Is Your Small Business Website Secure?
There are a few subjects that are important to talk about over and over again. Security is definitely one of them. And with October being National Cybersecurity Awareness Month, there is no better way to kick it off than to evaluate the security of your own website. Is your small business website secure? Let’s take a look.
It’s your responsibility
When it comes to website security, there are multiple angles to be considered. I have previously written about how you, as a website owner, even if you aren’t the technical person in your company, still play a very important role in your website’s security. It’s critical that everybody in your organization realize the part they play in your website’s security and that article is a great way to introduce them to it. Please share it with your team.
Whether you have a designated in-house IT professional, a vendor to whom you outsource your website maintenance tasks, or a tech-savvy nephew who enjoys managing your website for you, you as the business owner still have a responsibility to ensure the security of your website. Not doing so can have an adverse affect on your bottom line. A hit to your profits should be enough motivation to make you sit up and pay attention.
Now you’re asking, “But John, what can I do to my website to increase security?” Well, I’m glad you asked. Because that’s exactly what we’re going to talk about here today.
Be relentless about passwords
Just this past week, you probably heard that Facebook had a security breach that exposed account details for 50 million users. Now, let me ask you, are you using a plugin that allows you or your users to login to your website using their social media logins? Sounds scary.
Having a strong password is obviously important, but it’s not enough to create a strong password and then never change it. Yes, it’s a pain to be changing your password on a regular basis. But, isn’t that a lot easier than having to deal with your website being hacked?
If you have trouble remembering strong passwords, look into password management tools like 1Password or LastPass.
Use a good host
If you do a search for “cheap website hosting,” you will find literally thousands of hosting companies that are happy to set up your website on a shared server with thousands, maybe even tens of thousands, of other websites all on the same box. You think you’ve found a great deal because you’re able to host 100 websites for 10 bucks a month, but should your search for a reliable website host be a race to the bottom of the barrel? Is that what your website is worth to you? I didn’t think so.
With cheap shared hosting, you run the risk of poor performance simply due to the amount of sites crammed onto one server, but there are also security risks that come with it, too. One such risk is the possibility of your site being affected by a vulnerability on another site hosted on the same machine. For example, if another site on your same server inadvertently gives a hacker access to the server, your site is at risk through no fault of your own.
Think about paying for good hosting as you would paying for insurance. It’s expensive, but you will be glad to have it when an issue arises.
Use a security plugin
You need to understand that a hacker almost certainly isn’t interested in your website alone. But since roughly 30% of the top million websites on the internet are built on WordPress, that puts a large target on any and all WordPress websites. The reason is that hackers are inherently lazy. They aren’t going to spend hours trying to hack into YOUR website. Instead, they’ll spend their time working on automating scripts to attack a lot of websites all at once. Face it, most of us don’t have the time or skill set needed to thwart determined hackers. For this, we need help.
Rather than trying to brace yourself against one specific style of vulnerability, you should look at a tool like iThemes Security. It will help you shore up holes in your website’s security that you may not even know you had. Protection from brute force attacks, strong password enforcement, file change detection, and locking out users with too many failed login attempts are just some of the ways it can help protect your small business website.
Security monitoring and site backups
If you’ve ever seen a movie where a hacker takes over control of a website, they always show it as a big glowing skull and cross-bones being displayed on the affected website. That is, of course, Hollywood exaggeration. Honestly, that would be easier to detect and deal with. Alas, that’s far from how hacking usually works. Instead, a hacker may do subtle things that you may not notice for months, years, or maybe not notice ever. For example, they might inject links into old blog posts on your site. That may sound pretty harmless, but depending on where they’re linking to, it could affect your SEO or even get you blocked by search engines entirely.
In a perfect world, we would be able to block all hacking attempts. But, as the news of Facebook’s recent breach reminds us, no matter how big the company and no matter how much effort you put into blocking security risks, bad things can still happen. This is why it’s extremely important to set up security monitoring. Services like Maintainn, a WordPress maintenance and support company, can keep an eye on your site and let you know if something unexpected is going on with it. They can also assist you with offsite backups of your website. If you find out your website was hacked a week ago and you have a backup from the week before, getting your site cleaned up and back online quickly becomes a snap. Without a site backup, it can be a Herculean effort.
Don’t be scared, but don’t be complacent
I know very little about working on cars. Okay, fine, I know nothing about working on cars, but I do know that if I don’t change the oil, or have somebody change it for me, bad things will happen. I know that if I don’t lock my car, somebody may steal my belongings in the car, or steal the car itself. I take a few simple steps that can cost me a little money, but they protect my car from harm. This doesn’t mean my car isn’t still at risk, and bad things might still happen, but I’m doing what I can to lower that risk.
My goal here isn’t to scare you. But, if you’re knowledge about websites is anything like my knowledge of cars, it’s important to educate yourself and at least learn the basics. If you’ve read this far into the post, that’s a great first step. Now, go check out some of the resources I pointed you to and sleep soundly knowing that you’ve taken steps to protect your website and your business.