The good, the bad and the ugly of online security

It’s a tale of the modern age – running our businesses, we’ve given all-access pass to our online identities to an assistant, employee or friend– our facebook page, website, twitter feed. But what happens when a relationship goes sour?

I’ve had more clients than I care to count have their sites removed, email hacked and passwords changed by disgruntled (ex) exployees.

So here are a few safeguards to put in place:

1. Backup your site.
   (I know I know, we always say we’ll do this..kind of like writing a will and flossing our teeth.) But at least try to do this once a month — put it on the calendar. Do it when you feed the dog his heart worm pill. You can set sites to auto-backup, but I always like to make sure I also have a copy I’ve manually created stored in an off-site (cloud storage such as dropbox) location. In one instance, a client’s employee deleted all of the content from a site — I was able to have them back up and running in minutes.
2. Store your passwords in an easily accessible secure location.
   I personally use a password protected Excel spreadsheet stored on my hard drive, but there are numerous online password systems. Please don’t use the sticky note taped to the computer system of password recovery – you’re just inviting people to hack into your accounts.
3. Change your passwords
   When someone who has access to your accounts is removed from your company, make sure you change the passwords for all accounts. Think of yourself as a digital landlord changing the locks. Make sure to change passwords and remove extra accounts for your:

   • WordPress site
   • web host
   • email account(s)
   • email newsletter service (constant contact, mailchimp, aweber, etc)
   • FTP account
   • twitter
   • facebook
   • any other social media accounts
   • online scheduler (mindbodyonline, genbook, bizeebee, etc)
   • paypal, merchant accounts
   • any other online service accounts

   **Bonus points if you setup separate accounts just for them – then you can easily delete their accounts.

4. Use strong passwords
   It’s easy to use the cat’s name, but use strong passwords whenever possible. Google “strong password generator” to find free online services that instantly generate complex passwords that combine letters, numbers and special characters. And by the way, “password” isn’t a strong password.
5. Let them know you’re watching
   Make it a part of your HR manual that any malicious online activity will be monitored and not tolerated. There are great plugins to monitor activity on WordPress and if you use gmail, you can track what IP addresses accessed your account.