057: LINDSAY MILLER OF HALF HITCH 3

SELF MADE STRATEGIES EPISODE 057 WITH LINDSAY MILLER OF HALF HITCH 3
About Half Hitch 3 and Lindsay Miller
IS YOUR 24/7 SALESPERSON WORKING PART TIME?

Your website is not only your number one marketing asset, it is also your number one salesperson. Quite often, it’s the first place customers go to research your business and it is at that time that they are formulating their first impression of you.

At Half Hitch 3, they take an intelligent approach to web design and development that serves to eliminate the headaches of traditional web design and drives optimal results using data.

With Half Hitch 3, your website will incrementally become stronger as we continue to measure, iterate and act – allowing your business to stay ahead of the curve.

Visit https://halfhitch3.com/ for more information.

Lindsay is a rock star web developer with over five years of web design and development experience. She is also a proud US military veteran who is passionate about helping new businesses get up and running online.

As well as helping established businesses improve their existing websites. She specializes in WordPress websites that are user friendly and fully editable. Once they are built, you can see her work on her site, halfhitch3.com. But you can also see the great work she did on both of my sites, lopeslawllc.com and selfmadestrategies.com.

SHOW AGENDA

On today’s episode we will:

  • Get to know Lindsay and hear about her wonderful journey into entrepreneurship
  • We will discuss best practices for developing your website
  • Discuss how to protect yourself and your business from cybersecurity threats
WHAT YOU WILL HEAR ON THIS EPISODE:
  • Why cybersecurity protections are more important now than ever
  • How to ensure that your website stays up to date
  • The importance of SSL certificates
  • Why WordPress sites may be the best option for your business
  • And so much more!
PRODUCTION CREDITS:

The Self Made Strategies Hustle Story is a SoftStix Productions jawn.  Tony Lopes produced, edited, and hosted this episode.  This episode was recorded on location at Indy Hall (www.indyhall.org).  Self Made Strategies is sponsored by Lopes Law LLC (www.LopesLawLLC.com).

Make sure you subscribe to the Self Made Strategies Podcast on your favorite podcasting platform.  You can find us on: Apple Podcasts, Google Podcasts, iHeartRadio, and Spreaker.

Do you want even more awesome Self Made Strategies content?  Make sure you follow Self Made Strategies on:  Facebook – Instagram – LinkedIn – Twitter

HERE IS THE TRANSCRIPT FOR EPISODE 057 OF THE SELF MADE STRATEGIES PODCAST:

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:00:23] Welcome to a brand new episode of the Self Made Strategies Podcast. I’m your host Tony Lopes, and with me today is Lindsay Miller of Half Hitch 3. Hey Lindsay, how’s it going?

Lindsay Miller (Half Hitch 3): [00:00:33] Good. Thank you for having me.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:00:34] Thanks for coming in. Lindsay is a rock star web developer with over five years of web design and development experience and is a proud us military veteran who is passionate about helping new businesses get up and running online.

As well as helping established businesses improve their existing websites. She specializes in WordPress websites that are user friendly and fully editable. Once they are built, you can see her work on her site, halfhitch3.com. But you can also see the great work she did on both of my sites, lopeslawllc.com and selfmadestrategies.com of course.

So Lindsay redesigned both of our sites, did an amazing job, by the way. We’ve gotten a lot of great feedback from everyone that’s been on our site, and now she’s working on my wife’s sites as well. So it’s a little bit of a family affair, but. On this episode, we’re going to get to know Lindsay. We’re going to hear a lot about how she started Half Hitch 3, but we’re also going to talk about cybersecurity data protection, best practices for designing your website and how you can keep your site up to date, secure, SEO friendly, all of those things.

Thanks for being here, Lindsay. So we’ll start right with the beginning of Half Hitch 3. Tell us how you got started, how it all came about, what made you want to start that business?

Lindsay Miller (Half Hitch 3): [00:01:53] Okay, cool. Um, yeah, so it was a little over a year ago. Uh, the company I was working for was starting to feel like it was in trouble financially, and we could all tell, but we were all.

Assured that everything was fine. So it was 10 days before Christmas, I got called into the boss’s office, and a quick little conversation ended with me being laid off. So, uh, was pretty shocked at first, but went home that day. And funny enough, I had a thought that morning before I went in to work. I thought, I want to work for myself.

And that happened. And uh, you know, it was just fate. So I moped around for a few days and started looking for other jobs, kind of put that, want to work for myself, thought, you know, in the, in the past and buried it. Uh, so I started looking for other jobs and. Started applying and nothing was really coming of it.

So right after Christmas, I decided that I just wanted to start my own business. I, I’ve known that I have all the tools and I’ve been taking notes along my whole career, working for some pretty big companies, and, you know, just taking notes of how it’s done and I know that I can do it all. So I just kind of.

Started putting some things together and Half Hitch 3 was born.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:03:03] That’s awesome. And so you just started designing websites right from the get go?

Lindsay Miller (Half Hitch 3): [00:03:07] Yeah, so I spent some time designing my website and I think I’ve redesigned my site four times in the past year, so it really started, I want to get something up and you know, just get right out there and start getting clients.

And that’s not really the. It’s a dream, but it’s not, it didn’t happen. So, you know, and then I thought, Oh, I can just stay home and not, and people just come to me. That didn’t happen either. So, you know, I joined, joined a coworking space, and that’s where I started networking and meeting people and, and that’s when it really took off.

D hall.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:03:38] Yeah. Shout out to Andy hall. As most people know, we’re in the room in Indy hall right now. A big shout out to them. Alex was a guest on our show previously and we recorded here. Of course. Just a quick reminder to our listeners that where ever you listen to your podcasts, you should go hit that follow or subscribe button, and if you listen on iHeart radio, you can actually hit auto download and just get yourself made strategies episodes automatically downloaded to your phone so you never miss an episode with awesome entrepreneurs.

Like Lindsay that aside. Now let’s dive into some cybersecurity stuff, and we can talk mainly about whatever you want, but we can start with best practices for designing a website. What do you think those are?

Lindsay Miller (Half Hitch 3): [00:04:18] A user friendly. I mean, if you go into a store and you’re, you know. Taken by all these paths to go and you don’t really know, you know, what are you doing there?

You kind of need a roadmap. So a website should, should very be very user friendly. Um, a lot of thoughts should be put into the experience that the user has and also the company’s goals. You know, when I’m having a call with a new client, I’ll ask. Fill in the blank for me. I want my website to be a tool to, you know, what do you, what do you want it to do for you?

So that’s something that a lot of people think. I just, I just want a website, but you’ve got to think about your website as a tool because it is working for you. 24 seven. And you know, what do you want it to be doing for you while you’re asleep? So, um, yeah, really just user experience is, is the main thing, the big thing.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:05:05] And yeah, it really is the face of your business, so to speak, especially in today’s world. If you don’t have a website, the majority of people aren’t even going to talk to you or do business with you. It’s just. They don’t have a website, something must be wrong.

Lindsay Miller (Half Hitch 3): [00:05:16] Right? Yeah. Are they real? And that being said, too, um, if you have a website and the website isn’t good, that’s just another know this company clearly doesn’t care about their image.

Or if they have a website that’s, it looks like it’s from the 90s. And what is that saying about. The status and the speed of your company. Right,

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:05:35] right. Yeah. Actually quick sidebar to that, I was Christmas shopping for Sarah for my wife and while I was doing it, I was looking for um, Victoria and stuff cause she likes kind of antiquey looking stuff.

And I found this website that had some really cool stuff on it, but. The website looked to your point like it was from the eighties or nineties like the old school, like just text-based, you know, with the boxes around the text and stuff, and the text on the left side and just looked really weird. And I thought to myself, there’s no way I am putting my credit card information into this site.

Absolutely not. And so yeah, to your point, that becomes a big issue and a big turnoff for people. Yeah. So what about looking at S L certificates? What are they, why do people need them? Why are they a must have for most websites? Okay.

Lindsay Miller (Half Hitch 3): [00:06:21] So SSL stands for secure sockets layer. Um, and what that does is it basically creates end to end encryption.

So any data that gets put in goes through an encrypted tunnel. And encryption is just the scrambling of. You know all the characters and there’s keys involved with it. I can get very technical, but I won’t, but it basically encrypts it so it’s safe that way. If someone is sniffing like packets and watching your network, they’re not going to be able to see that.

So it’s super important. It’s really, honestly, it’s important for everyone to have one. Many companies that offer hosting offer a free SSL certificate. It’s let’s encrypt is the pretty standard. Um, but if you have, uh, a website that has a form where your users are putting in their information, although it’s not their credit card information, it’s still.

It’s still their information. Say they’re putting in their address or their email, like, I don’t want my email address. And you know, we all get spammed, but it’s just one more way that you can make people feel safe about filling out forms. And, um, also WordPress websites have the, the login screen. And so if you don’t have an SSL and you’re logging in, you’re pushing your credentials through there un-encrypted every single time.

And the WordPress login pages is a commonly known and you know how to get there. Right? So why would you think that you’re safe? You’re really not safe.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:07:41] Yeah. And there are a couple of things to unpack there. As you mentioned, even email addresses. What one would think is basic user data, right, is generally required to be.

Taken care of very carefully under the GDPR, which is the general data protection regulation, which is mainly in Europe for EU member States. But there’s also the CCPA, which is the California consumer protection act, which covers a lot of the U S because if you’re dealing with anyone. Who comes to your website from California, you have to comply with those regulations and a lot of people, basically, we’re all at risk essentially, because even if you’re collecting emails for your newsletter, for example, or for your email marketing campaigns or whatever, you’re at risk of getting breached, losing that data, and then you’re up for grabs in terms of liability.

Someone could Sue you. But beyond that, for eCommerce websites, they have a. Pretty much a requirement to be PCI D S S compliant, and that’s payment card industry data security, standard compliant. And generally speaking. At a very high level, right? That means you need to build and maintain a secure network and systems.

You have to protect cardholder data. You have to maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy. But can you tell us more about all of that? I know I kind of hit the high notes there, but on a technical level, what are some of the ways that you can maintain compliance with the PCI DSS.

Lindsay Miller (Half Hitch 3): [00:09:17] the biggest thing that I can speak of on that is going to be having that SSL certificate. And then also, um, making sure that if you’re using a hosting company, you know, you’re on a shared server, right? So. Even though you might be keeping your stuff up to date, the guy next to you might not be.

So you need to make sure that you’re, if you’re, if you’re storing customer data, that it’s stored somewhere secure and making sure that the file permissions are all set. Everything needs to be locked down.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:09:48] Right. And then there are other issues as well with. Google penalizing you if you don’t have an SSL certificate.

Lindsay Miller (Half Hitch 3): [00:09:53] Exactly. And to ’em, if you go to a website, depending on what browser you’re in, sometimes you’ll get the warning. This site is insecure. That’s enough to turn someone away right away. You gotta be pretty dedicated to saying, okay, ignore, you know, you gotta check the box. Like it’s just, it’s just not, not okay in this day and age, and Google is really taking a stand against it.

They want a secure internet as well. So. They will penalize your search results if you don’t have an SSL.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:10:19] Exactly. Now shifting to usernames and passwords. Right. Which is a bugaboo with everybody. They get all upset that they have to change their passwords every three months or whatever. My wife gets on me because I have like a password keeper and my phone.

And I always come up with these. You’ve

Lindsay Miller (Half Hitch 3): [00:10:34] seen them because I’ve

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:10:36] shared my password so that you can get in and design the site. But I always just use like Google’s a strong password suggester or whatever, or the one in my phone. What are your best practices for that,

Lindsay Miller (Half Hitch 3): [00:10:48] for creating passwords? Um, it, it definitely, there’s all sorts of standards.

I mean, you could Google it and you’re going to get 10 different answers, but the longer. The longer the password, the better. Um, if you’re going to have a username, uh, don’t make it admin or anything, you know, don’t make yours Tony, like, as easy as it is for us to remember those things. If we use password managers like LastPass or Dashlane.

Those, those, those will save those passwords and usernames for you. Taking that out of the equation, right. Because you know, I’ll send clients passwords and usernames all the time and I get this smoking hot email back at that. They’re mad that I’m never going to remember this. Can you just make it my wife’s name and yeah, I’d love to, but if someone else knows your wife, then your website’s going to get hacked or you know, you’re hosting and.

That’s not something to play with that can really damage your business in the end,

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:11:37] which also to your point, I mean, it’s not hard in today’s world to find information on someone that pretty much tells you almost everything about them. You’re posting stuff on Facebook kind of haphazardly, not really thinking about what you’re posting to Instagram and you think you’re locking down your account because you’re marking them private or whatever.

But trust me, the hackers can get there, so you cannot hide from anyone. In today’s world. And to your point, if you’re just using this sort of, you know, generic information, you’re really at risk, right?

Lindsay Miller (Half Hitch 3): [00:12:10] Right. And with, like I said, with the face of your business being, you know, being your website, having something so insecure is not okay.

Someone could get in there, hack it, and do horrible things. Whether they change your texts, whether they put, you know. Pornographic, you know, it’s happened. Sure. You’ve gone to websites where you will, you’ll get redirected or you’ll see things on the homepage that are right. They’re horrible.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:12:33] Yeah. One, one thing I’ve noticed recently is, um, I was working with someone, and I won’t say who it is or any of that, obviously, so that I don’t, so that I protect the innocent and their website was fine, but their SERP results, they’re on.

Google search engine results page results, right? Where you, so essentially you Google this individual and their website popped, you know, the listing on Google is their website and then whatever their about page contact page, all that stuff. And there’s that sort of three lines, that many paragraph of text, and that was clearly not about them, just that bit of data on the results page had been hacked or something.

Yeah. And I guess on the back end of their code, somebody had been messing with their site and they just didn’t even know because their website looked fine.

Lindsay Miller (Half Hitch 3): [00:13:22] Right? Yeah. And that and that type of stuff. I mean, a website can be hacked through a form of a form, doesn’t have the right, uh, regulations, uh, coded into it.

Things can get injected into the database. WordPress is database driven. So if a hacker really wants to get into your site. And they’re dedicated and motivated. They, there are many, many ways, but there are also, on the other side of that, there’s a lot of security measures that my company takes to make forums secure.

You know, a lot of, a lot of that stuff that you wouldn’t really think about on the front end. There’s a lot that goes on in the backend

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:13:55] right. So looking at the structure of passwords as well. I personally agree with you that just using alphanumeric jibberish non dictionary words, and even when you’re using symbols, like your dollar signs or your at symbols, trying not to just use those in place of the

Lindsay Miller (Half Hitch 3): [00:14:12] common layer, right?

Yeah. It’s not

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:14:15] gonna work. Right. So what are the best practices for preventing hackers from being able to use password crackers. What, what are your best practices for structuring your

Lindsay Miller (Half Hitch 3): [00:14:26] passage? So basically, I mean, you pretty much just hit everything. Um, the one thing I want to stress is if it’s in the dictionary.

It’s going to get cracked. I, I actually just, uh, was working with a program that was a password Cracker, not maliciously as training. And, uh, it went through a sequence of passwords. You could see it on the screen and, you know, it was, uh, like love my kids for, and you know, like all these things that people really use and it found the password in a matter of minutes.

Wow. So, yeah, really, the longer, the better. Um, alphanumeric. And if the website has a structure that they want you to follow, cause sometimes you know, where like I have this great password and then it’s like, sorry, you used an apostrophe and you can’t have one. So really, you know, you’re kind of sometimes at the mercy of, uh, of the site that you’re signing up for.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:15:16] But, um, what’s your personal feel on like Google’s password generator and password keeper? Cause now Google has. As part of your Google account, right. They have that when you’re in a site that has a form and it’s asking you to register or whatever, it can suggest a strong password. Right? Yeah. And in all honesty, I’ve been using that because it just suggests,

Lindsay Miller (Half Hitch 3): [00:15:39] yeah, yeah, yeah.

I am. It keeps it. So Google is a company that’s very reputable and they’ve put a lot of money into the things that they do. So I think it’s a great solution. I use it as well. Um, I used to go out to a password generator and then copy and paste and all that. But this just kind of is in the world that we’re living in.

Is that easy, quick, you know, just don’t save passwords in your browsers. That’s one major, major thing to, you know, it’s easy, but it’s not, not a good strategy.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:16:07] Chrome, Firefox,

Lindsay Miller (Half Hitch 3): [00:16:08] it’ll suggest. Exactly. It’ll suggest it. And although we’re like, Oh, well, it’s my computer. It’s not right. You got to think about you’re saving it.

Where is it being saved to? Is that secure? So although it’s easy, it’s not a good

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:16:21] plan, then there are issues with wifi hacking. I know that’s not exactly in your, in your space particularly, but just a quick tangent for. To this point, right? Because a lot of times, you know, you have, whoever your internet service provider is, come over, install your modem after, you know, that six hour window that you’ve been sitting at home waiting for them to show up.

Um, but they come, they install their modem, and then generally speaking, the modems. Have just a regular user name is admin and the password is password, which by the way, who’s designing these modems? You put the stupid sticker on there with the wifi password. That’s like all jibberish, right? Why can’t you do that to the modem as well?

Fine. Whatever. But so that’s an issue because people do still, we’ve sort of forgotten about this, I think societaly but people still steal internet. From their neighbors and stuff. So you have to actively go in there and change your admin settings, otherwise you’re just at risk.

Lindsay Miller (Half Hitch 3): [00:17:17] Yeah, and there’s another, uh, another little wifi security tip would be to disable your SSI ID, which is the name of your network, and just programmed that stuff into your devices.

That way it automatically connects and you don’t have that risk. Right. The risk used to be a lot bigger. But it’s still, if, if you’re, you know, when I log into my wifi at home, I see all of my neighbors. Yeah. Most of them have a lock on it. But if I was curious, you know, it’s just the same as, as going into Starbucks and trying to use their, their wifi.

If anybody’s is running any type of software, your traffic is all out there.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:17:52] Right. And of course, nowadays people are, I think are a little bit more aware of using say VPNs or something along those lines, which is fantastic. And. That’s generally recommended. What’d you say?

Lindsay Miller (Half Hitch 3): [00:18:03] Yeah. So one thing with VPNs though, make sure it’s a paid VPN.

If it’s a free VPN, you’re the, you’re the subject of some type of test, you know, like if it’s free, it’s not, it’s too good to be true. So make sure that you choose a VPN service that, uh, is not free. And also, um, the country that the VPN service is located in. Uh, check the laws on, are they required to make that data available if requested?

Some countries are, some countries aren’t. I believe Panama, I’m not sure which VPN service it is, but there’s one in Panama that’s, it’s one of the best because Panama has some pretty good. I mean, I’m trying to see regulations. So yeah, there’s a lot of things to consider with VPN, although VPNs are great.

Really do your research before jumping in to get one.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:18:53] Cool. Now going back to websites, so two factor authentication. Um, what are you, what are your thoughts on that? Should people be using it on everything? Should they be using it on their own website? W what do you think about two factor authentication? I know it’s becoming a new.

Sort of nouveau thing that everyone’s doing all of a sudden, and it’s a little cumbersome still. We’re still kind of figuring it out. But what are your thoughts?

Lindsay Miller (Half Hitch 3): [00:19:17] Yes. So, um, the websites that we do that is an option. Um, I haven’t had anyone specifically request it, but as we keep growing. And wanting to make our websites really a security first.

I don’t want our clients to have to ask, can you make my website secure? I want to give it to you as secure as possible. So two factor authentication is something that can be built in, and I would highly, highly recommend it. The problem is it’s, it’s, it’s one extra step, right? For example, when I log into my PayPal, I have it turned on and I have to check that text message and I have to get that code.

But it’s keeping people from getting in there and you’re changing the bank account, routing my money to there. So, yeah, I definitely think anywhere that it can be used, that it should be used. It’s just that one extra layer. You know, you can’t just rely, even if you do have a secure password, if there’s a will, there’s a way, even if it is alphanumeric.

Um, so two factors should be used whenever possible.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:20:14] And I know just from talking to you, um, while we’ve been working on the sites together and stuff, that you’re kind of a. Social engineering enthusiast. Yes. Yeah. Yeah. So what are your thoughts on that? Because it’s becoming very, very sophisticated. First of all, what is social engineering?

For those who don’t know?

Lindsay Miller (Half Hitch 3): [00:20:32] So social engineering is where you would be tricked into giving up your information and not even knowing it, right? So you could get an email maybe from your bank that says, Hey, we, you know, we did a new. System and we need you to reverify your credentials. Right? Um, so that’s, that’s the overview of social engineering.

But even if you work for a company, even a large corporation, someone could easily maybe call your desk, find your phone number online. Cause websites too. There’s a fine line of how much we wanna put on there about employees. And, you know, do we really need to list extensions? But someone could easily call and say, Hey, this is the it department.

We need your password, you know, we’re locked out. Or, and people will do it because they just don’t. They don’t. They don’t know any better, of course. And everybody’s good and you know, Oh, it’s the it department. They need it. Let me help them. So that’s just our nature.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:21:26] My family members, I’ve had some family members, I’ve had some friends who will sometimes say, Hey, I got like this call and a voicemail from the social security administration, and they need my information right away.

And they want me to call this one 800 number. Generally speaking, the government is not going to be calling you up, asking you to remind them what your social security number is or whatever. So. Those are all fake. Stay away from them. Um, but you see it a lot. Actually, I, I personally think the biggest danger right now is on LinkedIn because LinkedIn is making a significant push and nothing against LinkedIn.

I don’t think the site itself is doing anything wrong. But you’re getting messages and connection requests from tons of hackers right now, because if you pay attention to it, a lot of times, if it’s somebody you don’t know, you should not be accepting that request first and foremost. But sometimes those messages will have information that they’re trying to get from you.

And if they. Get to your LinkedIn page and depending on what you have out there on your LinkedIn page, to your point is information that you’re granting people to use. In these social engineering scenarios, right? Yeah, yeah. Okay, so back to a two factor authentication, and sorry for the tangent, it’s

Lindsay Miller (Half Hitch 3): [00:22:44] just

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:22:45] my ADHD just kicks in every once in a while, but I’m looking at the ring camera hack.

What are your feelings on that? Tell us about what happened in that first and foremost, and then what your best practices are after the fact.

Lindsay Miller (Half Hitch 3): [00:22:58] Yeah, so with the ring camera thing, um, you know, people are trying to blame ring ring didn’t not enable your two factor authentication that’s on you. So with something like a camera in your home, if there’s an option you need to enable that.

Right? Because that’s, that’s dealing with the privacy of, of families and whatnot. And Disney plus. That was also another thing where hackers were getting in and then they were changing passwords and locking people out. And what, you know, what do you do at that point? Right? You have to prove that it’s your account, and that’s not always easy.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:23:34] Yeah. Well, so with stuff like ring, going back to that. All of these peripherals that you have in your home are basically entry points into your wifi, correct? Correct. So if you have a quote unquote smart TV, when you’re putting it on your wifi network, those devices really don’t have that sophisticated security, especially if they’re older.

So it’s basically an easy hack into your wifi system, right? Correct. Can you explain that a little bit, how it works and how people might be able to protect against that. Um, if you have an opinion. Yeah. So I

Lindsay Miller (Half Hitch 3): [00:24:06] actually recently saw a news article, um, about that, and it’s just, you need to turn off any monitoring of, and it’s just like Alexa always listening.

You know, you need to look into these things that are by default turned on right. And get that stuff turned off because yeah, those are additional penetration points into your network.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:24:28] Is there a way to safely use those devices? Do you recommend, for example, segmenting them? You know, you have your 2.4. A gigahertz party, your wifi, and then you have your 5g version of your wifi, and then you have your guest account.

Is it better to put all of those things on your guest account and does that more or less secure?

Lindsay Miller (Half Hitch 3): [00:24:47] That’s a really good question. I guess in, in theory, yeah, if you, if you, if you have the knowhow to do that type of stuff, I think that that’s definitely a really good, right.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:24:57] First and foremost, it starts with a solid, secure.

Lindsay Miller (Half Hitch 3): [00:25:01] Yeah, definitely. And then just checking to see what are your devices doing. You know, a couple of years ago, looked at a bottle of wine on a website and then got on Facebook and there was the wine, but Facebook was swearing that it wasn’t listening or watching, but it was. And it was slowly uncovered. All of the things that are turned on within any of your apps on your phone, seeing what types of access or data they can access.

So it’s really, it starts with vigilance of just knowing what, what are they able to see and access, because we’ll download apps and we’re so excited to get the app that we’re just like, okay, okay, okay. You know, we’re pressing okay and we can’t get it fast enough, but we’re really not reading to see what.

Yeah, I can access.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:25:46] Yeah, that’s a good point. Yeah. I’ve talked about this on the show before. The creep factor is real. We were out to dinner one night. This story is true. We were out to dinner one night and we were talking to the other couple about them having had their windows redone. On their home and they happen to mention some local brand that replaced their windows and how good they were and whatever, and that the price was reasonable.

All this stuff. Well, a couple of weeks later, we got actual mail from that brand suggesting that we contact them for a discount on getting our windows fixed. That is freaky. I’m not going to hire you.

Lindsay Miller (Half Hitch 3): [00:26:23] I don’t know who came up with the

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:26:24] strategy, but it’s not working. It’s the opposite. Um, but yeah, it’s really invasive.

And I guess to put it, it’s not just the hackers. We have to,

Lindsay Miller (Half Hitch 3): [00:26:32] well, it’s everybody everywhere. People can pay to get data and yeah, like the VPN thing, the free VPNs, they’re selling your searches. They’ll be making their money. It’s, you know, they owe a VPN is private, right? No, it’s not. It’s hilarious.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:26:46] Yeah. Um, okay, so I know you’re a huge fan of WordPress.

You’ve converted me, I agree with you 100% that WordPress is the better way to go in terms of designing your website. But tell us why you think WordPress is better than, say, other drag and drop sites. I don’t want to name any day to throw them under the bus, but in case they’re listening and helping cohort with Google.

But why do you like WordPress better than others? Why do you design from a WordPress base? First and foremost?

Lindsay Miller (Half Hitch 3): [00:27:15] So I like that WordPress is, um, it’s free. That’s one of the Vegas things at opensource. So, um. That’s really the reason that I took to WordPress in the beginning. And you own your content. If you’re subscribing to any other type of page builder service and you’re done with it, what do you do?

Can you, Hey, can you guys pack up my site and I’ll take it? No, because it’s proprietary. It’s on there. So now you’re left with pulling all of your data and you know, making that switch. So it just doesn’t make it easy. And you also don’t ultimately have that ownership. So, um, that, that’s really the reason that I chose WordPress was there’s no fee.

The differentiation though, would be that it’s not as easy. You got to learn WordPress first. It’s not like anybody can just, Oh, I’m going to go get a WordPress, and that’s that easy. But if, if you have. You know, you have that grit to really dig in and learn it, then, uh, I think it is the best ways. Cool.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:28:17] And so talk to us about themes and plugins, what they are, why they’re necessary for a WordPress site to function appropriately.

Which ones do you recommend? I know I’m piling on a lot.

Lindsay Miller (Half Hitch 3): [00:28:30] Um, okay. So

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:28:31] I’ll bring you back. I’ll bring you back.

Lindsay Miller (Half Hitch 3): [00:28:33] Okay. So, um, WordPress themes are basically, you know, what the, the skin of your website is going to look like. So, um, we use a theme that’s, we always use a starter theme that works with our page builder.

Um, but. Also, WordPress is going to come pre-installed with other themes that are, I think 2018 is the one that comes with every theme, and so you want to make sure to get those themes out of there because that’s just another vulnerability. Say. You got a theme that’s out of date, you’re not even using it.

Well, why? Why do you have it in the first place? So you really only want to have one theme or a, you will have a main theme with a child theme. Because if you’re editing, if you’re making custom edits to a theme and you don’t have a child theme when the theme gets updated. All your stuff is gone. So that’s one.

A rookie rookie, old me has done that before. You know, I made all these CSS changes and where do they go? So, um, and then the plugins are really the way to add that extra functionality. And that’s another reason why we love WordPress so much is because there are so many plugins out there. Say you need to build a form.

Well, I don’t want to hand code a form. It’s just. I can do it, but why? If there’s something out there that’s gonna get me that out of the box, then I’m going to do it.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:29:52] Rather work smart than hard.

Lindsay Miller (Half Hitch 3): [00:29:53] Exactly. And it’s all done for you. And I’m a lot of the safety, you know, the security measures are already coded into those forums to not take data that might be the SQL injection data or getting into the database.

So, um, the one thing I really want to stress though with the plugins is if you’re going to download plugins, make sure that you look and see how many active installs there are. If there’s only 10 or 12, you know, then it’s like, Oh, okay, I like to do them the 10,000 plus that because that lets you know that.

It’s being used right. Also look and see when it was last updated because to, the reason that updates happen is usually because there’s either a bug or a security vulnerability. And so when the updates get pushed, the fixes those and you’re safe again. So if, if you see a plugin hasn’t been updated in a year.

You know, get away from it as fast as you can because it’s not, it’s not going to end well.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:30:47] Right? And if you’re not using your themes and plugins, you should just get rid of them, right? 100%

Lindsay Miller (Half Hitch 3): [00:30:52] you always need to check and see what do I actually need? And we do have clients that come over to us recently, had a client come over with over 30 plugins.

And his site had gotten hacked. And so that’s how he came to us with a hacked website, you know, Hey, can you, can you clean this up? And no, because we just wanna we just want to get rid of it and just start over. So we were able to export the product data and get out of it. But any plugin that you’re not using as, this is another security vulnerability.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:31:24] Right. And malware can come in that way. Yeah. Um, so. From an update’s perspective, even though WordPress is open source, it’s generally updated on a very frequent basis. Right. And so what do you recommend in terms of best practices for active. Updating versus passive updating, passive updating, being one.

WordPress is just sort of automatically saying, Hey, this theme got updated to your point earlier versus you having to go in and update certain

Lindsay Miller (Half Hitch 3): [00:31:57] things. Right. So, um, we partner with SiteGround for our hosting and they’ll manually push the WordPress updates and I’m great with that. Cause usually. It does.

I’ve never seen it messed up a site. Usually by the time they’re pushing that update out, they’ve got it worked out to the point where it’s not going to destroy your website. So that’s cool that if you, if your hosting company offers those man or the auto updates over the manual take that. Um. But really I would recommend logging in once a day, and I know it’s, you’ve got a business to run.

Your website is not your first priority. Uh, but we offer packages where, you know, we’ll take care of that aspect and we’ll make sure that everything gets updated because the longer that you wait on some of these updates. If a, if a vulnerability exists, a hacker doesn’t have to know, Oh, self-made strategies.

You know, they’re not coming after you. They’re doing a scan for any site that has the specific software with the specific vulnerability. And then they’ll just start trying, you know, say they’ll try yours, and then if they don’t get through in a reasonable amount of time, they’ll move on. Yeah. But it’s not like someone is targeting you, you know, in certain situations, yes, they’ll target you.

But in situations with outdated plugins and software, they’re just scanning. Wow.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:33:15] Yeah. Well now you had a recent, you don’t have to name the client or anything like that, but I remember we were texting back and forth when we were working on our stuff together and you were texting me that you needed a little bit of time because you had a client that was in the middle of essentially a war, right?

Yeah. A little bit about that. Just a little bit of a behind

Lindsay Miller (Half Hitch 3): [00:33:33] the scenes. I was forwarded an email from my client saying that, uh, his CPU usage was very high on the server. So I logged in and it was, uh, it was incredible. I’ve never seen something maxed out to, you know, I’m surprised the server wasn’t inflamed because it was receiving pings from all of these different IP addresses.

And we could look through the logs and we could see this site is massively under attack. So what we started doing was looking at the IPS are, are, is there a range? Uh, we identified a major part of it was coming from the Philippines, so we were able to block the Philippines in general, you know, just trying to shut it down or bring it down.

So yeah, we were able to, to mitigate it and get it back into an acceptable range. But it was an eCommerce client. And you know, any. Any amount of time that that an eCommerce site is down is, is hurting, you know, not only the income coming in, but they have existing customers that are coming to the site.

And why is the site not working? That just doesn’t. Look good, and you really don’t want to say, Hey, sorry, everybody, our site was getting attacked because you’ve been putting your credit cards in there, so it’s just not good. Not good for anybody.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:34:44] Yeah, and again, going back to sort of the beginning of the podcast, when we were talking about those high level regulations, I mean, if you have clients on your eCommerce site that are coming from California, for example, well now you’re subject to CCPA regulations.

And you might be getting sued because if their credit card information just got hacked because of your website, because someone’s doing a brute force attack from the Philippines or something like that. You’re now not only losing money because your website might be down, but you might be getting sued on the backend.

Lindsay Miller (Half Hitch 3): [00:35:14] Correct. And yeah. And then you’re sending out a letter to all of the people who have ever, you know, I’ve received letters in the same nature of, Hey, sorry, you know. We had a server vulnerability that we didn’t patch up. And here we are today sending out letters and now we’re giving you a year free of Equifax to monitor your credit.

And I don’t even ex, yeah, right. I don’t even want to know what your pay, you know, like what are you paying that kind of price.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:35:40] Yeah. And you know this stuff, you know, we see these big hacks sort of in the news, right? When, um, major credit cards get hacked or banks or something like that, or what were Y why?

Yeah. Unfortunately. Um, but then at the same time, this could crush a small business. Those larger companies have a little bit, they have cybersecurity insurance, which by the way, you can get, if you’re an eCommerce business, that’s an alternative way to protect. But I’m sure that when you go to your insurance provider and you’re talking to them, they’re most likely going to say, well, have you done, have you taken the steps to mitigate it?

So that’s why working with someone like you is really important.

Lindsay Miller (Half Hitch 3): [00:36:19] Right. Definitely. Yeah.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:36:21] Um, so how about backing up your website? How often should you be backing up the site as a whole? Um, I’m, I’m a huge control S like OCD, you know, I’m constantly, every two seconds, I’ll type a word control last.

Lindsay Miller (Half Hitch 3): [00:36:36] I’ll give another word.

I don’t want to lose any time to lose anything. Um, so backups really, I mean. Uh, again, SiteGround, we partner with, um, they do an auto backup. They’ll do it daily for you. Um, if you’re going to do any plugin updates, and a lot of times people will be scared of updating plugins, or if we’re, if they see that WordPress has an update and they’re like, ah, I’m not sure.

You know, a woo commerce has updates and woo commerce does not auto update. It’s up to you to do that. But I mean, woo commerce is what’s running your eCommerce store. So please update it. But if you’re scared, go ahead and run a backup. Okay. And then if something goes wrong and you can just pull that back up and wait for it.

The bug to be fixed, you know, whatever it was. If a lot of people are experiencing the same problem, you were right, then WordPress will fix that. Um, so to, um, it kinda depends on the nature of your site. If you’re making updates every day, you definitely don’t want to lose those updates. And if you’re taking e-commerce stuff, you want to make sure that if you need to back it up because, um.

You don’t want to lose the order data, that’s not cool that a customer would pay you, and then, Oh, Hey, sorry, ours, you know, our site, we got to roll our site back two weeks and now all that’s gone.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:37:53] Yeah, right. That’s, that’s something that scares me on a frequent basis with any digital document, any website, anything like that.

But I think one of the key points in what you just said is. There are professionals that you can rely on like you. I personally have peace of mind because I know you’re watching my back

Lindsay Miller (Half Hitch 3): [00:38:13] from DePaul.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:38:14] The website. And if something goes wrong, we can work on it together. But if I had to figure out plugins or if I was using sort of a, um, self-designed website, a drag and drop, or even coded it myself, which I have done in the past before because I’m crazy, but that’s just me.

So your point, you’re never going to be able to stay up to date on all of these regulations and stuff, and that’s why you should. Have solid professionals in your corner like yourself who can help you design it, but can also help you on the back end. Make sure that you’re staying up to date with all your plugin updates, staying up to date with the regulations and what you need to have on your site to stay protected.

And then just going back to recap some of the stuff we talked about, having SSL certificates. You know, you may not know. What you need to do that, and you’re spending money on a professional to market your business or to produce content marketing for you, and you’re hurting yourself with Google anyways because you don’t have the right stuff in the background,

Lindsay Miller (Half Hitch 3): [00:39:13] right?

So it starts with a solid foundation of knowing what you need to have. Because you’re right, if you’re spending money on a marketing agency and you’re doing all these things, but your website has fundamental problems, you’re not doing any good for yourself.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:39:25] Right? And you frequently, which I love by the way, you stay on top of me about content that I’m creating.

And you’re like, well, that’s duplicate content and you’re going to be hurting yourself from an SEO perspective. And it’s that kind of stuff. The listener is focused on their business and what they’re really good at, right? And so they focus on developing content or creating a website that speaks to that.

But you’re not going to be reminding yourself of all those things and having team members. I consider you a member of my team through strategic partnership, we’ll call it, and having you in my corner makes me feel so much better about that. As a matter of fact, I’ve never felt so comfortable until we started working together.

So that I greatly, another thing that I really appreciate about working with you, and I can say this personally again, because we’ve worked together on a couple of sites now, is that. You’re very much a collaborator, so you’re not coming in and saying, well, I’m managing your website from now on, and that’s it.

You kind of allow, cause I’m a little bit, as I’m sure you know at this point, I am a little bit of a semi control freak. I like to be able to kind of get in there and mix it up, but not to a whole degree, right? Not 100% and we’ve worked really well together because you’ve kind of just. Plateaued into my square peg round hole thing and just kind of give me a little bit of room to play and then kind of wrote me back in when, when I’ve gone maybe a little too far.

Yeah.

Lindsay Miller (Half Hitch 3): [00:40:52] So we want our clients to feel empowered. Right. You know, I don’t want to tell you I’m going to take your website and make all the changes, like that’s not, that’s not even practical. Right? And then you’re going to be spending all this money paying me to do these things that you could easily do yourself.

It’s just, it’s comes down to. Do you have time to do it? If you don’t, we’re happy to do it. But we don’t want to hold a website hostage and say we’re the only ones that know how to do it. Right. So we like to educate. We like to work with people. We like to make video screen sharing videos, or, um, we’ll make PDFs because if there are things with your website that you just can’t seem to.

You know, Hey, I know you’ve showed me five times, but can you show me again? Then we’ll make a PDF and then you, yeah. Then you have it. We’re happy to do that for clients to frequently updated things or things that might be a little tricky for them. Yeah. That way they can do it and they don’t have to call us, but if they need to call us, you know, we’re always happy to help, but we want people to feel that sense of empowerment with their website.

Cool.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:41:47] Very cool. And so just recapping overall, and I’ll let you kind of run the ball here, but websites aren’t set it and forget it. So from that perspective, I think that’s one of the big, high level takeaways from this episode. But going back, what are sort of the high level best practices that you think off the top of your head?

You need to keep in mind when you’re working with a client?

Lindsay Miller (Half Hitch 3): [00:42:11] Um, so again, the username, password thing. Um. It. Also, if you have a WordPress site and maybe you are giving your marketing company some credentials, then there are different levels of user access. So maybe if they’re just going to be adding content, they don’t need to be a full administrator, and that’s not to say they’re going to do anything malicious to your site, but it’s just the, just the safeguard.

So a usernames and passwords security, two factor authentication, making sure you have that SSL certificate . And to, uh, if it’s offered through your hosting company, it’s not always turned on. So, you know, and we’re happy to help and assist. And if you do have an eCommerce site, then there are different levels of SSL certificates.

We wrote a blog article recently on our site that kind of talks about the three types and what they offer. So if you’re curious about that, you can pop onto our website and check that out. Cool. Um, but yeah, overall, just making sure that it stays maintained. You need to make that a point to login. You know, if you don’t have time once a day, once a week is fine.

But the problem, like I said earlier, is if an, if a vulnerability exists, it’s only a matter of time until it’s discovered. So you really need to just get in there and update those plugins. And it’s not a hard, you know, you can bulk. Update them and it’s done. So, you know, really just staying on your website and making sure that you are giving it that attention.

And also, um, we talked a little bit about search engine stuff. Um, but with that being said, if Google sees that you’re regularly updating your site, not by way of updating plugins and themes, but if you’re regularly making updates to your content, that’s going to help you anyway. So it’s in your best interest to get on your website and give it some love once a week.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:43:51] Right. From a backup frequency perspective and an updating content perspective, the nature of your business and the website kind of does affect that, right. To

Lindsay Miller (Half Hitch 3): [00:44:00] a degree. So

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:44:01] what would you say that differentiates?

Lindsay Miller (Half Hitch 3): [00:44:03] Yes. So, um, we run backups on our site daily, just because, I mean, it’s, it’s our, it’s our business.

If it goes away, then we’re, we got a big problem. Right? So, um, but if, if it’s a site that. You’re not updating as frequently. I would say a weekly backup. Some services will do a monthly, and that’s even fine because if you haven’t made any changes to your site, then rolling it back to last month’s backup isn’t a problem.

eCommerce sites, depending on the, the frequency of traffic that you’re getting in the orders that you’re getting. You can even bring it to an hourly, because if you, you don’t want to lose that sound professional and it doesn’t make you, your customers won’t come back. Right. If those issues start happening.

Yeah,

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:44:44] yeah, yeah. You really get one attempt, especially online, right. To make that first impression and develop that know, like trust relationship and the more dissociated we are with someone. So if we have a client online and they’re not local, even more so, you know what I mean? So there are layers to that.

And to your point, it’s kind of an inverse proportion to how much you can kind of screw up, for lack of a better term, and still maintain that relationship. And like we said earlier in the episode, if you go to a website and it just looks like it’s dated. Just from the eighties or nineties and it just, first of all, it’s not attractive.

You, you mentioned user experience right at the beginning, and just from a user experience perspective, you’re basically saying to your clients, I don’t care about, you know, whether or not you like the site, just buy my stuff.

Lindsay Miller (Half Hitch 3): [00:45:33] Right? Yeah. And so if it looks creepy, it probably is creepy. So, you know, I actually was looking at a site yesterday and it was built with tables and table building of websites was the early two thousands yeah.

So if it was built with tables, then what is that telling me that the security of the, of all of that is, you know, the infrastructure of the site has a lot to do with it. So. Yeah, definitely. Uh, it’s, it’s worth the investment. A lot of people to think, well, I’ll just, I’ll just make my website and you know, and that’s the easy route, but what you’re missing out on is the professional advising, the guidance, and then also the user experience.

The construction of it is a, is a major thing that you’re just best to leave it to a professional. Yeah. And then again. Take it over when we’re done with it. Take it over and have as much interaction as you’re comfortable with.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:46:25] Yeah, exactly. And you’re willing to, as I mentioned, just from personal experience, you’re willing to work with individuals.

So if you have a higher level of, I want to really get in there and be posting my blog posts and be. Actively engaging with the content. You’re cool with that as well, and you’ll help educate and be the person to the level where they’re comfortable.

Lindsay Miller (Half Hitch 3): [00:46:45] Yeah. So when we launched any website, we do a complimentary training session where we not only explain how the aspects of your site work, but we explained WordPress in general because WordPress isn’t something that you just.

You’re born knowing you have to learn the backend and you have to learn what everything does. Learn how to make those changes. Right. Um, so yeah, it’s really, it’s really up to the comfort level, but we do the word press training as a standard, no matter if you plan on updating it or not, it’s still something that happens.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:47:12] Yeah. Yeah. So if anyone has any additional questions or they want to hire Half Hitch 3. What are the best ways to get in contact with you?

Lindsay Miller (Half Hitch 3): [00:47:21] We have a contact page on our website that you can either schedule a consultation session. We’re happy to look at a website and give you an analysis, a complimentary letting you know what we think.

We can look at the code. We can really kind of drill down and see. What you’re working with currently, and then make our recommendations off that. But, um, our contact page, you can schedule a call or you can fill out the form, or you can email me directly at Lindsay@halfhitch3.com.

Tony Lopes, Esq. – Self Made Strategies & Lopes Law LLC: [00:47:47] Awesome. And that’s HalfHitch3.com.

Lindsay Miller (Half Hitch 3): [00:47:51] Thanks again, Lindsay. Thanks for having me.