Passwords, Site Backup and Your Security
A couple times every week I read an article about the next high profile company that got hacked. Or that stored client data unsecurely. Or discovered their backup was corrupted when they went to restore it.
Most business es in the corporate would spend huge amounts of money implementing their disaster recovery plan and enforcing company security policies.
Isn’t it worth thinking about these things, at least a little bit, to protect the business you’ve built?
Let’s talk about what I consider the bare minimum steps you should be taking to ensure your business is protected from disaster.
Site BackUp
There’s a commonly quoted rule with computer data that says if you don’t have 3 copies of something, you don’t care about it.
All digital storage will fail eventually and you CAN’T let it take the only copy of your site – representing hundreds or thousands of hours of your life’s work – with it.
So Let’s Talk About How to Backup
A lot of you may be thinking, “No problem, automatic backups are part of my hosting plan, next tip Kris!”
Not so fast my friend.
It may surprise you to know that according to their terms of service, NO host that I know of guarantees the availability and integrity of those backups. This includes but is not limited to (deep breath so you can read these out loud in quick succession for affect): GoDaddy, Hostgator, BlueHost, Rackspace, Siteground, WP Engine, switchplus, WPopt, Liquid Web, and even my beloved BigScoots.
And this isn’t just legal speak to cover their back side – I’ve had 2 clients email me in the past couple of years that their host bungled their backup after their site crashed and THEY.LOST.EVERYTHING.
Talk about a helpless feeling.
Now that I have your attention, here’s my absolute REQUIRED BARE MINIMUM steps you need to take when it comes to your site backups.
- Make sure your site is being backed up (if your host doesn’t do it for you, look into either BackWPUp or Updraft WordPress Backup Plugins and do it yourself).
- Periodically download copies of that backup to your computer (I recommend at least weekly but this may vary depending on your risk tolerance. Put a reminder in your calendar and don’t skip it!).
- Copy that copy somewhere in the Cloud (Dropbox, Amazon, Google Drive, Microsoft OneDrive, Apple iCloud, etc).
- (Hardest Part). You really need to test the backup periodically to make sure it is not corrupted. This can and does happen. My best advice for this is to talk to your host about a “staging” or “dev” site. This is a temporary site where you can restore the backup and make sure it works OK.
- No beating around the bush – this is time consuming and annoying (some hosts will make this process easier than others – something to consider when looking around).
Remember, this process is crucial to ensuring the longevity of the BUSINESS you’ve created!
Now Let’s Talk Passwords
81% of company data breaches are due to poor passwords. I found it on the internet, so you know it’s true!
Proper password etiquette can go a long way in protecting you from the migraines that result from being hacked.
At a recent family party, I had an Uncle of mine proudly declare, “I’m just about done going through and updating all of my passwords to be the same for every site I use!”
I’m sure my stunned silence was very reassuring.
Needless to say, this is a BAD idea. If a hacker gains entry to something like your email (which would typically have welcome messages from all your other services) they now essentially have a “skeleton key” to the rest of your life.
My REQUIRED BARE MINIMUM steps for proper password etiquette:
- DO NOT use the same password for more than one service.
- DO use a password manager
- If you run a search for the best password managers of 2019, these ones will keep popping up:
- Most of these managers have a free version available, making them a real no-brainer.
- Never create a password yourself. Have the manager generate one.
- I just checked – my personal password manager vault has 781 passwords stored in it! Talk about too much to remember.
- NEVER send a password via email. Instead, you can…
- Use WordPress’ password reset email when sending dashboard credentials to your site.
- Use a free service like https://1ty.me/. This destroys the password after it is viewed the first time.
- Submit via a form on a known website that uses HTTPS, like our Secure Information Form.
Like insurance, security is just not fun. But it’s imperative to have in place for the times when you need it.
Keeping on top of your site backup and password management goes a long way to ensuring the success and longevity of your business. It’s definitely better to be safe than sorry.
Site backup and password etiquette are effective ways to protect what you’ve been working so hard to achieve. Taking these security precautions won’t cost you a lot – choosing not to, on the other hand, could cost you big time.
Leave a Reply
You must be logged in to post a comment.