Whether you make some, or all, of your income from an online business, protecting that business should inherently be part of your everyday practices. To be clear, we’re not just talking about hackers. Far from it. Spam, poorly coded apps, a computer crash/theft, lack of backups, lawsuits, insurance claims, Google algorithm changes, cash-flow fluctuation, and a host of other internal as well as external factors can damage or completely wipe out your business at a moment’s notice.
The good news is that there are a lot of simple things you can do to bulletproof your business and there are everyday best practices you can employ to harden and protect you from the majority of threats you’re likely to face over the course of your business.
This post will cover many facets of protecting your online business, including:
- Security Best Practices & Privacy
- Protection & Encryption
- Prevention & Insurance
- Marketing & Revenue Diversification
- Fraud Prevention
Following along and implementing even some of the recommendations in this post can go a long way in helping you build a longstanding, successful online business, while minimizing potential disasters.
Ready to bulletproof your online business?
Get a Private Business Phone Number
If you’re an online business, there will be many occasions you have to provide and list your phone number, sometimes publicly.
- Corporation Registration
- Credit Card Processor (Provided to customers)
- Shipping Customs Forms
- Vendors Applications
As a small business owner, maybe working from home, the only phone number you likely have is for your cell phone. This will begin to feel a bit weird, just handing your personal number out to a lot of random people and companies, sometimes to be listed publicly. Combined with the fact that eventually, it will likely lead to a lot more telemarketing calls as your phone number gets scrapped from an online directories and sold.
That’s where a private business number comes in. Long gone are the days that you need to install a separate line into your home, or even get another cell phone or SIM card. These days, there’s an app for that.
Your new private business line works just like your regular phone number. You can make and receive calls from it, text messages and you even get voicemail. The best part about it? If you even want/need to change your number, you can do that in seconds.
Plans start at a few dollars per week, but generally it’s better to opt for the yearly plan, which will cost about $30 for the entire year and provide you with 1100 text messages and 500 minutes of talk time.
Generally you won’t be using this number that often, so for the majority of new and small business owners, it will literally be all you need for the entire year, if you ever need more though, it’s all super cheap, pay-as-you-go pricing, no contracts.
Get a Private Business Mailbox Address/Service
Much like a private business number, when starting an online business, you’ll be required to list (legally in some occasions) your business address. If you’re working from home, that means using your home address for things like your business registration (which ends up online for many states/provinces), your email list (required by law to have your physical mailing address at the bottom of all emails), and your domain registration (which ends up online if you don’t purchase, forget, or accidentally let expire, your domain privacy).
That’s where a private business mailing address/forwarding service comes in. There many of these services available from a wide range of companies but there are all essentially the same. For a relatively small monthly fee ($20+) you can get a proxy address that you can use for your company. Whenever you receive mail to your private business address, they will bundle it up and forward it all to you (usually once per week).
Note: I’m not talking about a PO Box here. Unfortunately you can’t legally use a PO Box for things like business registrations. There needs to be someone physically present at the delivery address to accept mail on your behalf.
Protect Your Domains (WhoIs Protection)
When you register a domain, you have to supply a valid phone number and address. This is then publicly posted to the WhoIs online database for everyone to see. Again, using your personal cell phone number and your home address isn’t the best idea and there’s no real benefit to posting any of your information publicly.
WhoIs privacy protection is offered by nearly all domain registars (some are paid services, others offer it for free for 1 year like Namecheap). When enabled for your domain, your registar will replace your personal information with theirs. This will prevent your information from being listed publicly and being scrapped and spammed by bots.
Use a VPN (Virtual Private Network) on Public WiFi
One of the best things about being an online entrepreneur is that you can work from almost anywhere (Just ask my friend Billy from ForeverJobless), whether it’s the local corner coffee shop, South America, or the beaches of Bali. The concern with working from somewhere other than home is the relative ease for hackers on the same WiFi to use software enabling them to monitor traffic and login credentials of other people on the WiFi connection.
Make no mistake about it, public WiFi is a major security risk to your business. Your emails and login credentials can be read in plain text by anyone with a bit of knowledge and some free software.
If you’re going to be working from locations other than your home or office (on secured WiFi) you need to be using a VPN. A VPN is a small app you install on your devices and, when turned on, will encrypt your internet connection, protecting you and your business from prying eyes.
Check out VyprVPN for a super easy-to-use (literally an on/off switch) VPN. Vypr even includes 500mb/month free package with monthly plans starting at just $6.67/month for unlimited data.
Encrypt all Your Devices
Just because your laptop has a password enabled, doesn’t mean it’s secure. All someone has to do is remove your hard drive and connect it to another computer to view all your files. If you’ve been saving your passwords in your browser, they can get easy access to those as well, which means your online accounts can also be compromised.
Even a simple trip to the coffee shop can turn into a really bad scenario for your business if someone swipes your computer or smartphone when you’re not looking. To protect yourself, you need to encrypt all of your devices. This will make the data impossible to read without your password.
A former co-worker at Shopify recently published a blog post on business security and how to enable encryption on all your devices. Here’s that list:
- Mac – Enable FileVault in your Settings panel.
- PC – Use BitLocker if your computer is compatible. Otherwise, use one of these alternatives.
- iPhone – Encryption is enabled automatically with your passcode.
- Android – Select the “Encrypt phone” option under Security in your settings menu.
Encrypt All Pages of Your Online Stores (SSL)
All online stores owners need to protect customer information, especially credit card numbers. The penalties for not doing so are massive. If you’re on a self-hosted platform like WordPress, you’ll need a SSL for your site. Adding a SSL (Secure Socket Layer) to your store will encrypt all the information between your site and your customer, and vice versa. This keeps hackers from stealing customer credit card numbers and your customer’s information.
If you’re on a hosted platform like Shopify, Bigcommerce, or Squarespace, they automatically secure your checkout pages (the most sensitive pages) for you. However, it’s worth noting that for most hosted platforms, all the other pages on your site are insecure. This isn’t a huge issue since sensitive customer information doesn’t pass through these pages, however, a dedicated hacker could attack one of these insecure pages and, as an example, replace the checkout button with a link to their fake checkout where they could steal your customer’s credit card information.
It’s worth noting that Shopify now allows you to secure all your pages by enabling your free SSL within your admin panel.
If you’re on Shopify, this is an absolute must for your store. It’s free and literally takes one-click.
Change Your Passwords
Your passwords are your first and most important line of defense against malicious acts against your brand and business. If you’re like 98% of people out there, you probably need to change all of your passwords immediately.
Here’s why it’s important to change your passwords, even if you have no reason to suspect they have been compromised.
Let’s say you’re like most people and use the same email as your login and the same password for the majority of services you subscribe to online. One day you sign up to a website or service and that site doesn’t follow basic security procedures by storing your password in an encrypted database (common). Maybe days, weeks, or even years later, that website is hacked and all the user registrations are stolen (this includes all usernames and passwords).
These usernames and passwords are then entered into a program that’s designed to automatically start trying the same usernames and password combinations on hundreds of the most popular services online including Gmail, Facebook, Twitter, etc.
You can easily see how vulnerable you are if you use the same username/email and password, right?
Unfortunately, this is a pretty realistic scenario which is why it’s so important to have a different password for every service. Many people think “Why would someone try and hack me?” but you can see from the example above that it’s not necessary someone specifically targeting you, it’s just about your username/email and password from a hacked list being fed into a program that can attempt thousands of logins per hour.
When choosing a new password, you’ll want to absolutely avoid anything common or guessable by someone that knows you well. That means using a combination of letters, numbers and symbols. Even more secure is using passphrases instead of passwords.
What’s a passphrase and how much more secure it is? Check out this comic below which explains it:
Use a Password Manager
Making up new passwords for all the different online services you use can be a major pain, they also become near impossible to remember and manage. The best and safest alternative is to use a password management app for the ultimate security and convenience.
Dashlane is a top of the line password management app that is free. There is a paid premium version of Dashlane that will allow you to sync you passwords across all devices, however, there’s really no need for most people to sync all passwords to their smartphone and other devices. When you consider most web services you subscribe to, you’ll never need to log into them from your phone regularly (think about it).
Besides storing all your passwords and automatically logging you in, Dashlane also allows you to store secure notes, and credit card information which will enter all your billing and shipping information instantly and securely.
A few password apps you may want to also consider are:
- Dashlane (closed-source, free/commercial)
- 1Password (closed-source, commercial)
- LastPass (closed-source, free/commercial)
- KeePass (open source, free)
- RoboForm (closed-source, commercial)
Enable 2-Factor Authentication (2FA)
Besides strong passwords, and using unique passwords for every service, enabling 2-factor authentication (2FA) for your most important accounts is your best line of defense against hacks.
2-factor authentication adds a second level of authentication to an account log-in. By enabling 2FA you’ll have to provide a unique, one-time code from your phone (provided through an app like Google Authenticator or by text message). This way, even if a hacker gets hold of your username and password, they still wont be able to access your account without your smartphone.
2FA should 100% be enabled for your email if you use an email service that has 2FA (Google Gmail and Microsoft Outlook both have this feature).
Consider this: If you use a Gmail email address for most of your online accounts, if a hacker were to get your email login credentials, they could then just start going to other services (like Facebook, Twitter, etc.) and use the password reset feature to get into all of your other accounts since they have access to your sign-up email account.
Besides your email, you should also turn on two-factor for any other important accounts you have.
Here are some of the more popular services that support two-factor authentication along with a link to where to go to set it up:
- Shopify: Enable it in your profile settings, or check out the Shopify documentation.
- Google/Gmail: You can enable it here, or check out Google’s documentation for more info.
- Apple: You can enable it here, or check out Apple’s documentation for more info.
- Facebook: You can enable it here, or check out Facebook’s blog for more info.
- Twitter: You can enable it here, or check out Twitter’s blog for more info.
- Dropbox: You can enable it here, or check out Dropbox’s documentation for more info.
- Evernote: You can enable it here, or check out Evernote’s blog for more info.
- PayPal: You can read more about it and enable it here.
- Microsoft Accounts: You can enable it here, or check out Microsoft’s documentation for more info.
- LinkedIn: You can enable it here, or check out LinkedIn’s blog for more info.
- WordPress: You can enable it and read more about it here.
For a more complete list of services that offer 2FA, check visit the Two Factor Auth List.
Watch for Phishing Emails
All this password protection is great, but it’s all out the window if you just give away your username and password. That’s the goal of phishing emails. Phishing emails are legitimate looking emails from services you might be using and somehow encourage you to go to their website (which usually looks identical to the web service they are pretending to be) and asks you to login. Except when you enter your information, it’s sent to the hackers.
Modern spam controls built into most email services help protect you from some of these, but not all. It’s up to you to be diligent and sure you only click links in emails if you are 100% certain it’s from who it appears to be from. If you’re unsure, always open a browser window and type the URL of the service and login from there.
Here’s an example of a phishing email one of the members of the Ecommerce Entrepreneurs Facebook Group shared:
Note: In the example above, if the author of this post had 2-factor authentication turned on, even with his email and password a hacker still (likely) wouldn’t have been able to access his account.
Utilize Alias (Or Forwarded) Email Addresses
This is a more advance step, however, if you want to take your business and online security even further, especially for more important online accounts, you can increase security but using email aliases or forwarded email accounts for your email usernames.
Essentially, if your main email address is firstname.lastname@example.org you could register for an online service with an email address like email@example.com or (with some services). Your other option is to create a forward on the email address firstname.lastname@example.org which would be redirected to Mike’s original email address (email@example.com).
This way, someone trying to access your important online accounts wouldn’t even know the email address (even if they stole it from another service), since it would only be used with that one account. It’s almost like the email address is acting like a secondary password in itself.
Gmail allows anyone to receive messages sent to firstname.lastname@example.org.
For example, messages sent to email@example.com are delivered to firstname.lastname@example.org. You can set up filters to automatically direct these messages to Trash, apply a label or star, skip the inbox, or forward to another email account. It should also be noted that this also works for Outlook email users.
If you’re using your own domain with Google Apps, click here to learn how to set up email address aliases.
If you’re using another email service, check their docs and FAQ’s to learn how you can set up forwarded email addresses or aliases.
Use Disposable Emails to Test New Online Services
Speaking of email, although not directly related to security, this tip is worth mentioning as it’s still important. There’s a insane amount of new tools, apps, and services created everyday. How many times have you signed up to a new tool just to try it and end up never using it again. It’s really helpful to use a fake email service like Mailinator or 10 Minute Mail to create an instant and disposable email address to test services before you commit.
Using one of these disposable email services to test new services can go a long way in preventing your email address from being spammed and added to an endless list of newsletters, crowding your email inbox.
Backup All The Things!
You’ve been told to back your files up for years, much like your dentist has been telling you to floss for years. If you’re like most people, you rarely do it – if ever. But as an online business owner you’re no longer dealing with old college term papers and photos of keg stands. You have a business to protect, and when all else fails, backups are the only thing that can make your world right again.
Computer/Files – Probably the best form of backing up the day to day files you use for your business is to use Dropbox, Google Docs, or a similar cloud-based file backup platform. This way, your files are always accessible from any computer, always updated, and they are shareable.
Of course, these services aren’t the best for everything, so a full, automated local backup is always a smart decision. There’s a wide variety of tools and apps that will do this for you, including Time Machine on Mac.
Website/Store – There’s reasons to backup your online store beyond recovering from potential hacks. Messing with your theme settings and installing apps can both potentially mess up your store pretty badly. Even uninstalling apps can leave messy code in your theme files which can still cause conflicts. Keeping regular backups of your store can save your business in the event that things go to hell.
For information on backing up your online store, check out the links below:
Bookmarks – If you actually organize your bookmarks, they are likely a big part of your productivity as you hop from website to website throughout the day. Exporting a backup of your bookmarks and saving them in Dropbox or on a USB key can save you a lot of time and hassle down the road should you lose them for some reason.
Receipts – Start early and be diligent about backing up your receipts. While the old ‘throw them in a shoebox’ worked well for the last 100 years, times have changed and there are better ways now to backup receipts for your business and for the tax man. Apps like Shoeboxed allow you to forward email receipts, upload PDF documents, or take a photo of receipts with your smartphone to have a permanent, digital backup, categorized in the cloud. This will make your life, your bookkeeper’s, your accountant’s, and the tax man’s life easier. Shoeboxed even has a free plan for those of your just starting your business.
Password Manager Achieve – Most password manager apps (Like Dashlane) allow you to save an encrypted archive of your passwords. This archive can be saved on another computer or USB key in case you lose your computer or it’s stolen. Making an update of your password archive once every few months can save you a lot of time and hundreds of password resets should anything go wrong. Of course, the premium version of Dashlane and other password manager apps will automatically backup your passwords to the cloud in real time. Regardless, it’s not a bad idea to keep a real backup for yourself every once in a while.
Learn to Identify Fraudulent Orders
Fraud can take your entire business out in more ways than one, just ask Soulja Boy. A high number of fraudulent charges can not only cost you a lot of money, they can also have credit card processors rejecting you, leaving your business with no way to process payments or very high rates that make your business unfeasible.
Different businesses carry different levels of risk. The best thing you can do you protect your business is to prevent it from happening right from the beginning.
Shabbir from Bootstrapping Ecommerce wrote a great post outlining many of the major reg flags to be cautious of when reviewing orders, which I’ll summarize below:
- Different shipping/billing address
- The IP address of the order is different than the region being shipped to
- Addresses are different on big-ticket items
- Customer does not respond
- Repetitive orders
- Big-ticket orders overseas
- Shipping address looks odd
- Express shipping
Second guessing and following up with each of these rad flags can help you prevent fraudulent orders and keep you on good terms with your credit card processor. In addition, you may also want to consider some of the apps that are available to further protect you and your business.
Diversify Your Advertising/Marketing Channels
Diversifying your advertising and marketing channels is critical. Experienced internet marketers have learned time and time again that no single channel can be counted on to build a long-term sustainable business.
Consider the following:
- Facebook Page reach has decreased exponentially of the last few years. A post that use to reach 30%+ of your fans, now reaches 1-2%.
- Facebook Ads is always changing and sometimes things happen. I’ve heard from many business owners that have had their ad accounts shut down without warning, sometimes for a few weeks until things are sorted out, other times permanently for violations.
- Google is always changing their ranking algorithm. A major update from Google can wipe out your organic traffic overnight.
- Twitter has begun filtering their news feed meaning your tweets will likely be seen by a lot less of your followers.
The list goes on but the impact is the same for your business, potentially leaving you high and dry if your one and only marketing channel dries up.
Diversify Your Revenue Streams
Similar to having multiple advertising and marketing channels, diversifying your revenue steams is critical to the health of your online business. Remember, different revenue streams keep your cash flow more consistent and immune to shocks and bumps. This is important because ecommerce stores generally run on thin margins. As the saying goes, lack of profitability is like cancer, it will kill you overtime, lack of cash flow is like a heart attack, it will kill you right away.
There are several ways to can expand on your revenue streams and bulletproof your cash flow. Let’s take a look at some options:
Sell on More than One Channel – If you currently just sell on a marketplace like Amazon or Etsy, you should also consider building your own brand and selling in your own branded store. This can protect you in case your primary marketplace shuts down your account (which happens often). Vice versa, if you only sell in your online store, also selling in a marketplace can help if your organic traffic to your site ever tanks due to hacking or a Google algorithm update. Finally, there are always offline options as well to further diversify your revenues steams like selling at trade shows, popup shops, or opening your own physical storefront.
Direct-To-Consumer & Wholesale – If you currently only sell direct to consumer, selling wholesale to other small stores can give you an additional and steady revenue stream that is more immune to shocks and bumps.
Different Geographic Regions – Selling to just one geographic region can impact you in many ways. Seasonality, the volatile exchange rate, economy, new regulatory restrictions, etc. of a country can also have an impact of your business if you only sell to one country. Catering to multiple countries can help you even out cash flow year round and make your business more resilient to economic, political, and seasonal bumps.
Consider Business Liability/Inventory Insurance
An online business generally carries a much lower risk as you don’t have a physical storefront that customers are entering, however, there are still risks involved that makes having insurance a consideration for every online entrepreneur.
In general, there are two major risks. The first is liability of the products you sell. Should the products you sell harm or injure a customer, you may be held liable for those damages. Even if you’re reselling another brand’s products, you may still be liable.
The second major risk is of theft or damaged product/inventory. If you manufacture products or purchase wholesale, you’ll have to store your inventory somewhere. Whether that’s in your home, a factory or a warehouse, you run the risk of your inventory being stolen or damaged (fire or flood). Business insurance can help protect you from these events.
Your best course of action is to speak to a qualified lawyer about your business and products to better understand your potential exposure. From there you can make a better decision as to when is the right time to purchase insurance for your business.
Invest in Trademarks, Copyrights & Patents
Trademarks, copyrights and patents are all a form of insurance and protection for a business. Let’s first take a quick look at what the difference is between all three:
- Trademarks – Protects Brands
- Patents – Protects Inventions
- Copyrights – Protects Intellectual Property/Artistic Work
To get a better understanding of the differences, watch the video below, and visit the USPTO (United States Patent & Trademark Office).
Registering a trademark, patent, or copyright takes time and money. It’s also not for every business but may be the right choice for certain businesses at certain times. Your best bet is again to talk with a lawyer that specializes in the protection you’re looking for to better understand exactly how much it will cost and when the right time is for you to register it for your business. Make sure to checkout my legal resource roundup for your best options to find a lawyer to help you.
Starting an online business is one thing, but building a long term, sustainable and defensible business is a completely different thing. No matter what type of business you run, you’ll always face threats to it, that’s why it’s important that you spend some time identifying your business’ weaknesses so that you can properly defend yourself upfront against the majority of issues that will arise.
Following the topics outlined in this post, you’ll create a much more robust, secure, and healthy business you’ll be able to grow for years to come.