No matter what system you use for your business, a CRM, email marketing broadcast tool, ecommerce platform, you are vulnerable to hacks, data breaches and more.
Some of you may have been aware there was a security incident with very small number of users of Keap recently, which was caused due to users sharing their passwords details with others (and therefore not Keap’s fault btw).
Now, I realise you might not use Keap, however I want to stress….
… this can happen to ANY user of ANY system, at ANY time.
When you have users who have login details, and if they aren’t secure or hackers have worked out passwords, this leaves your database not only compromised/exposed, but also someone could email your list without you knowing, charge cards without you knowing and more. The damage could be done before you even know about it.
So… what can you do?
- 1. User Audit – Please audit your users, of ALL your systems and make sure only people who have access to ANY system that you use, have access. If they don’t need it anymore, remove access. If you can, update user permissions as well, if that means you can restrict actions like downloading your database, processing credit cards, or sending broadcasts to your list to only users that need to perform those functions. (If you use Keap, here is an article on the Keap Max Classic user permissions)
- 2. Passwords – Regularly reset your password and use a unique complex password (if hackers can get into one system, they could get into others if you use the same password everywhere). If the thought of trying to remember another password, use a tool like BitWarden or 1Password for password management – that way you have one major password to remember, and all the passwords are stored securely so you don’t need to remember them at all.
- 3. Additional Security – Implement 2-factor authentication, or related additional security. Yes, it might be annoying, but it will mean if someone is trying to login using your details, you’ll know about it and you’ll be able to stop it.
- 4. Sharing Access – avoid letting multiple people share the one login access. This makes it very hard to track who’s got access to what (in some cases there is no audit history), and increasing the vulnerability, particularly if you can’t implement 2-factor authentication if multiple users share account access.
- 5. Database – Download your database regularly and save this in a secure location (with a password). What the hackers did, they not only have access to the list, they most likely downloaded them (no doubt to sell), and then they DELETED them from this system… Leaving this poor business without a list of their contacts. (Now, I’m sure Keap helped get their contacts, back, that would have taken some time). By having a regular download process in place, this would mean you have a backup of your most important asset – your list. (This is also helpful if a system went down or you were locked out for whatever reason).
If you use Keap specifically and want to know if you’ve been exposed, check out DarkXposed.
