Web Security is Important for Small Business Owners Too!
There are simple steps you can take to make sure that your website and your website visitors are protected.
When you think of cyber attacks, you might picture an action movie where government servers are hacked in an attempt to take over the country, but the truth is small business websites are vulnerable to hackers everyday.
Why Your Small Business?
These cyber attacks probably aren’t due to someone hand-picking your website as a target, but rather using automation to identify vulnerable websites. Automation allows hackers to compromise many sites at once with tools that are readily available.
The hackers for the most part don’t care about your specific site information as much as having control of a site they can use to spread malware, attack other sites, serve ads and send out spam emails. If they get caught, it is your site that gets implicated. You may not even know that your site is hacked.
Why Should You Care?
We don’t just go online anymore, we live online. When people visit your business online, they need to know that they can trust your website.
Even if you don’t have an e-commerce site, if customers lose trust in your website and brand, that could mean financial losses for your business.
Website blacklisting means search engines remove your website from their indexes, resulting in a loss of nearly 95% of your organic traffic.
One aspect of the secure web is using the HTTPS protocol, which encrypts the information sent between your website and the user’s browser. You know you are on a secure website when you see the green lock icon and https:// in your browser.
Starting in July, Google Chrome will start marking sites that do not use HTTPS as insecure.
What Can You Do?
In addition to the basics of using strong passwords for your website and enabling 2-factor authentication (for example, when you get a text message code to enter in addition to your password), there are a few other steps you should be taking as a website owner.
Enable the HTTPS Protocol
In order to use the HTTPS protocol on your site you will need an SSL certificate. This certificate authenticates the identity of a website and encrypts information sent to the server. There are different types of certificates available depending on how many domains you want to secure and the level of authentication provided. At one time they were all very expensive, but you can now purchase certificates at a reasonable cost or even use a free certificate from Let’s Encrypt which is working to make the web 100% secure. Be aware that it does require some technical knowledge to get the certificate installed on your site.
Keep Website Software Up-to-Date
Most automated hacking attempts are trying to exploit known vulnerabilities in software used to run your site – WordPress, Drupal, Joomla, or any of the plug-ins associated with them. The vendors patch the software to remove the vulnerability, but if websites are not updated with the new software versions, the site is a target for bots looking for vulnerable sites to exploit.
Use a Website Firewall
In addition to a secure hosting provider, a Web Application Firewall is a good choice to protect your website. The web application firewall sits between your website and blocks bots and other malicious traffic to your website. It also virtually patches against exploits so you are protected as soon as the exploit is identified even if you haven’t had a chance to update your software yet.
Here is an example from a small site of the type and number of attacks that were blocked over the course of a few weeks.
We use and recommend Sucuri (affiliate link) on our sites. In addition to the web application firewall they include and manage the SSL certificates, and can give your site a performance boost as well. If you are hacked, they will clean the site for you as well.
If we manage your website, you are already covered for all this and more. If you need a website update contact us!