Why do solopreneurs need to be proactive about digital security?

Introduction to Digital Security for Solopreneurs

Ever wondered why digital security should be your top priority as a solopreneur?

In today’s episode, we’re diving into why being proactive about your digital security isn’t just a good idea, it’s essential for your business success.

By the end of this episode, you will not only understand the critical importance of digital security but also have actionable steps to safeguard your business from potential threats.

I’ll unpack all of this after the intro.

Welcome to the Macpreneur Podcast

Hello hello and welcome to episode 97 of the Macpreneur podcast. Whether it’s your first time or you’re a long-time listener, I appreciate that you carve out some time in your solopreneur business schedule.

I’ve created Macpreneur to help as many solopreneurs as possible save time and money running their businesses on their Macs.

Now, in order to give you the most relevant Mac productivity tips and information, I need to know how well you’re currently dealing with the three killers of Mac productivity, namely unnecessary clicks, repetitive typing, and file clutter.

For that, just visit macpreneur.com/tips and answer a few questions which will take you less than two minutes. After submitting your answers, you will receive personalized, time-saving tips based on your results. 

Once again, visit macpreneur.com/tips and start boosting your efficiency today.

Why Digital Security Matters for Your Business

So let’s face it, as solopreneurs, we wear many hats and manage countless tasks.

But one thing we can’t afford to overlook is our digital security.

Cyber threats are more prevalent than ever, and a single breach can have devastating effects on our business and reputation.

According to the 2023 Business Impact Report published by Identity Theft Resource Center, 72 percent of the 551 persons surveyed in the U.S. said that their small business suffered either a data breach or a security breach or both.

And out of those 72%, more than half were attacked multiple times.

And for about 40 percent of those security incidents, the direct financial impact was at least $250,000.

Think about that for a minute. Would your solopreneur business survive even if the direct cost was only half of that amount?

So what’s the solution?

It’s about being proactive rather than reactive.

By understanding the components of digital security and taking steps to protect your devices and online presence, you can minimize the risk of incidents and ensure your business continuity.

Understanding the Components of Digital Security

But first, let’s get on the same page about what is behind digital security.

So, to me, there are three main components: Confidentiality, Integrity, and Availability.

And here is what each of these means.

Confidentiality means that we need to ensure that only authorized people have access to our business data. An example would be if an attacker managed to log into your email marketing service and export your email list.

The second component is integrity, making sure that your business data is accurate and not tampered with. An example of that would be if an attacker managed to take control of your website and then change its content.

And then the third one is availability. You need to ensure that your business data and IT systems are accessible at all times. For instance, losing or having a device stolen would fall into that category.

You might have heard about ransomware attacks. They typically impact all three components, since the bad guys usually start by exfiltrating as much data as possible, and so confidentiality is breached. Then they encrypt the data, whether on your Mac or online, which means that the data is both tampered with and unavailable.

Identifying Sources and Types of Security Incidents

And at a high level, there are two possible sources for security incidents. They could be internal or external. Internal incidents might involve mistakes by you, your staff, contractors, or it could be a bug at the operating system or the software level. Now, being a victim of a phishing attack by which you inadvertently install malware or provide an attacker with online account credentials falls into that category.

External attacks are from cybercriminals trying to directly access your data or disrupt online systems without you being involved at all.

And for instance, being a victim of a DDoS attack, which stands for Distributed Denial of Service, is an example of an external attack.

Most websites that would be hit by a DDoS attack cannot cope with the amount of traffic that the attackers are pushing, which makes the website inaccessible.

And so to achieve that, the attackers initiate thousands or more concurrent connections to a website, preventing legitimate visitors from accessing it because the web server is overwhelmed.

And so if you have an online store, an e-commerce store, during a DDoS attack, you cannot make any sales.

Another way to look at cybersecurity is what is called the attack surface. So the avenues by which your solopreneur business could suffer from a security incident.

So the first one is by getting your devices compromised, such as your Mac, iPhone, iPad, but also your Wi-Fi router, any smart object that you have in your house or your office, like smart light bulbs, doorbells, or security cameras, for instance.

And the second one is through your online accounts, whether email, social media, online accounting, customer relationship management, and many more.

And when I talk about cyberattacks, most of the time, I get the following statement: “But Damien, I’m nobody, or my business is too small. Why should I care?”

And the first thing to understand is that there are two types of attacks: opportunistic ones and targeted ones.

The vast majority of attacks are opportunistic. So imagine hackers are like fishermen who would launch millions of baits in the sea. If a fish happens to pass by and get lured into eating the bait, it gets caught. And because statistically speaking, there will always be a fraction of people who get caught, the payoff is always worth the effort. And in this scenario, they don’t really care who gets caught, so anyone vulnerable could be their victim.

An example of that would be visiting a legitimate website that has been compromised or that serves infected ad banners.

Either way, the attacker is leveraging a known security flaw, say in Safari, for instance, and anyone who hasn’t updated to the latest version of Safari on their Mac or iOS device is vulnerable to the attack, either by simply visiting the website or after taking an action on it. The bad guys know that it takes time before all the compatible devices get patched, and also that many people are still using devices that cannot be updated because they are too old, and Apple stopped offering security updates for those.

So for the attackers, it’s just a waiting game, and it doesn’t really matter who gets infected.

Targeted attacks, on the other hand, are much rarer, and the risk for solopreneurs is relatively low.

However, it is not zero, especially when you offend people online, even inadvertently, or when a competitor gets jealous of your success, for instance.

By far, the easiest way to get a solopreneur business disrupted is by launching a DDoS attack, which I talked about previously, on the main online revenue generator.

And unfortunately, this kind of service, DDoS as a Service, is very easy to find on the dark web.

Proactive Measures Against Cyber Threats

So apart from mitigating the risk of getting hacked, why should you be proactive when it comes to digital security?

For that, you need to better appreciate the consequences of security incidents, which can be both direct and indirect.

The direct consequences include lost time, unexpected expenses, and lost revenue, especially while dealing with the incident.

Now, indirect consequences like reputation damage can be even more harmful and long-lasting.

For example, imagine a scenario where your client data gets hacked. Not only will you need to spend time and money fixing the breach, but your clients might lose trust in you, affecting your business relationships and future opportunities.

So the next question is, what can we do about it?

Implementing Security Best Practices

We start by reducing the risk by making sure that you have implemented security best practices.

Now, to keep this episode short and sweet, I will quickly go through the major ones, but know that I will expand on those and cover more than that in future episodes of season 5.

So the first one is all about strong, unique passwords, not only for your online account but for your devices too. So strong usually means at least 12 characters long, mixing digits, lower and uppercase letters, and ideally, symbols too.

Now, if you’re wondering if it applies to your iPhone, the answer is yes. If you’re still using a 6-digit passcode, open Settings, then visit ‘Face ID & Passcode’ or ‘Touch ID & Passcode’ for older devices, then scroll down, tap on ‘Change Passcode’, enter your current passcode, then tap on ‘Passcode Options’. You might need to scroll down to see it. And then you will choose the ‘Custom Alphanumeric Code’ option.

The second best practice is to activate multi-factor authentication for all your business-critical online accounts. It’s also known sometimes as two-factor authentication or two-step verification. And it serves as an additional way to prove your identity by providing a unique six-digit code or tapping a button on a specific device or a USB dongle.

That way, even if your user account password gets loose, there is still another barrier to pass for the attackers.

The third best practice is to encrypt all your business data, whether on your device, external hard drives, or in the cloud.

On iPhone and iPad, the good news is that data is encrypted as soon as you define a passcode. However, it’s not the case on the Mac, especially those running older versions of macOS. The feature is called FileVault, and you can check if it’s activated in System Settings or System Preferences, then Security and Privacy, then FileVault.

Number four, keep your devices and applications up to date, but in a smart way. And what do I mean by that?

Well, at the operating system level, so macOS or iOS or iPadOS, wait at least 72 hours before installing security updates, as some of them can introduce bugs that could prevent you from using your device.

On top of that, unless you just bought a new Mac with the latest version of macOS on it, I recommend staying at least one version of macOS behind the latest one.

Why? Simply because with new features always come new bugs. And for at least six months, sometimes more, the latest version of macOS can be the source of data corruption or worse data loss.

At the time of recording, the latest version of macOS is 14 Sonoma, and for a few months, it broke compatibility with hard drives formatted in such a way that they could be written to from both macOS and Windows. So if a solo photographer was storing his pictures on such a drive, they were not able to access those pictures from a Mac running Sonoma, and the only solution was to downgrade back to macOS 13 Ventura.

And also, what few Mac users know is that historically, and still today, Apple is supporting three versions of Macs by providing security updates to all of them, even if sometimes it can take them a few days or a few weeks before patching the older version.

And so, on my production machines, so my iMac and my MacBook Pro, I am on purpose still on macOS Ventura.

Finally, stay vigilant, especially with email attachments and links in emails or on social media.

The first line of defense here is an online service called VirusTotal, which offers both file and URL scanning. And it’s entirely free. You can find it at virustotal.com.

Preparing for Potential Security Incidents

Now, prevention is only half the battle. The other half is getting ready for when an incident will occur.

When it comes to your business data, make sure to have multiple backups, physically on hard drives, whether you have them locally or in your office or at home, but also offsite. And offsite could be another physical location, like a relative or a friend’s house. But offsite is also the cloud.

And obviously, those backups need to be encrypted too.

Now, to be able to continue working even if you can’t access one of your devices or if it gets lost or stolen, have a backup strategy in place. So, it could be a secondary Mac or a secondary iPhone already configured with everything you need to run your business.

In the event that one of your social media accounts would get hacked, make sure that you have an escalation process ready with links to the account recovery form or the official support email addresses.

And if your iPhone gets stolen, have your mobile phone carrier support number ready and make sure that you know how to contact your bank to block your credit card associated with Apple Pay.

And finally, depending on the nature of your solo business or the clients that you serve, consider signing up for cyber insurance. At the time of recording, the only professional insurance that I have for EasyTECH covers physical damage to my devices in case of fire or a flood. But one of the members of the BNI chapter that I manage is working for a large insurance company here in Luxembourg, which provides this type of coverage.

And as a result of the preparation for this episode, I have contacted him to know more about this and to see if it makes sense to sign up for such cyber insurance for EasyTECH.

Before concluding this episode, there’s one more thing I’d like to mention.

This episode is just the tip of the iceberg when it comes to digital security, which is why I’ve decided to dedicate an entire season to this topic.

I’m sure this is not the first time that you’ve heard these best practices.

However, my question to you is this, how many have you truly implemented with your solopreneur business in mind?

My guess is some of them, maybe half?

So if that’s you, pick the one that is lacking and that resonated the most with you and start implementing it before the next episode.

Staying Updated on Cyber Security Trends

And if you feel you have a good grip on the digital security of your business but you wonder how to stay updated on the latest cybersecurity trends and threats, here are some pointers.

The most important URL to bookmark for information about the latest operating system updates for Mac, iPhone, and iPad owners is a page called Apple Security Releases, and I will put the link in the show notes.

It contains, in decreasing chronological order, a table with the operating system and software versions that Apple has released, as well as the affected devices and the date that the updates were released.

To know which macOS version is currently running on your Mac, just click on the Apple menu in the top left corner of the screen, then on About This Mac. And for iPhone and iPad, just open Settings, then visit General, and then About.

Within one week of Apple releasing important security updates, I also publish a dedicated post on LinkedIn. This post covers the affected devices and summarizes what vulnerabilities got patched, as well as potential problems that the update might have brought along. And I finish the post with an advisory on the urgency with which to install the update.

If you’re not following me on LinkedIn yet, just visit macpreneur.com/linkedIn to access my profile.

And if you’re a programmer, an IT consultant, or if you feel you have higher than average knowledge about cybersecurity, then there are two sources that I find invaluable.

On the blog side, I recommend subscribing to the RSS feed of the Hacker News. Some of the articles are super technical, other ones are only relevant for large enterprises. However, they also cover WordPress-related security vulnerabilities rather quickly.

And if you prefer listening to podcasts, then Security Now, hosted by Steve Gibson, is a must-listen to. Episodes are released weekly and last about 2 hours each. However, the host has a knack for explaining deep technical concepts using language and metaphors that are easy to understand, making it relatively approachable, again, provided that you have some IT background.

Episode recap

So, to recap, we’ve explored why it’s critical to be proactive about the digital security of your solopreneur business.

Remember that there are three components of security: confidentiality, integrity, and availability.

The source of security incidents can be both internal and external and applies to both devices and online accounts.

Most of the attacks are opportunistic, usually leveraging known and already patched vulnerabilities.

Targeted attacks are rarer, and the risk is lower for solopreneurs. However, they could affect your business more significantly and are also harder to defend against.

Regardless of the source or type of the attack, security incidents have both direct and indirect negative consequences. It usually takes a lot of time and money to remediate the situation, and on top of that, the likelihood of lost revenue during the recovery phase, as well as resulting from the damage to your reputation, should not be overlooked.

Implementing preventative measures in addition to a robust contingency plan is not rocket science. However, because it feels less tangible than learning a new sales and marketing technique, for instance, the cybersecurity aspect tends to be put on the back burner until it’s too late, unfortunately.

360° Tech Diagnostic

And if you’d like some help and accountability implementing some or all of the measures that we discussed today, sign up for my 360 Tech Diagnostics service. 

After filling out a comprehensive assessment form, we’ll have a Zoom call during which I will give you my top three recommendations, including tools and services to consider.

After the call, you will receive a summary report with the points we discussed and all the necessary links. 

And if you decide to work with me one-on-one after that, I will deduct the diagnostic fees from the first coaching pack that you purchase.

To learn more about that, just visit macpreneur.com/diagnostic or click the link in the show notes.

If you enjoyed this episode, please share it with a fellow solopreneur and DM me on Instagram. My handle is @MacpreneurFM.

Next episode and outro

So that’s it for today.

The first part of Season 5 is dedicated to covering the security of the devices that you use, mainly your Mac, iPhone, and iPad. In the next episode, I will dive deeper into strategies to protect your Mac from cybersecurity threats.

So make sure to subscribe or follow this podcast to get it automatically next week.

And until next time, I’m Damien Schreurs, wishing you a great day.

Thank you for listening to the Macpreneur Podcast. If you’ve enjoyed the show, please leave a review and share it with a friend right now.