TPM 71 | Cybersecurity

 

Online fraud and identity theft are too common nowadays. Extremely dangerous and well-organized cybercrime groups now use sophisticated software systems to hack into businesses and individuals’ accounts or websites. In this episode, Chris Adams, the Founder of  CCA Technology, sits down with Bree Noble and provides tips to protect yourself from cybersecurity breaches – from spotting phishing emails to password combination ideas to safeguard your online accounts.

Watch the episode here

 

Listen to the podcast here

 

Cybersecurity: How To Protect Your Online Account With Chris Adams

I am here with Chris Adams of CCA Technology. We are going to be talking about some things that have come up with some of my readers that have been sending me questions about how to keep yourself safe online. There are many ways people try to steal our identity or take things from us. We have this intellectual property as musicians. As artists, our brand is what is driving people to our music, and to have that taken away can be a real setback. We are going to talk about a lot of that in this episode. I would love to get into a little bit about you, Chris. Let us know a little bit about your background, how you got into working in IT, and also your musical background.

I have always been musically inclined. I played the saxophone. Growing up, I was always short for my age. I remember always being smaller than the instrument. That was always my thing. I thought it was cool to play baritone sax or whatever. I was nine and hadn’t hit my growth spurt yet. It was always funny to see pictures of me and this massive saxophone. Where I musically started was in the saxophone. My mom got me into it. She’s like, “I don’t think there are tons of bass players. If you want to have an in at different places, you should play bass. Learn how to do that, and you will have an in.”

I did that. I learned bass guitar and guitar at 13 or 14. That was my main instrument for a long while. I never made any career out of it but we did play at Summerfest. We got decently well-known in the area back in the college days. Everyone split and had to go in different ways with work, family, and things like that. Inevitably, that ended but I’m implying on and off here and there church and things like that throughout the years. Musically, that’s the history there. From a technology perspective, I always was natural there and in a similar way where I didn’t necessarily have to learn anything. It was a God-given understanding.

I’m sure you had all these people in your life that made sense. I could just take a computer apart, put it back together, and figure things out. How my brain worked was how the computer works. I didn’t necessarily have to put a lot of effort into it. For me, that was good. I was like, “This seems easy. It seems like a good path.”

I went on the way of working for other people. I always was creative on how I wanted to do things and even customer service-wise on how we wanted to treat people. I never totally fell in or at least that I could find a company that fit me, so I was like, “I will just start my own.” I was young enough and felt like it would be worth doing. I went off on my own. I have been doing that ever since. I have a wife and three kids at home.

It’s the entrepreneur’s path for the tech stuff. Do you mostly work with local businesses in your area where you go out there and help them? Are you working with a lot of people virtually?

It’s a little bit of both. We have customers all over the place. We are using that virtual thing a lot. It was something we had in place before the pandemic, and that escalated as people wanted to work more from home. A lot of our customers now have 200 to 300 employees, and they give them the freedom to work anywhere. We are not necessarily going to drive all over the place, making sure people’s computers are set up the right way. We can do a lot of that remotely now more than we did years ago.

What are the biggest vulnerabilities you see for individuals or companies with a presence online nowadays?

I was thinking about this. I was on WMV, Wisconsin Music Ventures podcast before, thinking about those same ideas. It has been weird. I have almost been having to think like a hacker. We are making a YouTube series called that way where we think about what the hackers are going to do and how you almost think about, “What would they do? Where are my weak points? How are they going to try to come after me?” As I thought about that for musicians, I thought of two things and the intellectual property of it all. I don’t necessarily claim to know all the legal ramifications of all that.

Someone else talked about some of those things on the WMV podcast if you want to check that out. There was a lot of work you wanted to do to make sure that all that intellectual property and copyrights or whatever you are going to do are in place before you start putting things online. That’s important to have all those. I don’t know what that process looks like but there are people that could help with that. You probably even know more about that than someone else.

We definitely had people on this show talking about that. We had a lawyer on here talking about that, so you guys can reference that.

That’s an important first step to make sure that you are not just willy-nilly putting things out there. The next thing for me as I thought about musicians specifically is I thought of impersonators. When I see people have success in that space where they are taking something of yours that you didn’t want to let go of, it’s almost always that case. What happens is, in the impersonator space, they get you to take your guard down. As soon as that happens, you are more willing to do something you didn’t do before.

You and I are having a meeting, and I know what’s coming up. Somehow, someone got into your email and knows what your schedule looks like and what’s coming up. Maybe we are not talking about a podcast. Maybe we are talking about a contract. They get into your email. They send me something like, “Chris, here’s the contract. We are going to review it in our next meeting. Make sure to click through stuff.” Inside that email or those attachments, there’s something bad in those. It’s a matter of being cautious.

I know what your email is, so it’s a sense of like, “Is this actually from Bree? Is this her email? Did someone open a Gmail account quick?” That’s the first thing. The second thing for me is payment gateways. As musicians get paid via different places they work or whatever, I imagine that’s another area where I could see hackers trying to weasel their way into. I did a gig somewhere, and I’m expecting to get paid, and all of a sudden, now there’s this, “Click this link and put your bank account information in so we can get the money to you.”

You have to think about these. It’s a lot of social engineering or they hacked somebody and determined like, “It looks like you are playing at a stage this weekend. I’ve got my way into the people that are booking that. I can make myself look like someone booking that from you.” Maybe they send you a link like, “We are upgrading our payments for you because we want you to get paid faster. We don’t want you to wait for a check or whatever the method is now.” You are like, “That would be good. I would like to get paid now instead of in a month.”

You then go to some link and put in your bank account information. They start taking money out of your account rather than putting it in your account. It’s those kinds of thoughts of how you think like a hacker and where you need to be a little more cautious when living, working and breathing online. In years past, we had a general presumption that people were good and wouldn’t necessarily do that.

TPM 71 | Cybersecurity

Cybersecurity: Sometimes, it’s almost about the length of the password and not necessarily the complexity of it.

 

There was a rare one-off case, but sadly, that’s become so commonplace now that those things are happening. It’s not just in the large enterprise space because that’s where it started. We all had the idea, “They are never going to hack us. They are not going to do identity theft on me. It’s not worth anything. It doesn’t matter.” That hasn’t been proven to be true.

With the smaller ones, it’s about volume for them. They can send out this stuff, and a certain number of people are going to click. They do a certain number of those and get $500 from each person.

If they do those 100,000 times, they peddled a lot of money.

With computers, you can deploy a million emails at once or whatever and do that.

Hackers generally don’t even deploy themselves. They will find a way to hack into your computer, get your contact list, and send it out from your computer as you. They will get 10,000 emails out because you know a lot of people, and it doesn’t affect them at all. If those people click, pay or whatever, they get money. Eventually, you find out that this is on your computer and delete it. It doesn’t cost them anything. They didn’t even have to own a computer.

What are the common ways that they are getting in? How do they get into your computer to be able to access your email like that?

The statistics are really high. It’s almost all email. It’s cybersecurity. When we are training companies from an employee perspective, the statistics are 86% that those initial hacks come in via email. That’s why it’s so important to be extra cautious in everything you do. Whenever you are signing a contract or opening an attachment, spend that extra little bit of time to make sure, “I know Bree’s email because we have been emailing back and forth. Is this her, Bree8653210@Gmail.com?” That costs no one anything. They can go to Gmail. If they know your name, they can put Bree Noble, and Google will give them a randomly generated email. They can click next and finish. If they have your contact list, now they can start emailing people without too much consequence.

They could send to my contacts something that if they clicked on it, it would get on their computer. Is that how it works?

Exactly, and it would do anything. It’s because of our trust in people, if they can send an email that looks like it’s coming from you, they are much more likely to not think about it. Immediately you are thinking, “It’s from Bree.” You stop being cautious. You stop thinking like, “Bree is not going to try to steal my money.” Some of that defense shield comes down typically if they can impersonate someone else. You start maybe clicking on things, opening attachments or doing things you would normally not do.

If it was from a random person, you wouldn’t give them your bank account information, put in a password or something else. They are getting good because they will generally hack someone else first and figure out what that person would expect to come from them. That email looks very convincingly like, “I’m expecting a contract from a customer that should be here in the next week or two.” They drop one in advance of when that customer gave it to you. It’s convincing.

It’s almost pretty hard to spot. That’s crazy. If you are working out a payment situation with someone, make sure upfront when you are discussing, like you are going to do the gig and here’s the deal, that you understand how they are going to pay you, so later on, there’s not something sends you a thing that says, “We need your bank information.” You would be like, “No, we already talked about the fact that you were going to pay me by PayPal, check or whatever.”

If that payment gateway email thing they sent you isn’t what was in the contract, then I would call and ask questions. That’s another thing. Feel free to call people. Those things aren’t difficult to just call up the main contact person and be like, “I want to clarify. I got this email. It looks like I’m supposed to get paid. I like this idea but is this from you?” “That’s from us.” “Cool.” Even their email, if you know what their actual real email is.

It’s probably not as good as calling them but to email their full email, not a Gmail account or something else like, “I got this. I want to confirm that this is true.” We’ve gotten things from our customers that are so close that it’s hard to tell. I’m like, “This looks legitimate but I would still call your customer.” I don’t know that I want to put my reputation on that.

In some of those times, it’s good to double-check, especially that email. Know who you are getting emails from and communicating with. It’s just a couple of extra seconds. A lot of times, when you get an email, it shows the display name. With the email, you tend to ignore that. If we kept an eye on that, you would be surprised about how few issues we would run into.

I think, too, with payment gateways. I’ve got one that looked like it was from PayPal but it wasn’t. It was like PayPalPayments@Gmail.com or something like that.

It might say PayPal. It might be a PayPal button but if you hover your mouse over there, it’s like Payments.Gateway.com/ some random number. You are like, “That doesn’t look like PayPal. That’s something not good.”

Think like a hacker and where you need to be a little more cautious when living, working, and breathing online. Click To Tweet

Always check that. What about social media? It’s a similar thing. People can take over your friends on social media. They’ve got a picture that looks like them. It looks like they are contacting you, and they are your friend. What is it they are trying to do with that?

They are trying to get anything. Any information becomes valuable, which is why all these tech companies are worth money. These tech companies have no actual assets but they are worth $42 billion. They don’t sell or do anything but the data is valuable because you can market to them. They can use data for anything. If they get your password, they can sell it on the dark web. They are mining for anything, and whatever they will use, they leverage that to the highest capacity they can.

If they get your contact and nothing else, then they will email your contact list. You look weird because all your contact got an email from you saying, “Give me some money. Buy me a Walmart gift card for $500.” You will then look weird. You are like, “This looks like I wasn’t securing my own email account and passwords.” Other than that, they are just looking for money. As you said, it’s the scale. If you get $10 by 100,000 times, that’s $1 million.

That’s true. I’ve gotten these DMS on Facebook or something where someone created a duplicate account of one of my friends. Is there any telltale sign that it’s not them? I know sometimes we get a friend request from someone, and we are like, “I know I’m already friends with them.” That’s when you look into it.

In those regards, I would look at grammar and spelling. Generally, they are not always primarily English speaking. Even cultural lingo might not be as quite as natural. If you look back a lot of those times, you would be like, “If I was paying a little more attention, that is a weird way to say that.” It’s noticeable if you take a little bit of extra time with it. If someone asked you to be a friend on Facebook, they don’t necessarily have much at that point. They would have to get you to do something else. Maybe they get your friends.

In the early days of Facebook, I would accept most friend requests that people sent me because I was like, “I want to build up my fan base.” Nowadays, I don’t accept friend requests unless I know them or know someone who knows them or we have mutual friends, so I can look into them. Are they a musician? Do you recommend not accepting friend requests from people you don’t know?

At this point, probably. If you had a fan page that was not your personal, was about music, and almost no information about you, your family, friends, address or pictures of your house, if there was no personal information ever on that, I don’t know if there would be a necessarily an issue with that. Dave Matthews probably has a Facebook page that someone manages for them. They auto-accept anyone that’s going to follow the page. They are never going to be like, “Dave Matthews is back home. He just got on this plane.” There’s not going to be any link to any data that would be valuable for them to glean from that account. From a business perspective, that would be okay.

With Facebook, you put a lot more personal stuff on your personal profile. If you are accepting people as friends, they are going to know your date of birth because Facebook publicizes that.

There’s too much information on Facebook sometimes. You don’t think about it because your guard is down again, “These are my friends. I know them. We are moving. We are doing this. Here’s our new address.” Now they’ve got your birthday and address. There’s a chance they get too much information there. Maybe they don’t even do anything with that but it’s a jumping point to be like, “Now I have these couple of things. All I need is to find a password on the dark web somewhere for an account.” I have this, “What’s the month and day you were born?” That would be a weird security question but you never know. They build a profile on you, and when they have enough information, they will leverage it to whatever.

Speaking of passwords, I would love to know what you think the best way is to manage passwords. Do you recommend using things like LastPass and stuff since we have so many of them?

It’s way better to have a complex password that doesn’t change than to have them written down everywhere or have all the same password. I would also implement multi-factor authentication. If you use LastPass, Google or any one of those single sign-on platforms, if someone wants to get in to get those passwords, there’s a password to get into that password.

There’s also going to be a multi-factor authentication step where they are going to make you go on your phone, type a code in, and type it in somewhere else. There would be an extra layer that they would have to have stolen some other information from you before they could get into all those accounts. Those are much better ways of doing your passwords. Google does it and will check the dark web for you. If any of your passwords have been breached, they will tell you. LastPass does the same thing. Any of those are great. LastPass costs money depending on how you use it, how many accounts you have, and things like that.

It’s free at first, and if it was just you but if you have a team or need to share your passwords with people, which I do, then I pay for it.

It’s probably worth it for that added security benefit. We use those things at our office as well because you can control passwords where they go, who changed them, and when it changes. It can always stay hidden, so you can copy and paste it and don’t have to necessarily do whatever if you need to put it somewhere else. It will help you reset passwords when you need to pick one. Have the tool to create a complex password for you. It doesn’t have to be like chickens2021.

Something else that’s interesting about passwords that were news to me is you can type long, actual words in a sentence. If you typed something, let’s say you got something at 20 to 25 characters like MyDogReallyLikesToSleepUnderTheBackPorch. That pass was long but it’s easy to remember. You don’t have to write it down anywhere. There are things you can check online. You can go online and google password checker. It will tell you how bad your password is. Something like that with that many characters will be twenty billion years to crack the password. It’s funny sometimes. It’s almost about the length of the password and not necessarily the complexity of it.

That makes sense. Instead of having to put capitals, characters, and all that stuff in there, make it long but something you can remember.

TPM 71 | Cybersecurity

Cybersecurity: Every plug-in is an attack surface theoretically on your network. It can also make your website a little slower, so get rid of those.

 

Even some of the password generators now, like LastPass has an online generator. A lot of times, they will do that for passwords where it’s like chicken-, house- or whatever. You might get 3 or 4 different words that aren’t super long or hard to remember. That will be, in their mind, a strong password. Sometimes we think our password has to be like !@$qWJ. No one would ever memorize it ever because it doesn’t make any sense. There are ways to do it to even get into those like LastPass to make those passwords. If you had to log into them, you could make them long sentences.

It could even be the first line of lyrics to your song or something.

There’s a tool online to check that. I have never felt good about giving them my actual password but what I will do is do something near it where I will put in the amount of characters or words. It’s a fun tool to see how good your passwords are. Change a couple of things in your password but keep the length and the same complexity.

It will give you an idea. We have sat down with some customers and have shown them that. They are like, “It will take them ten days to crack my password?” Some of them are minutes or less than minutes. Some of them are zero seconds if your password is like password, God or nothing. It’s funny. There are some good tools that are free.

It makes sense not to put the actual password in there because someone could create that to steal people’s passwords.

I don’t know that I trust those websites well enough but it’s a great tool to get close to typing nearly your password in there and be like, “Wow.” My main password is 1,000 years, something like that, which is a long time. It’s not great. You would be surprised because you add a couple of characters. That’s 400,000 years.

What about their website? I know people can get their websites hacked. What is the best way to secure your website?

Keep up with it. I would imagine that most of them are probably in WordPress. If you are in something like Wix, you probably get updates and that thing automatically.

A lot of our people use Bandzoogle. I’m sure that they are getting Bandzoogle on top of things but a lot of people use WordPress.

When you log into that, is there a backend to that?

Yes. It’s basically a platform with templates and stuff.

In that case, their monthly fee is probably higher for that. Have you seen people there get hacked on that platform?

I haven’t heard a lot about that. I hear more about WordPress getting hacked.

I would imagine that if you are with a Wix or something like that because they are at least somewhat custom enough that the attack surface is low. WordPress gets attacked a lot. It’s probably billions by now in the multiples of people that use WordPress. If there are billions of websites out there, it’s worth going after them because all you have to do is find 100,000 of those who haven’t done updates ever. They’ve got plug-ins. If you are on WordPress, don’t have leftover themes because inevitably, when you are installing WordPress, a lot of times, it will toss a whole bunch of themes in WordPress.

Once you’ve figured out which one you are going to use and build your website out, get rid of all the rest of them. They are free. You can get them later. They don’t do any good sitting there. They are a target because all those folders exist in your network. Going there, get rid of those plug-ins. I would get rid of any plug-ins you don’t use. Every plug-in is an attack surface theoretically on your network. I would get rid of them. It also can make your website a little slower, so get rid of those. The third thing is to make sure to stay up on updates.

WordPress itself will get updates, and all the plug-ins will get updates as well. A lot of times, with those updates, if you are using a web builder or some of those things we use, like the premium web builder, it’s $20 a year to stay up on support, I would recommend doing that. You are running a business, so $20 a year isn’t the end of the world. If you don’t do that, you can’t get the updates.

Hackers generally don't deploy themselves. They will find a way to hack into your computer, get your contact list, and send it out from your computer as you. Click To Tweet

If there is a WPBakery Builder, the premium one, version 2.0.9.6, has issues. If you keep running 2.0.9.6 for the rest of your life because you don’t want to pay $20 a year, your website is at risk as soon as someone finds out that you are running that. These hacks get published as soon as someone finds a website that’s running it. It’s like a free game where we can do a buffer overflow on whatever website and get what we want.

Even having somebody monitoring that, I have a service that monitors it every month. It’s crazy. I get a report. For one of my sites, it says, “Multiple lockouts have occurred this month,” which means people tried to get into my site that wasn’t supposed to get in there. I’m like, “Why is this happening?” I don’t know why but I’m glad that they are making sure they are not getting in and letting me know that.

There’s probably a premium service to be on that. I’m trying to think of a couple of places we use like DreamHost. It’s like a DreamPress upgrade. A lot of them have managed WordPress, and they tend to do some of that stuff for you.

What about SSL certificates? Should we always have those?

Those are free. If you are hosting a website somewhere, usually, it will be included with your website. Especially if you are doing the payment, have SSL on there. Even if it’s a link to some other payment gateway, I would have it. Chrome now has gotten angry at sites that aren’t SSL encrypted. It’s probably a good idea, even if it’s for information to have it.

Especially musicians tend to buy their domain, which is good, to preserve it if they come up with a band name but then they are not using it. Is that leaving us open? Could someone realize this domain is not being used now and try to hack it more likely?

If you bought a domain from GoDaddy and went there, it will say like, “This site is under construction. Look forward to whatever.” They park it. Back in the day, they used to have to go into one of these websites and park themselves but they’ve gotten smarter and realize that, “Not every single one of us is a web designer.” They will check it.

If you haven’t put something there for your website yet, they will put something out for you that says, “This website is under construction. There’s a new domain. Look for some changes here coming in the next month.” It looks like you are building something. I don’t think no one could steal it. The worst part would be letting it expire, and then someone starts putting things on there like, “We started this band name.” All of a sudden, someone buys your domain when it expires.

It’s good to know. I wasn’t sure. It is clear that there’s nothing there yet, but it says under construction.

It’s not like there’s a security risk. They can’t log in and do anything. WordPress used to do that. I haven’t done a brand new WordPress install in a little while now. If you install a brand new WordPress site, you will set up WordPress for the first time by walking through some initial steps for you to pick an account and the password.

If you start building a website, make sure to finish it. If you start going through that process, sometimes there will be a token or an email they will send you to finish setting up the website and make sure that it gets done pretty quickly and that there’s not an open door for someone to make accounts while it’s in setup mode.

Is there anything else that we haven’t talked about, especially in relation to making sure who you are online is protected? As artists, our brand and who we are, are the most important thing that helps people find our music. If someone else takes that over, that’s going to be a problem.

It’s because it changes so much, I honestly think that’s what people need to do. They need to be a lot more cautious than they were. On the last Music Venture podcast, it was the same idea like, “Don’t just chuck your music online. Make sure they are copyrighted.” There’s some work to do. Make sure that you are being a little methodical about how you act, work, whatever.

When we were going back and forth, it felt like the technology side of it coincided a lot with other things you are going to have to do to start a business like, “This is a business.” It’s not like, “I want to play at the farmer’s market on Saturday.” If you are going to start a business, you are going to pursue that thing. Take it a little bit seriously. When you are getting emails and payments, employ some of that caution as you are going through like, “What is the next step? Should I be clicking on this? Is this who I think it is?” A little bit of pause would resolve a huge amount of it.

Do you think it’s also good to keep your personal separate from your business? If I have a website like BreeNoble.com, should I have all of my emails for my music coming from that website? Does that help protect you?

I would separate the business from the personal. A lot of times, your brand is you. In our company, the brand is me. We have employees, and they are awesome. They do 98% of the work. They are fantastic people. The issue with the brand was me. A lot of the things aren’t like, “Go check out our company.” It’s more like, “Here’s a new tech thing from Chris Adams.” There’s something personal about that. People know who I am.

TPM 71 | Cybersecurity

Cybersecurity: Multiple lockouts mean people tried to get into your site that were not supposed to get in there.

 

There are a lot of brands that happen based on the person. That’s the cost of doing business. Nothing about me is on the internet. I’m not like, “I’m going on doing this thing,” because I know there’s that risk. My LinkedIn and Facebook are work-related stuff because I know there’s that weird mix. My brand is who I am. I don’t post pictures of my baby and stuff on Facebook because that tends to be where people follow us for work and technology advice.

It’s such a hard line to walk because, as artists, we want people to identify with us as people. As a mom, I posted pictures of myself with my daughters and husband, and we went on vacation. That is important. What I was thinking of as far as email is when you are dealing with any online things, your booking, and that thing, have a separate email where all of that takes place. In case that does get hacked in some way, it’s also not hacking your whole personal life.

You can always create Bree Noble Music. You can create things that are still your brand that is just a different name that maybe you are a little freer on who gets to join those because you are like, “Maybe someone saw a show and wants to see what my new music is.” You don’t necessarily want them following you to see what your vacations are. I have a couple of those things too, where there are some corporate things, and then I’ve got a personal Facebook page that not everyone would necessarily know where it is or how to get there.

You have to figure out what you are comfortable with. A separate email that is for your music stuff is important because if your personal gets hacked somehow, they are not going to be going after your business contacts and vice versa.

It looks way more professional. We have some clients that are $3 or $4 million a year businesses. They have Gmail accounts or have something else that could write on our accounts or whatever old Charter Spectrum.

It could be AOL or Yahoo.

It’s so surprising because you are running a legitimate business. It says something about who you are. It’s so much more professional to have the @BreeNobleMusic.com or something. It’s not difficult to do anymore if you get some of those online builder things that are all-inclusive. If you got to do Gmail, that’s great.

You can use G Suite. If you use G Suite, you get all the Gmail stuff. We have that. It’s Bree@FEMusician.com, but it’s still using all the Google tools.

It was not expensive. It’s super easy to set up. You went from getting a Gmail account that costs you nothing. It’s a whole another tier for not that much money. You look so much more professional.

It’s $6 per person.

You look way more serious. You are like, “I’m in this to be in business. I’m going to take this seriously. I’m going to put the things in place that make me look serious. There’s a website, and it has information about me.” When I sit down with those customers and people and see those bands, they have professional things. They are doing everything well. Your initial reaction to them is higher. You are like, “They are on top of things.”

Even when you are booking things, I would imagine that makes a huge difference to people that are like, “I’m going to book someone. This person has their own domain, website, email, and all that stuff.” You are probably going to look way more serious. They are going to show up on time. Before anything has happened, not that there’s judgment in it but there’s that initial like, “I don’t have to worry as much about some things that I would have to worry about.”

First impressions are big, and your email or website is oftentimes the first impression.

Nowadays, with all the tools that are out there, there’s almost no cost to entry anymore.

You guys are so lucky. I feel like I started back in the stone age when everything was more expensive, and you had to let a customer build their website.

It costs you $5,000 to get a generic website up with a couple of pages. Now, you can pay $10 a month for Wix, and they will build it for you in five minutes.

First impressions are big, and your email is oftentimes the first impression. Click To Tweet

It could be Bandzoogle, where it’s all organized just for musicians. They’ve got all the tools you need, and you can do paywalls and all this stuff. It’s all included. You don’t have to build all this stuff out. I remember back in the day when you had to set up a merchant account, and it was all expensive.

You have to deal with PCI compliance because it’s now on you because you are putting an SSL page on your website. It’s not going to some third-party gateway.

Now we have it all built-in. If you use Bandzoogle, you don’t have to deal with any of the merchant accounts in the banks and all that stuff.

You should get some sponsorships from them. You said Bandzoogle a couple of times.

I promote them because I love them.

Give them a call. If you talk about them this much on other shows, they owe you a free account with a customer code at the bottom, like 10% off.

I will mention it, WOS15. You guys can get a free 30-day trial and 15% off with Bandzoogle. It is such a great option for musicians because you don’t have to worry about a lot of this stuff. Their platform is protecting you versus WordPress, where people can sneak in the back door.

I’m sure it costs you a little bit of money but then there’s the lack of headache, which is probably worth it.

There’s also support if something goes wrong. Is there anything else we didn’t cover? Do you feel like we’ve covered most of what musicians need to know when working online?

I don’t think so. That’s awesome. Accidentally, we got the product placement in there. That wraps it up pretty good.

Thank you so much. This has been great. I know it’s going to be helpful for people. Whatever stage of business you are in if you’ve done some of this stuff and are like, “I have done this wrong. I’m vulnerable,” go and fix it. Don’t worry. We have all put ourselves out there in ways that maybe we are not the best at first but we go back and fix it. If you are new, then you are going to be able to fix this all up from the beginning.

The musician is our target demographic but I love helping people. If anyone out there ever has questions, comments, and wants a quick, “I have this question. Do you think I should do this?” we can be like, “No.” If there are ever things like that that you hear from people looking for quick advice or something, we could help.

Let them know where they can find you online.

I would have them go through you because if they try to get ahold of me, I’m hard to get ahold of otherwise. If they call our office, they won’t get anywhere. We get way too many spam calls. The script to determine whether or not the person calling is someone we know is difficult.

You can email me at Bree@FEMusician.com if you want to get in touch with Chris. Are you on socials anywhere where they can follow you?

CCA Technology is out there on LinkedIn and Facebook and things like that.

Check that out. Thank you so much, Chris. This has been awesome.

I’m glad to help out.

 

Important Links

 

About Chris Adams

TPM 71 | CybersecurityI moved 6 times before 6 but have been in SE Wisconsin ever since. Naturally technology just made sense to me so from 18-20 I started a few tech companies until one of them seemed to stick. That was a whopping 18 years ago now and we’ve been ever evolving to stay current and at the forefront of where technology has gone in that time. My wife and I with our 3 kids live in an 1860’s farmhouse and love getting outside for whatever season activity is upon us.

Release Concierge Release Planning & Budgeting Checklist

RELEASE YOUR NEXT MUSIC PROJECT WITH CONFIDENCE

Struggling to keep track of all the steps you need to take in order to plan your next release? Release your next music project with confidence with our Release Planning & Budgeting Checklist.

FREE GUIDE: 39 LITTLE-KNOWN INCOME STREAMS

These are NOT the obvious, industry-backed income streams like streaming royalties, album sales, publishing royalties, and concert ticket sales. These are out-of-the-box solutions that will transform a Starving Artist into a Confident Creator who has ENDLESS possibilities from monetizing their music.