LATEST MUST READ TIPS & TRICKS

3 Ways To Stop Hackers Attacking Your Online Business


You’re watching Netflix on a Saturday night and you feel a nudge to check your email at 9.30pm.


You find a notification email that you’ve changed your Facebook password at 7.30pm.


Of course you didn’t! You’ve been pondering why George Clooney had such an unflattering beard in The Midnight Sky…


This is the story when my Facebook personal account was hacked and it put the brakes on my Facebook reach and stalled my launch.


Within 3 hours I reported my Facebook account as compromised using this link: https://www.facebook.com/hacked


However I’ve lost access to my Facebook personal account because the hacker changed my Facebook email address and password.


None of the Facebook automated recovery methods work when your email address has been changed by a hacker and forget thinking you’ll find a human to talk to… whether that’s by email, messenger or phone.


Not only did I feel violated by this attack, I also had the inconvenience of having my credit card cancelled which was the only way I could stop the money being drained from PayPal with my Facebook Ads Account credentials 36 hours later!


I still don’t have access to my business Ads account although thankfully my virtual assistant had access to my business page.


Facebook pages can only be accessed via a personal account that is assigned an Admin role. I’d recommend that if you haven't already done so that you assign a backup Admin role on your business page(s).


In the meantime I’ve created a temporary account that my virtual assistant could assign the Admin role to my business page while I endeavour to regain access to my original Facebook account and Ads Manager.


How do you know if you’ve been hacked?

Your Facebook personal account may have been hacked if you notice that:


  • Your email or password has been changed
  • Your name or birthday has been changed
  • Friend requests have been sent to people you don't know
  • Messages have been sent that you didn't write
  • Posts have been made that you didn't create


If you think your business page was taken over by someone else, it may mean that your personal account or the account of someone who works on your page was hacked.


I don’t want my experience to be yours so here are 3 ways to stop hackers attacking your online business:


  1. Security Principles you need to apply
  2. Secure your Facebook account now
  3. Close down PayPal AutoPay security gaps


Let's dive into each one and take the actions as you go to secure your online presence


Security Principles you need to apply

Hackers know that we want convenience, and they rely on us choosing easy!


#1 Don’t use the same password for multiple online apps


I had over 500 passwords stored. Yikes!


For my business apps a number of them were the same or a derivative thereof, except for my finance related apps.


Instead use LastPass as a password vault and use it to generate a strong password and save it with the login credentials.


LastPass can be installed on your Chrome browser as an extension and as an app on your smartphone which makes it really flexible and accessible.


Because you create a Master Password for LastPass, it needs to be complex and kept safe – up to 16 characters and a mix of upper case, lower case, numbers, and symbols.


Thankfully there is also a prompt question you can set or an option to login with a one-time password that is sent to you via email. Another backup is to grant Emergency Access to your account to another LastPass user.


When you work with a tech provider you can keep your online assets secure by “blind sharing” passwords via LastPass. You then revoke access when you’ve finished working with them unless they're your safety net like I am for a number of my clients.


#2 Use two-factor authentication

This safety feature is available in so many apps now where you require a password and you use a system generated code to verify that the app login is from you.


Two-factor authentication can be done easily via an authenticator app on your smartphone e.g. Microsoft has one that you scan QR codes with OR choose to receive the code via text message on your smartphone.


Often you can save your access on a named device / browser for a specific number of days (or sometime indefinitely) and then you’re prompted for a verification code via your security method if the app notices a login from an unrecognised device or browser.


For example with Facebook you will receive an email notifying you of a request to change your password. If you didn’t request to change your password there is a link to notify them.


As I don’t have my email notifications on I was oblivious to the hack so when you can rather choose notifications via smartphone.


Whilst two-factor authentication feels an inconvenience it’s certainly great for peace of mind and securing your business online!



Secure your Facebook Account now


Use these steps to ensure your business on Facebook doesn’t fall into the hands of hackers.


On your desktop login to Facebook and then 1) on the far right click the down facing arrow and 2) select Settings and privacy from the menu


Click on Settings


Click on General

  • Edit your username to something memorable so you can use as an alternate login
  • Edit the Contact and add a backup email that you actively use


Click on Security and login


Under Check your important security settings click the View button and it will prompt you to review 3 of the most important security settings

  • Change your password to one that is strong by using an app like LastPass to generate and store a unique password for Facebook
  • Turn on two-factor authentication with both Text Message AND an Authentication app
  • Download the Recovery Codes to a safe and memorable place in your folders on your computer


Under Where you’re logged in

  • Log out of all sessions except the computer you’re currently on. This means you will get prompted for two factor authentication on other devices


Under Setting up extra security

  • Get alerts about unrecognised logins sent by email only as you don’t want to alert the hacker that you’re onto them!
  • Choose 3 to 5 personal friends to contact if you are locked out. They are your trusted contacts


Implementing these steps prevented another hacker attacking my business two weeks later!



Close down PayPal AutoPay Security Gaps

I held a belief I was protected from data breaches online by using PayPal instead of a credit card.


Not true!


Over the course of 36 hours my Ads account was skimmed of $1000 via PayPal Autopay even though my Facebook account was reported as hacked within 3 hours. I disputed the transactions on PayPal who washed their hands of me and told me it was my credit card providers problem.


You may want to check what’s on PayPal AutoPay using this link: https://www.paypal.com/myaccount/autopay/


Be sure to mark all those suppliers you are no longer using as inactive and I highly recommend you track your money movements daily preferably or at least a couple of times a week. This will alert you to unusual transactions on your account.


Hope these prevention tips help you! I love answering questions so if you have any ask away below.

Are you a holistic practitioner, coach or creative? Let’s chat and see how I can help you to resolve your frustration and overwhelm with technology.


𝐆𝐫𝐚𝐛 𝐦𝐲 𝐅𝐑𝐄𝐄 𝐛𝐮𝐬𝐢𝐧𝐞𝐬𝐬 𝐚𝐬𝐬𝐞𝐬𝐬𝐦𝐞𝐧𝐭 𝐬𝐞𝐬𝐬𝐢𝐨𝐧!


Let’s determine how quickly and effectively you can do what you need to boost your business even if you think tech is not your bestie!


Secure your spot by messaging me