As a business owner that relies on a good online presence or effective e-commerce website, there is nothing worse than being hacked. There a variety of hackers out there and in some cases a vulnerability in your website can result in loss of valuable data, your content being altered or deleted and even your business data being held for ransom (known as ransomware).
As a small business owner with a basic website you may be under the impression that your site has nothing worth getting hacked for, but websites big or small are compromised all the time. Most website hacks are not necessarily to steal data or vandalize your website but rather to use your server as a relay to send spam mail or set up a temporary place to share files (which could be of an illegal nature). A lot of smaller hacks are automated using scripts that explore the internet to find websites with well-known vulnerabilities and exploit them.
Discussed below are some ways you can protect your website and prevent hacking:
- Make sure your software & technologies are up to date: Although this is quite an obvious suggestion, by keeping all your software and web technologies up to date you can prevent any security flaws in older versions being exploited. For instance if you are using a CMS or back-end platform such as WordPress, ensure that it is up-to date with the latest version. Any 3rd party plugins used on your websites (especially on wordpress) should also be kept up to date with the latest security patches.
- Install additional security plugins where required: If you have a dedicated server for your business ensure that updated firewalls are set up to prevent the server from being hacked. In addition you can use other security plugins such as ‘Bulletproof Security’ for WordPress or the application ‘SiteLock’ to monitor and resolve any vulnerability in your site.
- Use HTTPS and SSL: This cannot be stressed enough, an HTTPS enabled website with a valid SSL certificate is not only helpful for security but also trust. HTTPS on your website will add an extra layer of encryption to your website and has an impact on customer perception and Google search. On a previous post we discussed why an HTTPS enabled website is important.
- Use parameterised queries: This is something for your website developers or in house IT team. Parameterised queries are a simple fix to a common website attack known as SQL Injection. These are attacks when a hacker uses a form field or URL parameter on your website to gain access and make alterations to data. An SQL Injection attack can have serious consequences so it is essential that preventive steps are taken during development of the website.
- Make sure your website passwords are secure: Make sure your website designers have implemented good password encryption when authenticating a login. In addition to this it’s important to use strong password no matter how tempting it is to have one that’s easy to remember (the most common password is still 12345 or abc123).Make use of online password generators or just add numbers and special characters to what you would normally remember. Some websites now offer two step authentications where you need to enter a password and a security code that is texted to you during login. Although this can be inconvenient, if you website deals with especially sensitive information then it’s worth considering.