Listen in as I talk about data breaches and simple things that all entrepreneurs should be doing to protect their onlines businesses, with Branden Moskwa on episode 83 of the eCommerce Allstars Podcast.
Branden: Hey everyone, thanks for joining today’s show with your host Branden Moskwa, of course. Today, I’m excited, I have Chris Parker online. He’s the founder and CEO of WhatIsMyIPAddress.com. I’m excited to have him, we’re going to stray away from e-commerce a little bit today just because I want to talk more in regards to protecting your small business, and that sort of thing, and online security and privacy, and that types of items. Thanks for joining us today, Chris.
Chris: Thanks for having me. I’m glad to be here.
Branden: I think it would be a good discussion, when you first called in, you mentioned being on a, what was it, a VPN?
Chris: Yup.
Branden: And so I thought, I made a comment about you’re a fairly cautious individual. I think it would be interesting because, you know, I think you have seen a lot of what’s going on out there. I have, too, because I’m one of those guys that clicks on every email that I shouldn’t, and end up getting malware on my computer all the time.
Chris: Oh no, say it isn’t so.
Branden: So that’s why I love to talk about, small business owners, and what they can put in place to protect themselves a little bit, and all that. But before we get going, I’d love to see you give people a little bit more of a background on yourself and what got you going into the world you’re in.
Chris: Great. I have been involved in e-commerce or online sales and websites in one fashion or another since probably the late ‘90s when e-commerce was “Oh my gosh! You can sell things online!” Worked for a company called ClubMac, that was originally a mail-order catalogue company selling Macintosh computers, they took the internet by storm and started selling online and I got to be a part of that. I had my own little dabbles in trying to do e-commerce, with a little website called discountbibles.com. I made the misfortunate step of trying to compete against Amazon, and learned my lesson there. After that, went on to life insurance and helping people be able to buy life insurance online without an agent, and that was kind of a fun experience. Throughout all this, it turned out that what had started out as a hobby became what’s now my full-time business, and that’s whatismyipaddress.com.
Branden: Very cool. Can you just give people a quick background on what whatismyipaddress.com is?
Chris: The simplest way to explain it is, when you go on the internet, you have a return number that when you send out a request for a website, it’s got to come back to you, so that little piece of information is called your IP address. Every website you visit sees it, every time you check email, your email provider sees it, your ISP sees it, they assign it to you, and it gives away a fair amount of information about yourself. It can give out who your ISP is, a good idea of where you’re located, in some cases it can be crazy accurate down to a few feet from your front door, if that freaks you out. Another case is that it’s not as accurate as that, but for most people, once they learn a little bit about it, they’re like, “Oh, I don’t think I really want people knowing this information about me.”
Branden: Right. I had mentioned in the beginning, I’m talking a little bit about online privacy, and one of the things I was wondering is, based on what you just said, should we be more worried about our online privacy?
Chris: You know, it’s kind of a mixed answer. I think in some cases, we absolutely should be concerned about our online privacy. I think particularly as small business owners, when we’re travelling and we’re using hotel wifi or that mom and pop café, when you’re out in other countries that may be not so friendly to freedom of speech and things like that, I think we do need to be concerned about our internet traffic and what that might be telling people about us, or what it might be giving them access to.
Generally, for myself, when I’m here in the States, at home, I don’t use VPN to protect myself a whole lot, but definitely when I travel I’m concerned about it. There are people who just have that attitude of “I just don’t want my ISP knowing what I’m doing. I’m not doing anything illegal, I just don’t want them knowing, it’s none of their business.”
Branden: Right. First and obvious question, to me, is: do you need to use a VPN for that or can you use something like built-in, like Chrome’s incognito?
Chris: Good question. Incognito mode really only protects you from your wife seeing what websites you’re visiting. It’s really as simple as that. It just doesn’t keep history of your internet traffic in the browser cache and things like that. There’s no history of which websites you went to, there’s no cookies, there’s no cached images, that’s all that incognito mode really does. A lot of people think it protects them online and doesn’t let anyone see what websites they’re visiting, or their ISP from visiting, but it doesn’t do that. It just hides you from people in your own household.
Branden: Okay, fair enough. Let’s expand on all of that. Let’s talk more about small business owners. Because they’re not necessarily worried about what their wife is or isn’t seeing, what they’re more worried about is their business, and what types of scams can take over, or how they prevent ransomware and malware from entering into their business, so to speak.
Chris: I think for small business owners, I know it’s something that I, maybe I go a little overboard on myself, but one of the best ways to deal with ransomware, you said, you know, “I click on the occasional link that maybe I get myself infected.” The best, cheapest, easiest way, other than not clicking on stuff, is having off-site backup, and it’s not just backup, it’s got to be off-site backup.
People say, “Oh I’m copying my hard drive to a portable hard drive every day, and so I’m doing that.” Well, that’s nice, you’re probably better than 99% of the people out there if you can actually remember to do it, because most people don’t. They start with good intentions, and like, “Yeah, I’m going to be diligent about this. Every Friday before I go home, I’m going to start to back up and let it run over the weekend.” and inevitably, they forget to do so. It’s got to be an automated process. And then it needs to be off-site.
The horrible reality to it is, homes burn down, businesses burn down, there’s accidents, you know, if someone broke into your house, you work from home, someone breaks into your house, they’re going to steal everything that’s electronic. They’re going to grab the laptop, they’re going to grab the hard drive right next to it. And so if it’s not off-site, it’s really no safer, it’s really no more redundant than just having your laptop by itself.
The great thing is there’s a lot of inexpensive solutions out there that. If your laptop gets stolen, your hard drive crashes, you get malware, you contact your provider, and they FedEx you a hard drive with all your information on it, and you can be back up and running in a day or so. If you’ve got a, “Oh gosh, I lost all my contacts.” small business owners could be–it could devastate their business if they lost their computer.
Branden: Fair enough. It absolutely could. In fact, when you said fires, it made me think about last summer, in the area that we’re in, we’re hit hard by wildfires. I was sent a survey recently from the Red Cross just asking for feedback in regards to the fire situation and whether or not we’ve put plans in place for our business, should something happen again where, you know, it could be catastrophic in the sense of what you’re speaking of. That actually got me to thinking that, “No. I don’t personally, don’t have an off-site backup running on my computers.” and I know that I used to do that, but then we updated to a new computer, and our computer systems and whatnot and we haven’t since got that back up. Yeah, absolutely just grind you to a halt. I could totally understand how that could be a problem. What would you say some of the, I mean that’s obviously one of them, are there other practices you might suggest people put in place?
Chris: Absolutely. I think another one is using a password manager. A password manager is an application that you run on your phone or your computer that allows you to generate a unique password that’s just a bunch of gobbledygook uppercase, lowercase, numbers, special characters, any length that you need it to be. It can create a unique one for every single account that you have. All you need to do is log in to your computer, unlock the application, and then you have immediate access to fill in your passwords on all the websites that you use. This is particularly dangerous, that not using it is particularly dangerous.
You really have to assume that, if you’ve used an email and a password combination, it’s been compromised. There’s someone out there that knows that password. And while we never want our Amazon account to be hacked, or something like that, what would be a whole lot worse is if someone gets into one account, then they get into all your social media, then they get into your bank account, then they get into your retirement.
If you’re using the same password everywhere, you’re almost guaranteeing yourself to potentially lose everything. If you want to scare yourself, there’s a great website out there, I’m going to say it wrong because, it has some hacker-speak in it. It’s called Have I Been Owned? Except replace the O with a P. You type in your email address in that site, and it will tell you everywhere that that email address has been involved in a data breach. And it’s pretty alarming once you’ve done that.
Branden: Okay, I’m going to check that out. I mean, I’m going to speak about password managers just briefly here, because that is something that I do use. One of the things I like about password managers, I mean, I’m not going to namedrop anything because of, well, just because. I use one and I like it a lot, because I don’t need to really remember my password for everything. But in the same vein, yes, it does, it allows me to use different passwords. It actually will allow me to, it will auto-generate its own, and creates some pretty funky ones that I’ll never remember, but I don’t need to because I have a password manager running. My only concern though—and maybe you can speak to this—is you normally need a password access that, what are the odds or chances that somebody, you know, getting that and then next thing you know, they have access to everything anyway.
Chris: Well, the password that you used for your password manager should be unique to your password manager, and that you never have ever used it anywhere else. Truly, like if someone has compromised your machine, and they’ve got a keylogger on your machine, they may be able to see what is in your password manager. Most of them, in the good quality password managers, they don’t store your passwords on their servers, they don’t store them unencrypted, so it’s fairly safe. I think for most people though, the risk of your computer being compromised, and someone being able to do a keylogger, be able to remote into your machine, use your password manager to get your passwords out, there’s a lot lower likelihood of that than having just your yahoo account compromised. That hasn’t happened, oh wait, it did.
I do this on a couple of things, for those that you have particularly sensitive accounts, you should enable what’s called two-factor authentication, where when you try to log into the site, you have to type in your password, and then it wants to, in most cases, send an SMS message to your cell phone, some six-digit number, then you’ve got to type that back into the website to get in. I do that for bank accounts. I do that for a couple of accounts where, if someone got access to it, it can cause significant problems. I don’t do it everywhere because it’s a real hassle, and SMS, two-factor authentication, it isn’t foolproof, but again it’s better than nothing.
Branden: That’s very cool, and that’s a pretty good suggestion. I was just looking on Have I Been Owned, with a P, and apparently, it says, pwnd on two breached sites.
Chris: You’re lucky. Only twice.
Branden: Yes. What does that mean exactly, so that people know.
Chris: What that effectively means, that depending on the type of breach, you want to assume that the password that you used for that website, when that breach happened, is known. If your password for that website was “happybirthday42” and you used “happybirthday42” anywhere else with that same email address, you better doggone change that password really quick because people are going to try using it. It means those, that email address and password combination is out in the wild.
Branden: Absolutely. Okay, alright, and actually the last one was in July in 2018, and before that it was 2012, so I’m actually doing pretty good. I’m going to give credit to my password manager for that.
Chris: Well, it’s not your password manager that actually prevents the breaches, it just keeps your password unique. You just happened to have only used an account at sites that have been really good about not having breaches that we know of.
Branden: Okay, that makes sense too. Right on. Okay, that’s all helpful. Do you have any other practices? I mean, let me ask you this, instead of any other further practices. What is your take on having anti-virus, anti-malware software? Because to be honest with you, sometimes I get afraid of different malware software that’s out there, whether or not it’s even legit.
Chris: Yeah, I think if you’re running Windows, and running Windows 10, the built-in antivirus, anti-malware from Microsoft is actually very robust. While that’s not my expertise, I do hear a lot of tech industry experts really saying, if you’re running Windows 10, as long as you’re running Microsoft’s anti-virus, anti-malware, which is built into the operating system, as long as you don’t click on links in emails and do random things like that, you’re going to really keep yourself pretty safe. I think the same would be true for the Mac, as well. I haven’t run antivirus on a Mac, security by obscurity, but less issues there. Again, a lot of it is about user behavior. When you get that email saying, “Hey, click here, you won $1000, $50,000.” Yeah, you probably didn’t.
Branden: I get a lot of emails that have my name in the link, so it causes me to want to click it to see what’s the link that has my name in it, and go, “Oh,” then I end up downloading something. That’s one of the scams that I fall for all the time. But anyhow, Chris, I appreciate these thoughts. I was hoping that you could entrust me with any final words of wisdom, and how people can reach you.
Chris: Yeah, so I think, there’s a saying that, I wish I knew who said it, but it has been something that has really stuck with me for the last couple of years. It’s, “If you’re the smartest person in the room, you’re in the wrong room.” I think as business owners, we always have to be learning things from people who know more about those things than we do, and really being open to keeping up with the latest trends in our industries, and people that are experts. We just can’t assume these days that we’ve got it all done, and we don’t need to learn anymore. We got to learn, we always got to learn.
Branden: I think that’s sound advice. I subscribe to that same mentality, got to always be learning. Excellent advice, appreciate that. How can people reach you?
Chris: Anyone who wants to reach out to me, they can get a hold of me at chris@whatismyipaddress.com and they can definitely visit the website for educational information on privacy, security, IP addresses, VPNs, a whole bunch of stuff. I got a great team of guys that are working, just feverishly write useful things for everybody.
Branden: Awesome. Well, thanks for your time today. I think we’ve gotten some great tidbits of information, and just good, solid reminders, of nothing else, for people to get out there, and take action on it. They’re very simple action items. Thanks again, Chris, for being on the show today.
Chris: Thank you very much, Branden.