Bringing Business to Retail
Keeping Your Information Safe When Delegating Tasks
Bringing business to retail podcast episode six with Aaron Howard from streamline internet marketing calm Welcome to the bringing business to retail podcast on Selena night calm stay ahead of the competition by opening your doors to business experts So you can learn grow and be inspired Passionate about bringing business strategies to independent retailers, please welcome your host Selena night Hey there and welcome back to the bringing business to retail podcast and I'm your host Selena night Today we're in part three of our four-part series on outsourcing and we're going to be talking about keeping our content safe Now I could have brought a great big techie person who could have wowed us with bells and whistles on how to look after our content But I didn't I want to make this as easy as possible. So I brought on somebody that somebody being Aaron Howard Who actually works with clients and accesses the back end of their websites all the time? And I wanted to get her to give us her take on How she makes sure that her clients secure their content so that their websites can't be hacked and their data can't be stolen And it's important to keep content safe because you have an obligation to your clients To make sure that that data that they give you is always in safe hands So we're about to jump in and hear what Aaron has to tell us But before I do that I want to say stick around at the end because I've got a little story to tell you and a link That I'll be providing in the show notes from a situation that my friend Natalie Sisson the suitcase entrepreneur had and I'll drop the link in and tell you a little bit about her story after Aaron tells us how to keep our content safe So let's jump in Hey there. Welcome back today. I have Aaron Howard on the show and She's going to tell us about how we can lock our doors when it comes to outsourcing now She's not a security expert, but what she does do is a whole bunch of marketing support Website support and web design for her clients She's frequently entrusted with her clients passwords and access to their accounts And when she creates or does maintenance on those websites. She sees loads of mistakes that leave people vulnerable So I've brought her on today to tell us Especially when we're new to outsourcing how we can go about making sure that our content is safe from the people that we're hiring So Aaron tells a little bit about what you do Hi, thanks for having me today So what I do is I help businesses promote themselves online And some of those sometimes those are people that have that have offline retail types of businesses and they just want to have an online presence and then sometimes those are people who Have most of their presence online and are selling things online, so we will We provide ongoing marketing support Helping people with things like email newsletters and updating their websites and updating social media and we also help with things like website design and training people how to How to use different technologies? like things like Mailchimp for email or Facebook for Facebook for social media And we also help people with marketing planning and strategy So you can imagine when when we do help people with their day-to-day Marketing tasks, you know, basically we need all their Passwords and things or else we won't be able to access and do the work for them So there are a lot of security concerns around that And sorry, we've talked about outsourcing lots of general admin tasks in the last couple of episodes, but we what we also talked about was some of these bigger media things like your marketing and when you're Really tied up inside your business, especially if you're still working in your store Outsourcing this section to someone who gets what you do and this is this is my big thing Is make sure before you bring anybody on their goals and their visions and the way that they work actually align with yours But if you can outsource that to somebody else just imagine how many hours you're going to free up We're talking like weeks if not months of work. So Aaron does the outsourcing, but She has to have access to your systems, and that's where a lot of people get freaked out So Aaron tell us how do you how do you tell your clients that it's okay for them to give you their details? Well, there are a few different measures that you can take and I Started out doing all of the work for my clients myself, but then I actually hired some people to help me So I have out sources as well So I I need to think about security for my clients and for myself so First of all during the hiring process Do some of your basic due diligence, and you may have talked a little about this before but you know ask people for references Check out, you know see if somebody if the people are unlinked in Do they do they have a website if are you able to Google them and find out any information about them? That could be a little more difficult when people are overseas But what I think is a big red flag is if somebody can't give you any references You know certainly people aren't going to give you references for For somebody that might not give them a good a good review But if you if somebody can't really give you any at all then that's you know That's a little bit alarming so the first thing is you know as during the hiring process just just sort of check them out and make sure that they sound That they seem reputable and that they people they've worked with before can can vouch for them So when it comes to references, I know if you go to a lot of the freelance websites people have reviews on the work that they've done Should you take those at face value or should you actually ask for? Two or three people who you can email yourself to ask about how to work when I think that is a good way to To initially screen people when you're the online reviews are a great way to do that But I would you know if you're at if you're at the point where you're actually ready to hire somebody And it's and you're going to entrust them with With information about your business then I would I would ask them for at least one reference somebody that you can talk to that They've worked with before Okay, so if we're if we've done our due diligence here and we think yep, this person's great. What's the next step? Hey, the next step then is giving them access to some of your systems and I do have a An agreement that I send to people an independent contractor agreement or it can be an employee Agreement if you're actually hiring somebody on as an employee, but usually it's an independent contractor agreement to just sets out all the policies And it's it's not I don't send it so much because it's it's going to be enforceable and you can bring somebody You know the into court when they live in another Possibly live in another country, but it just it just sets sets expectations for How you expect them to deal with your data and that you know they are they should not be downloading And doing things with it without their without their knowledge and you can go over that with them and talk to them about it So that's you know kind of first step just let them know what your policies are about your information I Sorry, I think if you this is one of the things that we talked about in the last episode is if you're going to bring someone on That's not just a one-off job if you're going to have somebody who's essentially but going to become part of your team You want their values to align with yours. You want to know that this person who's coming on board has the same Outcome in their mind. Do you agree with that? Yes, so You know if you can set up a Skype call with the person to you know Have that sort of voice-to-voice contact or video-to-video contact you and that can help a lot where you can Where you can you know get a little bit more of? Of a one-on-one conversation even if you're planning to do most of your contact in the future possibly through email Things like that Yeah, I think it's definitely establishing that report in it as you said just in a one-off Initial meeting because it's kind of like internet romance, isn't it? You could somebody seems so perfect on paper and the emails go fine But then when you actually speak to them something might not click and all of a sudden The bubbles burst and maybe they're not the person for you But I think even in just that 10 or 15 minute conversation You can you can learn a lot like people can be a bit nervous and and maybe they you know stumble and they don't have the answers up From but you can usually tell if somebody's engaged enough and if you actually want to bring them on to your team Yes, if you think about you know a traditional hiring situation where Maybe if you're the hiring manager and you see somebody's resume or CV and you think oh, they're just perfect for this job Or you're looking for a job and you get an interview and it sounds like your dream job And then you actually have the interview and it's not at all what you thought or the person You're the hiring manager and the person and person is just not what you expected and you can tell right away They're not going to be a good fit So if you can have in some sort of in-person touch than that, you know, that is essential For an ongoing relationship Great, so we did talk about that But it's great to actually hear that from somebody else that that is it's really imperative before you hire to actually have Just a 10 or 15 minute conversation with this person Right So then the next step is then we're we're starting to think about well What does they need access to just like anytime you would hire any new employee? And you know, you might tell your your computer person that somebody needs an email address and things like that so you want to make a list of everything that you think they'll need access to and so one of the big mistakes that I see people make is that they They end up giving their outsorcers. I'm just giving them their own contact their own login information for various accounts instead of giving them their Instead of giving them their own account setting up a separate account for the outsorcer And sometimes you have to do that because you know, maybe you have a maybe you're paying for something where you can only have one user at a time And well, I'll talk in a minute about how to about security for those situations, but for instance for Mailchimp, which is a common email newsletter tool. You can give your assistant their own Login information and then that way They have their own username and password and then that way if things don't somehow things don't work out with the position Instead of having to go in and change your own password and worrying about them having access to it You can just remove their account And then you're also able to track you know the work that they're doing separately from your own work as well Okay so if for example with Mailchimp if they had put a newsletter together and you weren't happy with perhaps some of the wording or situation, you know broke down and you didn't want them there if you take them off as a user Are you going to use lose all the data that they've inputted? No, the information is Still in the account It's just that they don't have access to the account and then the other thing is there are different levels Of so you can give somebody full access to everything about the account Or you can you know, just give them access to to create and edit? Messages so you can give them, you know, only as much information as they need and That's I guess that's really important because in most of these software service type providers your billing information is in there and you know your credit card details and things could be in it located inside when you log in so That's really important and we're not just talking about newsletters here. It's really important that if your website Or the system that you're using actually has different levels of access that you actually Look at what those are and give them Only the level that they need to have like those people your contract people should not have access to your billing details for 90% of the jobs That they're going to take out Exactly and for for your website if you have a website They don't your assistant likely doesn't need access to You know every single thing in your in your site Maybe they just need to have the ability to to edit and put up new new content on your pages things like that So whenever possible Make sure to give people their own accounts and make sure that they have just the permission levels that they need Okay, so first of all we've got a reference and then once we get start giving them access to our programs or our website We're going to make a list of everything that they need access to and then go through and work out what level of access They need what do we do next? Hey, the other thing is Making sure to To use strong passwords and this is this is such a basic thing And it's you know everybody knows they should do it and most of us Don't really do it consistently. So when I say strong passwords, I mean that your That your password should not be the same as your username or the name of your business or ABC one two three So and I have a client who's I just changed one of her passwords the other day because it was her business name plus one two three So So that happens a lot So could you use something like last pass to help you there? Yes, so that is that was the next thing that I wanted to mention is that the reason that we don't use strong passwords is that is because it's a pain in the neck basically because The strongest passwords are ones that are random that aren't actual words or names which makes them much harder for us to understand I mean to remember rather much harder for us to remember So then you go to log into a site and every single time you go to log in you have to go find the password and copy and paste it Or type it in and so that's why we end up using you know ABC one two three for all our our sites But the great thing is that there are There are apps and last pass is the one that I use which you mentioned and that's probably the most popular one and what they are is their password management applications And they're very inexpensive last pass has they have a free version and then if you get the premium version, which Let's you add additional users and things like that. I think it's maybe $12 US a year It's about $12, but that access I use it myself, but that access to being able to give people Access to other sites that's kind of the workaround for when you only can have one user Exactly, so I had a client where I had to I had to sign into his website under his user Idea if I was going to put up a new article or blog post on his website Because he he was able to give me my own user login, but then it would show up as The article would show up as being posted by Aaron and he wanted it to show up as being posted by him so but so what he was able to do was use last pass and I I created my own free account, so you're not asking you know You're your outsourcers to pay anything for their last pass account And you share the password with them and they go to last pass and they click on it And it takes them to the website and they see you know the They see the the password is filled in but they can't actually see the actual password unless you give them permission to it To see it. Yeah, and that's what I was just about to say when you said that they log in They don't actually see what the login details are so they can get in under your under your Log in but they don't know what your username and password are Exactly so then you know say at a later date somebody is no longer working for you then you can just Stop sharing that password with them all the passwords with them. They never knew what it was in the first place But now you can just cut off the access and then you again You don't have to worry about going in and changing all the passwords or you know Maybe they know that you used on 90% of the accounts You use the same password and then they try to log in to PayPal with that same password in your email address or something like that As you said, we're all guilty of it but we all use the same recycled three or four passwords because it's so difficult to try and remember and If you're worried about something like last pass being hacked you can go off and Google that yourself will link it up in the show notes But if you're really worried and you should be worried about giving some of these details to people for $12 a year Done and dusted. You don't have to worry anymore. You can take that mission away whenever you want to Exactly and and another nice thing about last pass is that they will generate random passwords for you so you can just click you know generate a password and then they save it for you and then when you go to log into that site you don't have to remember it either and you know just to clarify how it works you have you have one password that you need to remember and that's your password for last pass and Then once and then you get into there and then they've last pass has saved all of your passwords there And there are a couple of other ones You know people want to look into some other options one password that the number one and then password is a is a competitor of last pass That's very popular And Dashlane is another one. I have not used those two But those are just ones that I have I've heard about and have seen good reviews of Great, we'll pop those up in the show notes as well. So now that we've given them Access to say just using an example that I've used in my stores So we've given them access to the website and they can see all of our customer billing data. We don't we don't keep Credit card details because you need to have a very very strict system to be able to keep credit card details But they can see my customers name address phone number In some cases their birth dates How are we going to make sure that that doesn't get into the wrong hands? You hear about all these crazy stories about big businesses being hacked and all this information being taken as a small business How do we make sure that we're providing the privacy and the safety for our customers? Well, I think there are a couple of things You can you might need to ask a couple of questions of the of the people who provide your software? Where you store the billing data to ask them? You know what security measures are are there any security measures that are inherent in the in the software? So that's one thing to do the other thing is making sure as we had said before that people only have access to the level of data that they need and again, there does come a point though where you You know if you are going to work with somebody in an ongoing relationship You do you do have to trust them? You know and hopefully you've done the due diligence But then the other but so you do have to you know at some point sometimes people will your Outsorcers need access to that data, but then You can't you just need to monitor how how they're using it so You know are there are there? sometimes you can put measures like people don't have permission to Download the data Download into a spreadsheet if your software has has things like that where you can set those permissions Then use it if they don't need if they don't need to do it. Maybe they just need to Maybe they just need to refer to the customer database To look up people's emails and phone numbers periodically, but they don't actually need to download it Or is there a way where you can set up you know alerts if If a lot of data is is downloaded so that's you know That's some of the basic things that you can do, but you as with any employee there does come a point where you have to You have to give give some degree of trust But I know when I worked in retail There you know there was a lot of due diligence, but then it was still was very common to Everybody include everybody including the manager had to had to had to open up any bags They had before they left so trust but verify And this is this is one more step we've talked about in the last couple of episodes about how outsourcing takes you from a Just a business owner to a manager and a leader and a real business owner So you actually have to start putting processes in place Where they haven't existed before and when you outsource? It's like taking on a new employee you may you should have an induction process for your contractor But it also makes you go and work out all of these things and now I can imagine that There's probably a very large chunk of people listening today who have no idea about whether they can separate the level of permission on Their website or on their point of sale system and things like that They just go yep, I mean that's the easiest box that will just tick that and then they can do everything So it's really important for yourself and for your business and as well as the customers everybody else who's data that you're potentially handling to actually have a system in place and this outsourcing process is going to make you put that process in place, right? Another thing that's helpful is using project management software and I I personally Have been using base camp for a few years, although I'm just in the process of switching to another Another one called teamwork We use teamwork. Yeah, yeah, and they are they're they're pretty simple and straightforward base camp Especially is very easy to use and it's um, it's not very expensive. I think it starts at about $20 US a month And so what it is? It's a place to store files And it's a place you can send emails directly from the website and people will receive Email notifications with the text of the email But the actual discussion threads are kept right in the website And if there's a file that somebody needs to look up, you can you can just put it in that you can just upload it there and so that makes it a little bit more secure than exchanging a lot of information in email Because you know at that you can look up the security procedures for those For base camper teamwork order product whatever project management tool that you use but then You can easily cut off Just to remove somebody's account and cut off their access to your files if If they no longer, you know need to need to be able to access them and you can you know choose who can see what? So that you more control Yeah, we have a process in place where works in project works in progress have to be kept on teamwork So it means if you get sick or if your internet dies Somebody else can actually go and pick that up and move on with it. It's not a case of oh Sal's gone to the Caribbean and I don't have access to that piece of paper anymore All work in progress has to be kept on teamwork. So and we all have access to it. So at any point in time Somebody else can pick up the ball and run with it or if we had to you know If we if we didn't have a contractor who was working then somebody else can actually come in and go Oh, there's the email thread. I can see where they're up to here are the contact details He's the file that I need to work on so Taking them out of the actual software that you want to be working Say say it's your website taking them off your website and into something like teamwork It has the accountability there and a whole bunch of data like you were saying about the customer data You could potentially export into an Excel file names and addresses or names and email addresses But keep that other data safe so they don't actually have to go into your website You could be taking the information off and putting it somewhere else Right again, and that's that's another example of giving people, you know only as much access and information as they need And that's common sense, you know, even beyond security concerns about somebody doing something possibly maliciously There's just also the concerns about somebody just doing something accidentally like somebody logs into your website and You know accidentally clicks the wrong button and they they had administrative access and then your whole website is gone Things like that so it's it's not nice and we're not necessarily always talking about malicious intent, but also just You know just mistakes that you know, maybe if somebody doesn't have technical knowledge They don't need access to the more tactical parts of the site So and when it comes to Things like teamwork and base camp. I have I have members of my web team who I outsourced to and one of them Is located in Vietnam and one is in Indonesia? And then I have some people that help me with marketing support And they're in in a couple of different locations in the US So the those the people that are doing the social media and email support don't really need, you know Access to the back end of my website. So I just don't they just don't see any of the messages related to to that type of thing so it's so So that gives you, you know, a little bit more control and as well So what one of the key things that we need to take away from here, I guess is You are the manager. You're the owner of this business and so you need to work out where to from here You need to work out once we've worked out who we need to hire and how we're going to hire them You need to work out what they need access to and not just throw your hands up in the air and say it's all too hard So you need to take the responsibility on because this is an employee Yeah, and it does take a little more work at the outset But you know at the end it's it's worthwhile and you know if you already have somebody who maybe somebody who helps with the with the computers In your store, you may be able to just ask them to do some of the research about security make some recommendations to you But I know not everybody not all of us have that and sometimes you just have to take a little time to do a little bit of the extra Extra work to figure out, you know, what kind of security measures are available Okay, so is it anything that we've missed? We've talked about You know sort of the before and as you're hiring and when people are coming on board and monitoring people So I know I think it's just You just have to do periodic check-ins to To make sure you can't just hand things off and then not look at them again. You just need to make sure That everything is going smoothly and that there aren't any issues So I think that is, you know, that's kind of those are kind of the highlights the biggest thing that I see is The two biggest mistakes I see are the weak passwords and the and again the giving people the access to your To your own accounts without giving people their their own accounts and For people who I would just say one other thing for people who do have websites Do some research on the company that hosts your website on the on their security measures because that is that is a big vulnerability a lot of the I Just saw an article that said that 41% of websites that were hacked and broken into it was because of a vulnerable vulnerability with the web host, so don't just go with the cheapest the cheapest web host because that you know that they're cheap because for a reason they're There you get what you what you pay for and they're providing a minimal service and expecting you to take care of all the security precautions So what I'm speaking of websites are what about backups? We haven't really talked about that. Who is responsible for backups? When it comes to websites, that's another thing to research when you're looking at hosting Do they do automated backups? Is there an extra cost for that? Are they expecting you to do backups? I just had a client recently who had she had two websites and one of them was on a really old account with GoDaddy and it turned out that There was absolutely no Security precautions and no backups it was it had been something that had been set up several years ago not really looked at recently and There was a problem with the website and there was there was no backup available So and that you know the backup should apply to any any of your data to you should If you have customer billing data and customer contact information, if you have an email list Then you want to be asking, you know, how can I how can I? Access this if there's a problem And that doesn't have to be expensive I know in some hosting programs It's included, but we have we have our own server for our business and it backs up three times a day So 6 12 6 6 a.m. 12 p.m. And then 6 p.m. Again So you know that at any point in time the most Information you would lose is the 12 hours overnight and obviously we're not usually working on the website between 6 p.m. And 6 a.m. But it's it's safety for us and then The backup backs to a backup and that only costs me three dollars a month So I think we sent it to jungle disc and it automatically pulls that information knowing that I can get to it at any point in time and it's three dollars It's really not an expensive amount of money and that's a huge amount of data That gets pulled off our server because what it does is it only takes the data that's changed each night So if you haven't touched a file, it doesn't update the file Whereas if you have changed it, it will take the latest version and and suck that down and hold it So it doesn't safety doesn't necessarily have to be expensive. It just means You have to actually think about what you're what you need and sometimes you don't know what you don't know Which is why you're here today listening because we're giving you some great ideas And we'll we'll pop all the links up to into the show notes that Aaron's talked about and that we've talked about But one of the other things that I do and now this is a little bit more techie for people who Aren't necessarily that way inclined. It's okay. You can put your fingers in your ears and say la la la la But we have a sandbox site for our website. So essentially that is a copy of the website That a contractor can actually work on but it doesn't affect our real website. So that sandbox site They do the update of whatever they need to do and then once it's completed They send the files back to us where they make we make sure that they're clean and then we upload the changes But what about remote? Access to your computer Aaron is that safe? I like to use drop box as As far as I'm for keeping for storing documents and things if that's what you're thinking about And I'm thinking if someone had to say say you uploaded some software and it's it's a bit buggy And it's not working. I know that Every single company who I ever buy software off the first thing they do is give us the FTP username and password. Oh Yes. Oh, you mean letting somebody else letting letting a vendor or somebody else have the have access Yeah That is you know, that's something that you definitely need to be cautious about and you know think about where it's where it's coming from If it's from a reputable source, you know, if it's if it's Microsoft or something like that You know and you're talking to their tech support. You can feel reasonably confident about that But there are you know, there are a lot of people out there that do that do spamming spoofing and phishing which are all phishing is where people send you an email pretending to be you know a company that you might be using and try to get your password then there are There are scams where you go to a website and it actually read redirects you to another website So you need to be keep an eye out Keep an eye out for that You know, if you bought some software that you would never heard of but it it serves one small purpose that you thought might be helpful and There's some problem with it and they want FTP access You know to your computer then, you know, maybe you maybe you don't do that Maybe you have them walk walk you through what you need to do So I would you know be very cautious about about that Yeah I know we're getting close to time So do you have any resource resources that we could could use to help us either with marketing or with security and our safety on our websites? I do I have I have a free guide on my website actually that is the it's called the ultimate guide to internet marketing tools for entrepreneurs and It is a list that I compiled of just all the all the best tools for everything from email To graphics to managing social media Just just all kinds of things. So that's free. That's on my website And I also have an ebook coming out soon That is about using learning to use MailChimp and all the ins and outs of using MailChimp for email newsletter So which is you know a really important way to keep in touch with customers and prospective customers And and MailChimp, you know, lots of people will talk about how MailChimp is kind of Not at the bottom of the rung but it's not as exclusive as as something like infusion soft But MailChimp is really really good. It can do some amazing things For free or for very low cost. So I think that's a great an ebook on that is fantastic Well, make sure that we link up to in that to the show notes I know you said it's not quite out yet But we'll make sure we find out when it is and that free guide I love free guides I've got a free guide of the eight resources eight free resources. I use every day in business So that's a great one that will link up as well because it's a great way to find out The stuff you don't know. Yeah, we talked about you don't know what you don't know But if somebody else has already done the research for you, how many hours are you gonna save just go great? I'm looking for something for social media. Oh, look Erin seems to know what she's talking about and she uses this brand. I'm just gonna head on over there I don't have to do the thinking Yeah, there are so many times where I have you know, maybe been chatting with somebody and They've mentioned a tool that they use to do a certain thing And I realized I could have been saving myself Hours if I had just known about that and been been using it. So that's why I put the guide Together so that you know, people can find out about those tools and which ones are helpful and If people want to talk to you a bit more about marketing, where can they find you they can find me at Streamline internet marketing calm Fabulous are you on Twitter or Facebook? I am on Twitter at Aaron streamline and I'm on Facebook at facebook.com slash streamline business Great, we'll put all those links up in the show notes So you can pop on over and visit Aaron if you need some marketing help Well, thanks so much Aaron for your help today and all of that information We'll pop a whole bunch of links and references up in the show notes of all that Amazing great notes here of some of the references that Aaron's made. We'll pop those up in the show notes So you've got easy access to them and thank you so much for being on bringing business to retail Thank you for having me. It's been a pleasure to talk to you. I really enjoy it What a great episode so much to take away from somebody who just gave it to us in a really simple Easy to understand language. I hope it wasn't too technical. I know that for some people out there The whole internet online thing can be a little bit overwhelming, but I think Aaron did a really great job of just giving us a down-to-earth Overview of what we need to do to secure our content and as promised I wanted to tell you a little story about my friend Natalie Sisson who I'll drop a link to her blog post in regards to this Into the show notes, but essentially what happened was she hired someone to do some work on her website and she was doing a retreat at the time which went really really well and Then when she came back she had all these emails from people saying that her website was down Now essentially what had happened is the guy who was working on it screwed it up big time the website was down the When it was available the content was all wonky, but essentially what happened was she put a call out to her friends and Between a whole bunch of people and the web host they managed to get her website back up and running in a couple of days Now when your website is your main earner being down for a couple of days has a huge impact So Natalie has some great tech based Information on her blog post about what you can do to make sure or to try as hard as you can to stop your website from going down and keep your content safe and as I said I'll drop that link into the show notes now our next week's episode is our final in the series of how to outsource and We're going to be talking to a couple of people on How they went about outsourcing and their success stories and that's going to be part four of this series the final in the series as Always if you love this episode I would be very very grateful if you could leave a review in iTunes or Stitcher And if you think that you have a friend that would benefit from this podcast or especially this outsourcing series It would be awesome if you could forward them a link and refer them now until next week. Have a great day Bye You You You You You You [BLANK_AUDIO]