Welcome to part 2 of Digital Privacy for Small Business Owners. In part 1, I provided an overview of using a password manager. Using strong and unique passwords is a key cybersecurity rule. In addition to keeping your login information secure, you also want to use secure channels to communicate with your team and your customers.

Some industries, like healthcare, have very specific requirements for protecting clients' personal information. This post is not about complying with specific privacy rules like HIPAA. However, if you are a healthcare provider, be aware that Wix products are not designed to be HIPAA-compliant out of the box. Wix forms, for example, should not be used to create, receive, maintain, or transmit electronic Protected Health Information. Look into HIPAA-compliant solutions like JotForms instead.

Now, back to general practices . . . read on for tips on how to make Gmail and Google Voice more private and secure. If you want to go a step further, I suggest more-secure alternatives I've tried myself.

Improving Your Default

Securing Gmail

If you're a small business owner in the US, chances are you use Gmail (from Google) for your email. That makes sense - it's easy, free and popular! But Google is also well-known for surveillance-based advertising, or aggregating and selling your data. This is why they give so many services away for "free." You do pay - with your data!

If you choose to stick with Gmail, here' s how to make it more secure.

• Run a Security Checkup. One of the best things about Google is how easy its products are to use. Take a few minutes to go through Google's step-by-step security checkup for customized recommendations for your Google account.

• Get a paid Google Workspace account. Many of our clients start their businesses with a free Gmail account. But established business owners should consider upgrading to a paid Google account for enhanced security and encryption features. Even if you upgrade, your emails are not end-to-end-encrypted (the gold standard of email privacy) by default. Blog posts from Proton (a Google competitor) talk more about Gmail's security protocols and how to send encrypted messages with Gmail.

• Use strong passwords and two-factor authentication. Two-factor authentication usually means getting a code sent to your phone. This is a good cybersecurity practice to follow for all accounts (especially important ones, like your bank). Here's how to turn on Gmail's two-factor authentication (called 2-Step Verification) from your computer.

  
  

Texting and Privacy

Many business owners use the default calling and texting apps on their personal smartphones. It's important to know, though, that in 2024 the FBI and CISA (the US cyber defense agency) warned Americans that non-encrypted SMS messages (the default texting on most phones) are vulnerable to hackers. Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation (EFF), told NPR:

Messages between iPhone users (iMessages) are end-to-end encrypted, but messages between iPhone users and Android users (for example), are not. Similarly, Google Messages between two Android users are encrypted, but only if both have the feature turned on (here's how). This is great if your whole team uses iPhones or Androids, but you can't count on having the same device as all your customers.

What to do? In the next section we will talk about Voice over Internet Protocol (VoIP) services like Google Voice with customers. For teams, Signal and WhatsApp are great choices. They are free, end-to-end encrypted, and offer texting, calling, and video calling.

If you do choose to continue using your mobile device's default tools for calling and texting, here are some simple steps to increase privacy and security:

• Enable auto-updates and check regularly to make sure your mobile device is up-to-date.

• Use a newer phone. CISA notes that "without the most recent version of the hardware, software updates alone will not provide the maximum available security benefits."

• Consider another option for two-factor authentication. Remember how we were just talking about two-factor authentication? It doesn't work so well if your messages are hacked. Google Authenticator or Authy are safer alternatives.

• Follow CISA recommendations specific to your phone. See this document for recommendations specific to Androids (p. 4) and iPhones (p. 3).

Other Reasons to Not Use Your Personal Mobile Number for Business

A blog post by OpenPhone notes that using your personal mobile number for business purposes may be convenient, but it also compromises your personal privacy. Anyone who has your phone number may be able to find your address, your family's names, and more. Aura.com warns that widely sharing your mobile number may even make you vulnerable to identity theft and other scams. Another bonus for switching to VoIP: many services can guard your work-life balance. You can set work hours so you're not interrupted in your time off. You can also transfer a number to a colleague to monitor.

Choosing Alternatives

Whew! That was a lot, I know. I'll keep this section short and sweet. Here are some more secure alternatives I've tried myself:

For Email

Proton Mail offers a free basic account. Both TechRadar and PCMag list it as a top pick for encrypted email services. Proton Mail is hosted in Switzerland, which has stricter online privacy laws than the US.

For Chatting, Calling, and Video Calling with Your Team

Signal is a popular, end-to-end encrypted, free app that allows you to chat, call, and video call with other Signal users. WhatsApp has similar features and is also super popular. I choose not to use it because it's owned by Meta, a company with a poor history of protecting user data. See more recommendations from PC Mag.

For Chatting, Calling, and Video Calling with Customers

Since not all customers will want to communicate via Signal or WhatsApp, consider using a VoIP services. From the customer's end, it seems like you're using a regular phone. You can install it on your computer as well as your smartphone. These services also give you a separate phone number and often provide nifty features like AI-supported text responses.

Google Voice starts at $10/month, making it one of the most affordable VoIP services. It has an easy-to-use interface. As with an Android phone, though, text messages are only end-to-end encrypted when both people are using Google Messages. That's why Signal or WhatsApp are even more secure.

I've also used OpenPhone ($15/month). Both Forbes and TechRepublic recommend it for small businesses while also noting some bugs and limited features. Both OpenPhone and Google Voice are on the list of top picks from Forbes.

Final Words

If this post seemed a bit overwhelming, I've got your back. We'll finish this series with a post on 3 Simple Steps to Keep Your Wix Website Secure.

About me: I'm a former librarian with a Master of Science in Information (University of Michigan, 2007). Before joining Tao Websites, I provided research and technical support at colleges and universities. I'm not a cybersecurity expert or an attorney, but I've helped people from all walks of life set up email accounts and reset passwords.🙂