays, especially ones that are wanting you to reset your password or enter a bit more information. I recommend, if you have any suspicious emails like that and you're checking your email on your phone to wait. Don't click on anything from your phone email because you cannot tell until you go there where that link is going to take you. I would recommend in situations like this you at least use your computer or your laptop so you can mouse over the link and see where it is going.
Carrie:You need to make sure the links are only going to the domain name that you absolutely for sure know that that company has. Many times they'll fake the domain name that make it look very similar and it's pretty easy to get fooled if you're not paying attention. So if you did not request a password reset or any other type of information from a business or company that is requesting you to change or reset etc. Those things, you might want to give it a hold and contact them. You definitely want to be very cautious and do some extra due diligence to make sure that that came from the company itself and you can actually do a quick search on the internet too for some of the text in it to see if it was a scam, because many times these things get reported pretty fast. But again, just do your due diligence because you could be getting a new scam out there and you may not find much information about it. So really check those links. If you have to call the company, see if that they requested to send you this information. Many times companies won't do that in email because of this, and they want to make sure they protect your information.
Carrie:We've talked about this in other episodes, but it's so important that it's worth mentioning again in case you haven't listened to those episodes. Website updates are absolutely critical, so this includes software that you've downloaded and are running on a server. So that could mean a downloadable e-commerce software, such as Magenta Open Source. It could mean WordPress, which is also downloadable and you can install on the server. So you need to make sure that you're keeping this software up to date or you're having your web developer keep it up to date. In addition, you need to make sure that your hosting provider updates the server software as well, so the software that's underneath the hood and lets these applications, such as WordPress, work. So if you don't have somebody that is updating the server software or your downloadable software, you need to be looking and finding a developer that can help you do that, or talk to your hosting provider and see if they offer server updates and also software updates.
Carrie:The reason I mention this is, in over 20 years of doing this type of business that we do, which is e-commerce customizations and WordPress customizations, we have spent pretty rare. Actually, I can't think of a time we've had a client that had gotten hacked. Yeah, maybe we had one where they got their password compromised, but otherwise we haven't had a client that got hacked that didn't have a vulnerability in their software or their server because they weren't updating it. So updating it is a really easy way to prevent you from getting hacked. It's a very it's one of the main things you need to do to prevent getting hacked. Obviously, it's not going to be a guarantee. You can get things you know compromise, like your passwords and other things like that, or vulnerabilities that are not known yet, but that's a lot more rare. On the unknown vulnerabilities, many times hackers know about these known vulnerabilities and then go searching for websites that have them. So you need to make sure that your software and your server software is up to date. I highly recommend that and if you need any help with that, if you don't have a web developer, you're welcome to reach out to us as well, we will help either help you directly or get you on the right track with somebody who can with your specific software.
Carrie:That's all we have for this week's episode. Be sure to visit our show notes at ecommercemadeeasypodcast. com 16 . Subscribe to our podcast wherever you're listening, so you don't miss out on any episodes, and share with a friend. My goal has always been to help other businesses thrive, and I want to make sure to help yours thrive as well. Do you have questions or thoughts? We'd love to hear from you. Reach out to us on social media or drop us an email to podcast at bcsengineering. com. Your feedback helps us tailor our content to provide insights that you're craving and needing, and you might even be highlighted on a future episode if you would like to be spotlighted, and I will see you next week.