How Indie Beauty Brand Founders Protect Their Companies And Customers From Cyber Threats

In this edition of Beauty Independent’s ongoing series posing questions to beauty entrepreneurs, we ask 15 founders and executives: With the incredible importance of digital strategies since the pandemic started, how are you protecting your brand from cyber threats, be they via social media, e-commerce or email?

Barb Paldus Founder and CEO, Codex Beauty Labs

We had our Instagram account hacked, and it was a complete nightmare to reestablish it. We lost all of our marketing data from the last year and had to start over with a new account. We were very lucky that one of our friends worked for Facebook and could vouch for the company as the Russian hackers had used our account to accumulate over $50,000 in rogue ads in 24 hours. We really recommend everyone to have every account on their Facebook business manager have two-part authentication.

Jummie O. Founder, Glammed Naturally Oil

We find our biggest issue is with potential phishing and, because of that, we pay extra close attention to the security of our company passwords. We require that our employees use different, complex passwords for each of the different applications they use. A single sign-on password management solution such as LastPass can make this a lot easier.

Fortunately, Glammed Naturally Oil has never experienced being attacked, but hackers did try to access our social media pages and, anytime we get a notification in our emails, we change our passwords. We also add extra security by turning on a two-way authentication code. Since Instagram and our social platforms make up 75% of our profits, making sure our pages are highly secured is our priority.

Tamika Gibson Founder, The Hair Diagram and Bold Hold

The Hair Diagram website uses a SSL (Secure Sockets Layer) certificate to protect from cyber threats. This creates an encrypted link between the web server and web browser to protect data.

Daisy Jing Founder, Banish

When starting the business, we had a few encounters with cyber threats. A few things we included was using LastPass and creating very complicated passwords with two-factor authentication. Additionally, we did not allow the use of any unauthorized Chrome extensions or saves of company information through there. We used SSL and HTTPS for e-commerce, and we were constantly reviewing our expenses for fraudulent charges and using different credit cards for different types of expenses for easier review of fraud. We also used Dropbox to store secure information, and we purchased cybersecurity insurance to protect the business.

It may seem like a pain at the beginning of starting a business to worry about cyber threats, but it's especially important as you grow and scale to run your business the right way and create systems and processes to share secure information. All it takes is one attack or leak to shut down your business overnight, so it's especially important to take precautions very early on. Prevention is key!

Charlotte Chen Pienaar Founder, Everyday Humans

Data breaches create an unsafe environment for customers and affect our business reputation, and that's why we've implemented third-party tools to secure anything connected to our website and key channels from critical vulnerabilities and threats. We also protect our team from breaches by securing our devices and internal applications to make sure passwords and sensitive data are not compromised.

Jason Wong Founder and CEO, Doe Lashes

Like all other merchants in this space, establishing good cybersecurity protocols is a high priority for us because our customers entrust us with their sensitive information, and it's our job to maintain that trust and not let it get into the wrong hands.

Our choice of platform is Shopify because we can leverage their existing and matured infrastructure to safely collect customer data. Using tools to build from scratch means that it may be vulnerable to hackers that can outsmart us, but it's unlikely that they can outsmart a multibillion-dollar company with a full cybersecurity team.

We process our payments through Shopify payments and Paypal, both are reputable processors that we have not had issues with in the past.

Internally, our team all signed strict NDAs during their onboarding process before accessing customer data, and we built internal protocols on file-sharing so only the right people can see sensitive customer information. All our passwords are stored in password managers like LastPass that have additional security protocols so not everyone gets access to everything.

These are just some of the small things we've done to protect our customers to start off, but we're continuously monitoring for any signs of data leak and, when detected, we will inform our customers

Shalom Lloyd Founder, Naturally Tribal Skincare

This is an incredibly important topic for all brands, especially given the recent shift to employees working remotely, and consumers shopping more and more online.

We have built our website on Shopify, taking note of the security and data privacy features the platform provides. We also have an SSL certificate to provide extra security for consumers. We also work with a cyber security consultant, who, on an annual basis, provides a cyber security health check that suits a brand of our size.

Internally, we communicate our company policy to our team members and make sure they understand the importance of protecting our data. We use LastPass to protect and securely store our passwords. We change our multiple passwords on a quarterly basis, including our social media access passwords with the level of account cloning going on.

Our customers trust us with their data. So, it’s important that we invest in the best software and practices in place to ensure that their data is secure and protected. Any cyber threats can have a huge impact on a brand's reputation, especially small indie brands like us.

Calvin Quallis Founder, Scotch Porter

In today’s digital landscape, cybersecurity continues to be a top priority for the Scotch Porter brand. Especially as a customer-centric company, we pride ourselves on ensuring that we invest in the best systems to protect the integrity of our customers and our brand.

Our investment in Shopify Plus is a major part of our investment in cybersecurity. As one of the largest e-commerce platforms, Shopify consistently implements the best and most up-to-date practices in data protection. This means that Scotch Porter does not locally store any sensitive customer data such as credit card information that can be illegally accessed. We are fully compliant with consumer data protection legislation such as CCPA and CAN-SPAM, and ensure the use of recommended security protocols as well as NDAs in regards to governing access to any of our internal systems and platforms.

This data protection extends to our SMS practices as well. To ensure that we are both in compliance with and rooted in the best mobile practices, we work with the Postscript SMS platform.

Graham Smith Co-Founder, No Thank You

The average consumer might be surprised just how regular hacking attempts are, even for small businesses that might seem off the radar. Bots crawl the internet 24/7 looking for vulnerabilities to exploit, and you need to be prepared.

No Thank You uses multiple layers of security to prevent unauthorized access to both customer and company data. Our e-commerce platform is firewalled and monitored at the infrastructure and application (i.e., website) levels. We use reCAPTCHA to limit unauthorized transaction attempts and set limits with our credit card processor.

As for company data, don’t assume that files stored in Google Drive are secure just because they’re in the cloud. All it takes is one hacked account to wreak havoc. Every hour, our entire Google platform is archived to a private cloud at Amazon Web Services (AWS). Media files that are too big for Google get copied twice locally and, then, backed up to AWS. That platform is secured with a physical token that’s locked away in a safe.

Lastly, security is only as strong as the weakest link. Get the basics right: Start with strong passwords that get enforced across your organization, and use a password manager. Call us security nerds, but better safe than sorry! We think our customers will thank us.

Dawn Fitch Founder and CEO, Pooka Pure & Simple

The platforms that I use are selected based on their high-security standards, ethical reputation and ability to handle cyber threats. I utilize the protection they put in place for clients as they are better equipped to manage security at scale.

I utilize Mailchimp and Constant Contact to protect my mailing list. To protect customer information, I use Shopify. Shopify protects personal data according to the requirements of the GDPR (General Data Protection Regulation), which gives customers transparency on how their data is being protected. Shopify has set up its data flow to manage these requirements for merchants. Protecting the information of customers is vital to building and maintaining lasting trust.

Luna Seto Founder, Luna Skins

Website security and customer privacy is something you never want to take a chance on, which is why we have a multi-layered security protocol that provides everything from the first line of protection to a guaranteed backup, ensuring that our customers' data never falls into the wrong hands.

Jetpack provides full protection against spam and phishing attempts, and constantly scans our site for malware, giving us a head start on dealing with any potential issues. If we have any reason to believe that our site has been compromised, GoDaddy maintains regular backups of our site and ensures that each version of our database is fully free from malware. If there's a problem, we can secure our customers' data with a single click.

Of course, there's one thing that's easy to overlook, and that's what we do with your data! Rest assured that we handle customer information in full compliance with GDPR and will never sell it to third parties.

Marlayna Schreiner Founder, Cloudless SPF

We built our store on Shopify, and one of the main reasons I chose this platform was because of their security features. They use the latest technology to make sure that our customers' information is protected from hackers. Even the biggest companies can get hacked, but, with Shopify, I feel like my customers' information is in the best hands possible which is what matters to us the most!

Mariel Mejia Founder, Pink Root Products

We currently use Shopify as our main e-commerce platform, and they provide us with their own security that protects not only our customers' information but our internal data as well. However, that doesn't stop threats from attempting to infiltrate our system. So, what we do to reinforce our security is that we give limited access to all of our account holders which decreases the exposure to our information. We have also enabled an MFA (Multi-Factor Authentication) system for Pink Root staff account holders to help verify their identity. So, even if someone were to get a hold of an employee's login information, they would be unable to bypass the authentication method that requires a code to be entered upon login that is sent directly to the account holder's device. We also have an in-house engineering team that monitors account activity and is constantly on the lookout for efficient ways to protect our data across the board.

Emily Rudman Founder, Emilie Heathe

We use Shopify for e-commerce, which has pretty good built-in security features, and we use Klaviyo for email, which requires double authentication. We’ve used a couple of different authenticators, but are currently using the Google Authenticator for all. We have double authentication activated for Facebook/Instagram. A few friends have been hacked because they didn’t have this second process. There are hackers that direct message or email you saying that they are going to verify you on Instagram. These are absolutely fake. Instagram will never contact you via DM or email to ask for verification. The submission is only through the app so don’t be fooled!

Other than that, we switch out our passwords pretty frequently across platforms and, luckily, have not had any issues yet. As security becomes better on platforms, so will the hackers. So, really make sure where emails are actually coming from. A lot of emails will be sent from a familiar name, but, when you look at the actual email address, it’s clearly a hacker.

Lina Barker Co-Founder and CMO, Aaron Wallace

Security is extremely important to us. We built the Aaron Wallace website using a secure server with dedicated security in place to ensure our customer data is properly stored and protected.

All the payments are securely and safely handled by Stripe and PayPal, who each take extensive measures to keep customer data safe. For our communication, we use Mailchimp, who have measures in place to ensure GDPR compliance, and constantly update their processes to ensure safety and compliance standards are always met.

As a team, we are always reviewing and updating our security protocols so that, as we grow and gain more customers, we are always keeping their details safe and our website secure.

If you have a question you’d like Beauty Independent to ask beauty entrepreneurs, please send it to