The last thing anyone wants to do is get hacked on the platform they know and love Kajabi. Unfortunately, getting hacked is a serious concern on every platform.
This blog covers how to prevent yourself from getting hacked and, if you are hacked, how to minimize the damages done to your business.
Most people use Kajabi for everything from their website to online courses and contact email address databases. While this makes life easier, it also allows hackers to cause havoc on more than one area of your business.
Sadly even if you don't think you're a target, the chances of getting hacked are always there. There are a few things you can do to prevent getting hacked.
Kajabi loosely outlines what they recommend you do to prevent getting hacked here.
To give you a breakdown of what they recommend:
While these are all good ideas, you need to take things a bit further to make sure your account is secure as possible.
This is the first and most important thing you should do to secure your Kajabi account. It will make you take an extra step to log in every time but having MFA turned on will make it significantly more difficult for hackers to log in and cause harm to your account.
Kajabi has a step-by-step tutorial on how to turn on MFA here.
Multi-factor authentication is the second level of security for your kajabi account. it goes one step passed an email login. This should be the first thing you do if you're worried about being hacked. You will need your smartphone to download an app. There is a reason companies like Google and Microsoft not only make authenticators but also force people to use them when logging into their accounts. It's because they work.
Creators spend a serious amount of time working on their online businesses and building their email lists. It's not only to keep your account safe and remove the fear of losing your business but it's a step you need to take to protect your clients. In many cases, Kajabi, just like many other platforms, contain sensitive data that shouldn't be at risk of a cyber-attack. Setting up MFA is the first and most important thing you need to do to keep a safe and secure account.
It's recommended to change your password every three to six months. This is because humans, as a creature of habit, like to use the same password for everything. It makes our lives easy, and it makes hackers' lives easy too. While you may have an old account on a different platform, there is still the chance someone could hack it, and you never know. If you haven't changed your password in a while, this is the key to the kingdom when it comes to attacks on other platforms.
Strong passwords should have:
Coming from a technology background heavily involved in cyber security, short passwords are not only easy to guess but are dangerous to use. Many people use the name of a loved one, a pet's name, a street address, or something easy to guess. Scrolling through Facebook will provide tons of data to a potential hacker of all of the above.
Here are some examples of good and bad passwords
Bad
Examples of good and strong passwords
As you can see in the example above, Bad passwords are easily guessable and aren't strong. Using a strong password and changing out letters for numbers can increase security and prevent a computer from trying to brute-force your account.
If you are curious to know how long it will take a computer to hack your password check out this video. It will show you not only how long it takes but how adding more characters other than letters will drastically increase the time it takes to hack your password.
If you want an easy way to remember passwords without worrying about complexity, check out this video.
If you struggle to remember what your passwords are or want to be secure all the time, check out a program called LastPass. It's an incredible program that will create very strong passwords, and you use their mobile app to log in to your favorite websites. It saves all your login credentials and uses a secure process to keep hackers out and you safe.
While Kajabi is great and can recover some things, its never a good idea to trust a business with your online business. This is a good rule of thumb for anyone, regardless of platform.
So what does that mean exactly?
Choose your favorite online storage company, such as dropbox.com or google drive and get a package that can store everything for your online course. You can upload excel files full of email addresses and your customer information and store your videos for your online courses.
If you are already a google drive customer, it comes with 15GB of free storage. In many cases, you may need more than that. Google will provide you with 100GB of storage for $1.99 per month. While no one wants to deal with another bill it's a simple way to give you peace of mind that even if your computer gets hacked and you're locked out, you can still access them on the cloud.
Dropbox offers a similar product with a larger storage starting point. For $9.99 per month, you get 2TB of storage. The benefits are you can link it to as many devices as you want, and they don't delete files permanently until 30 days after the deletion request. Personally, this is what I use (I run a business), and having the 30-day file and account history has saved me on several occasions.
For those of you who would like an additional option, do yourself a favor and get yourself an external hard drive. If you have slow internet, this is the ideal solution, as you can keep a physical drive on your desk and only plug it in when you need to retrieve something.
Samsung offers a 1TB SSD external storage device that you can back files up to, and it's super fast. This means data will transfer between your computer as fast as possible, and you don't have to worry about having a bad internet connection. These are also great when you traveling and want to work on the go but don't have access to the internet.
Check it out here.
In Kajabi, you can't back up your whole account, but you can back up the assets inside of your account.
Here is a list of things I would back up in order:
This can be a pain to do, but if you are a new creator, take the extra step and save them in a separate folder before you upload them. The goal is to make your data redundant. Don't worry about hackers stealing the course and making it public online. If someone wanted to do that, they would buy the course, record it and post it online. It's nearly impossible to stop. The main goal is to make sure if you are hacked and it's all deleted, you can get up and running quickly and make sure you aren't wasting time re-recording your online courses.
Backing up an email marketing campaign is much easier than you might think. This is separate from the previous area because, typically, this is changing frequently.
Email campaigns can change because of your online course platform, your product updates, your product options, and many other reasons. These will also go through multiple editing processes over time, and the likelihood of you having them saved will naturally be higher.
To backup and save your email marketing campaigns, I recommend opening a word doc or going google Docs and labeling it with each campaign. From there, copy all the emails from a sequence or automation onto one of the docs, so it's safe and secure.
If you're an over-preparer, you can typically create email sequences in other platforms, such as active campaigns, so you can keep them in order, and it's easier to read from.
If you're reading this and haven't backed up your account and enabled multi-factor authentication on your account, you need to stop and go do those things first. They are critical to your system's security.
You want to make sure you get the hacker out of your account as fast as possible or prevent them from coming back in. To do this, reset your password and enable multifactor authentication. You need to make sure what you're working on is secure and you don't have to worry about further damage. Resetting your password will also force a logout on other computers requiring them to log in again. This isn't just for Kajabi this is for most software available. Make sure your password is vastly different from what it was before, and follow the guide above to make sure it's as secure as possible.
Go into your account and start to see what damage has been done.
Have they deleted all your email addresses or changed your login email, is there still video content on your website?
Did they use any email marketing or delete your old emails?
Chances are good you're going to be in a state of panic. That's the normal response someone just destroyed your online business. Panicking is never going to yield the results you're looking for. Take a look at what has been touched/destroyed/deleted and start to make a list.
The reason this is important is when you speak to support, they are going to ask you a ton of questions about what happened. If you don't have the answers ready, it's going to delay their help, and they may not even know how to help you. You want to be able to tell them what's missing clearly and when it went missing. There is always a chance they may be able to recover the data, but you need to be able to tell them what's wrong.
In many cases, you have just been the victim of a cybercrime, and sadly, not much can be done. There are two things to think about. Do you tell your customers that you were hacked because their sensitive data was on your system, or do you avoid that?
Threat Aware has an article on who to contact and when to contact your customers about a cyber attack if you so choose. Check their article out here.
The choice is yours on what action you take, but I recommend putting yourself in the shoes of the customer. If you yourself would want to know, then I would recommend letting your customers know.
This is not an easy decision, and other than letting your customers know, I would not make it public knowledge that you were hacked.
Statistically, businesses go out of business within six months of being hacked.
Our goal is to avoid that demise for your business.
While you were just the victim of a cybercrime, it's imperative to start to rebuild so you don't lose more business than you already are. Make sure on this time around, you start to back up your data to help reduce the chances of a serious threat and to limit downtime.
You need to bring your business back to where it was, regardless of how you do it. Customers are expecting to get what they pay for, and when they don't get it, they can destroy your business. It's time to rebuild as fast as possible and salvage what you have left.
After speaking to support, Kajabi will be able to make sure your account is secure and should be able to prevent a malicious attack in the future. They are going to recommend going through the article I shared above as well as enabling two-factor authentication to make sure the system is as secure as possible.
Chances are good you're seriously financially impacted by this attack.
The only way to stay in business, for the most part, is to focus on growth. Running ads and focusing on content marketing is going to be a major focus for you and your business for years to come.
Many customers who find out about a data breach will stop being customers, and customer loyalty often goes out the window. Sadly this is a reality many people experience, and customers deal with.
It's important to start filling your pipelines and opt-in forms with new prospects for your business.
If you're looking to learn more about SEO and have Google send you organic traffic to your website, I am rolling out a course in the next coming weeks. Join the waitlist here.
For many, getting hacked on a platform is enough for them to migrate away. You need to ask yourself, is that the right decision?
Its rare lightning can strike twice, but victims of cybercrime typically have a pattern that makes it easy for hackers to follow. That could be being fooled by phishing emails or using repetitive weak passwords. If you don't change how you handle your cybersecurity, then chances are good you're going to be dealing with a hack down the road on whatever platform you choose.
But should you migrate away or stay on your platform?
For many, if you already are an expert at a platform, leaving to go somewhere else isn't the right solution. You need to button up your security. If there were more reasons than just the data breach that happened to you, then leaving may be a good idea for you.
Personally, I don't like to keep everything on one platform. It's dangerous, and there are limitations but not everyone is savvy enough to make several systems work together. You need to figure out what's best for you to do and where you can recover and grow the fastest. Time is not your friend in a cyber attack, and the faster you can make decisions, the better off you will be.
If you're already using a platform you know and love, like Kajabi, then I wouldn't switch. You can use a platform like HubSpot and integrate it with Kajabi. Leverage HubSpot as a free CRM that can hold all your contact that runs separately from your Kajabi system. This will help with redundancy, and HubSpot can provide some insights into your customers that Kajabi doesn't offer. If you want to keep it simple, back up your whole system the best you can and, going forward, pull a new list of contacts from Kajabi every month. This can be a pain in the butt, but when it comes to removing headaches, it's worth its weight in gold. Make sure your Privacy Policy reflects where data is stored and how it's treated. You may also want to include that Third-Party Apps may be holding onto customers' data for their safety and yours.
Leveraging HubSpot as a backup is also a great idea because they do have an email marketing tool that you can send out of if you need to. This is a worst-case scenario but its another email marketing option. This is great if your contacts are deleted and you either need to pull them or send an email in a pinch.
We are all in the knowledge business, and if we can't keep our business going and make it redundant, then we are at the mercy of the next attack. While I don't teach cybersecurity, I do experience it daily, and its the career I came from.
There are dozens of cyber security hacks, but I have limited it to the few you need to know about as a Kajabi user.
This is when someone sends you an email to click on that looks like it's from a trusted entity like Amazon. Once clicked it can download a virus onto your computer or send information back to the hacker like usernames and passwords. These are the most common and will almost always be via email. Always check the email by hovering over it to make sure it's from a trusted company and if you don't recognize it, simply report it as spam and delete it.
A man-in-the-middle attack (MitM) occurs when attackers intercept data or compromise your network to “eavesdrop” on you. These attacks are especially common when using public Wi-Fi networks, which can easily be hacked.
For example, let’s say you’re using the Wi-Fi at Starbucks and need to check your bank account balance. When you log in, a hacker can intercept your data and capture your username and password (and drain your account later).
Source: https://www.aura.com/learn/types-of-cyber-attacks
This is when hackers try a couple of tricks to get into your account through a login password. This can include them guessing your password based on common things they can find online, like your street name, kid's name, and so on.
They may also try to brute force their way in. This is when they set up a computer to keep guessing passwords till it guesses the right one. With a quality password, you can make it almost impossible for a computer to brute force its way in. Check out the video above.
Social Engineering attacks are when someone may email you or call you saying they are from the company you working with, such as Kajabi. They then ask you to verify your password or something similar to get you to say your password, and then they have access to your account. These are the most common and most destructive because you don't realize they are happening. This is the most common in the business world and is usually targeted toward larger businesses.
While there are more cyber attacks you can be susceptible to, these are the most common and are most likely to happen to you as a small business owner. To check out a full list with in dept examples, click here.
For most business owners and course builders, the likelihood of being attacked by a cyber threat is low but never zero. Preparing yourself for when an attack happens and following this blog will give you the best chances of remaining safe. leverage third-party apps like LastPass to keep your system safe, and make sure to back up as much as you can regularly. Keep things as secure as possible. Having a business online is very different than a brick-and-mortar store. Normally you can have a security system, but online you need to make sure you do everything you can to create your own security system. If you're looking to learn more about SEO and how it can bring organic traffic to your kajabi website, click here.
Best of luck, and if you need help, please reach out I love helping entrepreneurs with their businesses.