If you have a website, one thing that it is worth spending time and money on is ensuring that it stays secure.
What are the threats?
Cyber-threats are constantly increasing and cybercriminals get smarter by the day. The most common threats to websites are outlined below.
Ransomware is malicious software that prevents access to a website until the ‘ransom’ money is paid to the perpetrator. If your site or the server that hosts it is disabled by a sophisticated ransomware attack the cost to get it back up-and-running can run into the thousands (Los Angeles Valley College recently paid a $28,000 blackmail demand!). In addition, there may be permanent damage to your reputation.
Phishing is a common attack that involves sending bogus or counterfeit emails that trick people into revealing sensitive information such as passwords, credit-card numbers and so on. They usually do this by including a link that sends the recipient to a bogus website. Email boxes linked to websites are a popular target.
Malware is a general term that covers a range of menacing software, some of which aims to disable websites. Other types are secretly installed into websites in order to exploit its visitors. If malware is detected on your site by a search engine, people trying to get to your site may get a warning that says “This site may harm your computer”. This causes customers to abandon their visit, costing you sales and your reputation.
4. DDoS attacks
Distributed denial-of-service (DDoS) attacks usually involve “bots” (robotic agents) deliberately overwhelming a company’s server with access requests, making the website inaccessible and often freezing the server as well. The bots are often distributed using a virus. DDoS attacks are difficult to prevent but better antivirus software has made them less common.
5. User error
A simple user error is capable of taking a website offline. This can happen if a member of staff accidentally deletes an important file or corrupts a database entry. Once you have lost access mistakes can be difficult to reverse.
It is not uncommon for disgruntled employees, or ex-employees, with legitimate access credentials to take a website offline deliberately.
Seven steps to protect your website
1. Install an SSL Certificate
Installing an SSL certificate creates an encrypted connection between a user’s browser and your web server. It ensures that all data is exchanged over a secure connection. SSL certificates range in price, but about £35 will get you a decent one. It also makes you look reputable.
2. Use strong passwords
Make sure that log-in credentials for your website are not easy for hackers to guess. Passwords should be unique, at least 10 characters long, and include a combination of numbers, letters (uppercase and lowercase) and special characters. You might want to consider using a password manager app to generate and remember secure passwords.
3. Choose secure web hosting with good support
Opt for a provider that offers comprehensive monitoring and firewall protection and is able to swiftly block any threats. They should also offer 24/7/365 support via multiple channels.
4. Keep your software updated
Hackers often target vulnerabilities in old versions of software, so make sure you install updates as soon as they are released. For example, a WordPress site depends on Linux, Apache, MySQL, PHP, themes and a variety of plugins – all of them need keeping up-to-date.
5. Consider Cloud migration
You can replace onsite software with Cloud versions, and you can also have Cloud-hosted websites. Cloud services can reduce pressure on local network and website resources. In addition, Cloud providers build their systems to meet strict data standards, have built-in security monitoring, and offer data backups that are mirrored and kept in multiple places.
6. Conduct regular website security audits
Conducting regular website security audits helps you to identify and fix vulnerabilities before they can cause damage. You could take advantage of a scanning tool such as Sucuri SiteCheck which will scan your site for malware, site errors and out-of-date software. Try and run security scans at least weekly.
7. Hire security experts
You can only do so much yourself when it comes to security. If you feel you need extra help, there are hundreds of specialist companies offering website security solutions. They have the experience, knowledge, and the qualifications to bolster your website security.
Website security is crucial. A hacked website can cost thousands, compromise your customers and damage your reputation. There are plenty of cybercriminals willing to harm your business to make money. Your website will come under attack at some point – so you need to be ready for it.