The Confident Entrepreneur With Jennifer Ann Johnson
Jennifer is a multifaceted entrepreneur while also actively involved in her community. She owns True Fashionistas (Florida’s largest lifestyle resale store), CooiesCookies, Pink Farmhouse (online store), and Confident Entrepreneur, which encompasses her podcast, blog, motivational speaking, and coaching business for women entrepreneurs. Jennifer is an inspiration to other women business owners - showing it's possible to be successful in business while also making a difference and giving back to her community. Jennifer lives in Naples FL with her husband and twins.
The Confident Entrepreneur With Jennifer Ann Johnson
Digital Defense: Smart Security Moves for Business Owners with Vi Wickam
Your digital assets are your business’s crown jewels—but are they truly secure? Cybersecurity expert Vi Wickam exposes the most common (and dangerous) oversights companies make, from password reuse to neglected cloud storage. Learn how tools like password managers, physical backups, and multi-factor authentication can fortify your defenses. Vi also reveals why conducting a digital asset audit might save you from sabotage, theft, or shady service providers. Whether you're tech-savvy or just starting to think about security, this episode offers real, actionable strategies to keep your business safe.
Visit us at jenniferannjohnson.com and learn how Jennifer can help you build the life you dream of with her online academy, blog, one-on-one coaching, and a variety of other resources!
In an era where data is often called the new oil, securing your digital assets isn't just important, it's mission critical. From customer information to proprietary algorithms, your digital assets are the lifeblood of your business. But with cyber threats evolving at lightning speed, how can you ensure that your digital crown jewels stay protected? That's exactly what we're diving into today. We'll be peeling back the layers of digital security, exploring everything from cloud storage vulnerabilities to the power of multi-factor authentication, which wah-wah, wah-wah, wah-wah-wah. We'll tackle the human elements to discussing how employee training can be your first line of defense against cyber attacks. Our guest today is Vi Wickam of Wizard of Ads, and he's been on before, and we've talked about Google and we've talked about SEO, but today we're talking all about securing your digital assets. And whether you're a tech savvy startup founder or a seasoned business owner feeling overwhelmed by the complexity of cybersecurity, this is going to be the episode for you, because it's going to be packed with actionable insights to help you fortify your digital fortress. So welcome back in, vi.
Vi Wickam:Thank you, Jennifer. It's a pleasure to be here.
Jennifer Johnson:So you know, on the last podcast I briefly mentioned, you know I had a little foray into this. It wasn't a huge deal and it didn't involve anybody's information or anything like that, but you guys stepped in, helped me fix it and all of that. But we're seeing a lot of this lately and what are you seeing as the most common vulnerabilities that people have with their digital assets today?
Vi Wickam:Well, I would say the most common vulnerability I see is people who reuse passwords, which is like that's a common old old thing.
Jennifer Johnson:Where's my want want button?
Vi Wickam:I can't tell you how many times I have a client give me a password and then I asked for a password for a different asset that we need to help them with and they're like, oh, it's the same. I'm like, oh, no don't do that. We all do it.
Jennifer Johnson:All of us.
Vi Wickam:Well, the real trouble is, when you do that, you're putting your password in the hands of a website and if that website gets hacked, your password got compromised. And there are a lot of big companies whose data has been compromised in that way, including Twitter and Adobe. Actually, check me on Twitter, I'm not 100% sure on that, but Adobe and like there's been a ton of big, big name companies who who had big compromises in the data the U S government has the veterans and foreign affairs, like the veterans database was completely compromised and ton and this was years ago but tons of people's data is out there, which sometimes it's just your name and your email address, but sometimes it's your password too, and if you're reusing your password, they get your password on one site and they've got your password everywhere. So it really is critical that you use passwords that are different across sites.
Jennifer Johnson:That's so hard. How do you remember them all?
Vi Wickam:Well, I use LastPass, and LastPass is one of a handful of good password safes out there. There's no perfect answer, but LastPass allows me to store my passwords in an encrypted format and it allows me to share passwords with specific permissions to different groups of people. So there's the personal version of LastPass, where you can import your passwords from Chrome or Firefox or Safari, whichever password safe you're currently using. So browser storage of passwords is kind of like that's level one of you know pretty OK.
Vi Wickam:OK, it's not great but you know Apple also has the Apple password key safe. That is useful. Key safe. That is useful and it's useful across wherever you're using that browser. So if you're using a Google phone and a Google browser, it'll transfer between those two. Same thing with Apple. If you're using iPhone and Safari and you're using an Apple computer, those will transfer. You know, get your passwords personally across those two places so you can share passwords with yourself.
Vi Wickam:But we're talking about business here as well, and when it comes to business, something like LastPass has the ability that I can create folders that are then shared with my employees and I can create an administration folder and I can create a client's folder and then I can create separate subfolders for the different clients and then I can share those appropriately to my employees and I can say these you know like this folder is shared to this employee but it's read-only, so this employee can edit the passwords. This one can only read them and this employee can't see the passwords. They can only use the passwords and then if an employee is terminated, I can just terminate their access from LastPass and they'll never see those passwords again.
Jennifer Johnson:And so that's also helpful if you're working with a third party who's doing advertising or who's doing, you know, whatever for you.
Vi Wickam:Yes, absolutely. Anything that they're doing online for you, you can share, or you can share via folder if you're using the business version of it. So, and it's reasonably inexpensive, it's like, I think, $35 a year for the personal version and I think it's like $3 per employee per month for the business version, so relatively inexpensive, and you know you don't need the business version really until you've got like five employees or so.
Jennifer Johnson:You know the thing that I worry about with all of the stuff that is online. You know I've been using Dropbox a lot. I I'm the person that puts all my stuff on my desktop. You don't want to look at my desktop, but I've been trying to be more palpitations here.
Jennifer Johnson:Yeah, and my, my husband's gotten on me about it. So finally he switched me to a Mac, which I'm telling you is going to be the death of me. I'm going to figure it out. It's going to be okay, cause I'm a PC girl through and through.
Jennifer Johnson:Yeah, I understand I figured out how to use Dropbox. I'm putting everything in there Now, all of a sudden, you know I'll wake up at three in the morning and go oh my gosh, what if all my stuff is gone? What if all my stuff is gone from you know? How is that secure? How is Dropbox and other cloud storage spots?
Vi Wickam:Again, it's as secure as your password.
Vi Wickam:Oh yeah, so, generally speaking, like there could be a data breach at Google Drive or at Microsoft OneDrive or at Dropbox, like it is a data center or a series of data centers around the world where that stuff's stored in. But the reality is, no matter what you've got, that data is out there in the world, you know, and anybody can get hacked, right? You know you try to put your trust in people that are less likely to get hacked. So you know, I do have a Dropbox account where I store some stuff. I also have a Google drive account, which is where I store my business stuff and some of my personal stuff, and I use a tool called Backblaze. Backblaze, okay, and it's like Carbonite. Carbonite is another cloud backup solution, but I back up everything on my hard drive, plus everything that's in Dropbox and Google Drive on my personal drives, to Backblaze, okay, so I wouldn't live without it and, additionally, everything that's on my first hard drive gets backed up to a second hard drive.
Vi Wickam:So I automatically do this, because I have mine set up to do so, backblaze totally runs automatically and I have an overnight backup job that I set up to do so. Backblaze totally runs automatically and I have an overnight backup job that I set up for myself. I am a little obsessive about backups because I ran an it company for 15 years and when you see what happens when people don't- run backups.
Jennifer Johnson:You don't want to don't? I can't hear it because I have you just you have to run backups.
Vi Wickam:So my wife uses a Mac, I'm a PC guy and we both use Backblaze, so we both have Backblaze running everything.
Vi Wickam:She also has the Macintosh, the Apple backup thing, which I can't think of, the name of right now, but she has that running to an external hard drive that she runs, I think, once a week or something like that to back everything up to that as well. So I think that having multiple backup redundancies at least two is a good idea. So having some sort of physical backup to a different physical medium and then having a cloud backup is a good idea. The good thing about something like Google Drive for business is there's some retention built into it where if somebody deletes something from your company drive, there's a window of time where you can restore that.
Vi Wickam:And so I've had this employee leaves and decides to delete everything.
Vi Wickam:Okay, you'll be able to recover that, and so I've. I had this prior to Google drive being a thing with one of my clients where their office manager got fired and she, just like, selected their server shared hard drive and hit delete. And you know we had a backup from the night before, but you know they still had to hire us to come out and restore that drive. So you know you don't want to be having to deal with that either, and you know this is outside the scope of what I thought we were going to talk about, but this is important stuff too.
Jennifer Johnson:This is what happens when you're on a podcast with me. You start unearthing things and then I'm like oh well, let's dig into this.
Vi Wickam:Well, what about this? And what about this?
Jennifer Johnson:That's right, multi-factor authentication. Yeah, this used to drive me crazy because I'm like really, why do I have to do this? I would get flustered, I would get upset. What's the importance?
Vi Wickam:Well, the importance is, if somebody has taken your password and you have multi-factor authentication turned on, they can use that password but not be able to get in. So they'll get to the point where they try to log in and it says you know, please enter your six-digit code, and you have your cell phone. Or you have the authenticator app on your cell phone and they're SOL because they don't have the authenticator app. So, like I, will be vulnerable here and let you know that there's one or two social media platforms that I never use that I have an old password on that I probably haven't reset. I don't actually even know if I've reset it in the last five years, but I have two-factor authentication turned on and I know that it's going to text my cell phone every time I try to log in. So if somebody tried to hack into it, I know that I've got that as my validation.
Jennifer Johnson:Sure, so we should have that set up on everything we possibly can have.
Vi Wickam:Every online account that you can set up 2FA on, you should absolutely set up two-factor authentication.
Jennifer Johnson:Awesome. So, in the realm of we're talking about security, how often or how do we first of all, how do we? And then how often should we be doing an assessment of our digital assets, our digital assets, to see where there's a loophole or where something is needs to be shored up a little bit more?
Vi Wickam:So the truth is, most people have never done it. That's where the real problem is. So if you've never done it, you absolutely should do it right away. This is a critical thing to do to determine what your risks are, to put patches in place. You know, those risks could include things like well, I don't have automatic updates turned on on my computers.
Vi Wickam:Or you know like, we have a publicly available computer that doesn't have a password on it at all. We've shared these passwords with seven people and two of those people are no longer around, but we haven't changed the password. Or our domain name is registered with the guy that made our website seven years ago and he's still doing the renewals, and we don't have any access to that domain name. So if you've never done that, you need to do it today, and we have a tool up on wizardofadsonlinecom slash weasels that you can weasels. Yeah. So the the? The reason there is like we've got a joke name for digital people who don't have the client's best interests at hand, and we call them digital weasels because there are classes on how to take people for a thousand bucks a month, how to make a quarter of a million dollars a year without working.
Vi Wickam:Oh my gosh without working and how to sell people on a thousand dollar a month SEO plan where, basically, what you do is you. You know you set up a report that emails them once a month and then you don't do anything and by the time they're upset. You know you found somebody else to fill it up. You know and you know it's a terrible, terrible scam. But there are a lot of digital people who are unethical.
Vi Wickam:There are even more that are just lazy services, whether that's SEO services or ads management services or web development services or data management services any of these things. You need to make sure that your assets are secured, which includes things like LastPass. You need something that's going to manage your passwords. You need to make sure that you own your domain and that you control your domain. You need to make sure that all of your employees are using emails that are at your domain. So you know I can't tell you how many times I've had clients who well, yeah, all our technicians are using Gmail addresses because we didn't want to pay for Google Workspace.
Vi Wickam:I'm like okay, so you're saving $70 a month and the potential cost to you is that employee has all of these communications with customers and now they can you part ways with them? And they're like I'm going to just email all those customers and tell them hey, I'm on my own now and I'm going to do the work for half the price that they're going to do it and you know.
Jennifer Johnson:People forget that, like I am the same way with cell phones. Like, don't get a customer cell phone on somebody's personal phone, it needs to be on a business phone.
Vi Wickam:Right. Cell phone on somebody's personal phone, it needs to be on a business phone, right. And so one of the options there is a service like RingCentral where you have a company line that forwards to their cell phones, because landlines are pretty much gone away. What's that? Yeah, but you do want to have that control and that oversight of those communications. So if you use a service like RingCentral or 10 others that are similar I say RingCentral because that's what we signed up for, but it's not like that's the only one or that it's magic but you can say each of you get these numbers and it rings on their phone in an app and you have a virtual phone system where you've got your main office number and then you've got a call tree. Basically that splits up who gets what calls. If they press one for sales, it goes rings to this person, then this person and you know, because you don't really want employees making phone calls to customers on personal lines as a rule of thumb.
Jennifer Johnson:Right, absolutely, it's a good rule of thumb to have in your business. Yeah, so, worst case scenario, yeah, some breach happens in your business. What do you do Like? What should I be doing? What should my step be?
Vi Wickam:Well, you got to figure out first whether it's a real breach or it's a spoofing.
Jennifer Johnson:So what, what you had was?
Vi Wickam:a spoofing where somebody had scraped the content off your website and presented themselves as if they were you. Right, which I've seen, like most of the time on Facebook. When people say your Facebook was hacked, that's what's happened is, somebody scraped your photo and they scraped your last three posts and then they posted that on a new profile and gave it the same name as yours and they're impersonating you at it.
Vi Wickam:And you know they're impersonating you to try and take advantage of your friends or take advantage of your reputation as a business and, again, you know, using all of the content that you've created and all the goodwill that you've created, and so obviously you've got to nip those in the bud. But it's an entirely different process to do that than it is to undo a hack. So, you know, an example of a hack is somebody compromised your website and put malicious code on your website. So now when somebody visits your website, it's trying to download that malicious code on everybody's computers.
Jennifer Johnson:I see versus a spoofing. They just take a like nobody can do a transaction on that page.
Vi Wickam:Well, maybe they could, but it's not going to be with you. So that's like that's very often, when somebody steals website content and spoofs you, what they're really trying to do is steal credit cards from people.
Jennifer Johnson:Oh, I see.
Vi Wickam:So and potentially also steal money. So if they have an actual account tied to it, you know somebody you'll check out on that site. Right account tied to it.
Vi Wickam:You know somebody you'll check out on that site. They'll get the money and they will, you know, take that money and never deliver anything. And the person will call you and say, hey, I bought something from you and I never received it. And you're like well, nobody played, I've got no record of you in my customer database. You don't like I've, I've got no reason to believe this. And they're like well, let me forward you the email confirmation I got, and you see that it's at a different website when they forwarded to you. And you're like well, this wasn't us. And then you've got to figure out who it was so that you can get them removed and get them taken down, which is a huge hassle, as you know.
Vi Wickam:But if you know, like in my 27 years of doing web stuff, I've had a couple of times where somebody I hosted got hacked.
Vi Wickam:Mostly, though, what I've done is I've had clients come on because they've gotten hacked on somebody else's hosting and I've had to clean up the mess, and I believe so strongly in my hosting that I have a guarantee that if somebody gets hacked and I'm maintaining the site that they won't pay me any extra to clean it up, because I make sure that WordPress is up to date and the plugins are up to date.
Vi Wickam:So when you talk about security, very often when you're talking about something like WordPress, the problem is is they've got out of date plugins that had a security vulnerability, and you know, because the plugin is so far out of date, you know it might be three years or five years out of date and you know there's things in the web that have changed. The rules are always in flux. If that vulnerability is found and they haven't updated to patch it, you're a sitting duck. You're just waiting to get hacked. So our goal is to make sure that doesn't happen. But when it does, you have to root it out on the server and find all the traces of it, because very often those people that do that will leave back doors and leave code in places you wouldn't expect it so that they can get back in later.
Jennifer Johnson:That's just crazy. It's a crazy world, I mean I know we can talk about this for hours and hours, but I appreciate everything that you've shared with our listeners today, because this is great information and I'm sure we'll have you on again to really go in depth. But if our listeners would like to get ahold of you, how can they do so?
Vi Wickam:So you can find me on my business website at wizardofadsonlinecom, and if you're looking for my music, you can find that at vythefiddlercom.
Jennifer Johnson:I love it. I love it. Thank you so much, vi again, for being on and sharing with all of our listeners.
Vi Wickam:Oh, my pleasure, Jennifer. Always a pleasure to get to hang out with you.
Jennifer Johnson:Fabulous and thank you everyone and have a fabulous day. Bye, Bye, Woo-hoo.
