Website security is a growing threat for small businesses. According to Google, 61% of small businesses were the target of a cyber attack in 2021 and 43% of ALL cyber attacks happen with small businesses. If you operate a small or medium sized business, chances are you are new to website security and how to properly defend yourself from a cyber attack. We’ve compiled 6 powerful ways to bolster your website security and help keep your business secure today and into the future.
1. Educate your employees about website security.
If you have employees, chances are you have or will delegate some aspects of your website management to them at some point. Whether you are updating your company’s web pages, adding photos to existing pages, or monitoring website traffic, it is imperative that anyone who has access to your website assets be properly trained on the various aspects of website security. The basics we cover below are some good starting points to help build your own website security training program and revisiting this training regularly can help you thwart a potential cyber attack in the future.
Cyber attacks can be costly for your business and also your customers, so this issue isn’t something to take lightly. Even considering the downtime of your website after a successful hack, you could lose business and credibility within that time frame. If you don’t have employees, it is still good to educate yourself on website security basics and to follow website best practices to maintain a secure website.
2. Use an SSL certificate.
An SSL, or Secure Sockets Layer, is an encryption-based internet security protocol. An SSL is standard technology for securing an internet connection between a website and a user’s browser. It prevents hackers from seeing or stealing any information transferred, including personal or financial data. The easiest way to tell if your website has an SSL is to ensure it’s address contains “HTTPS” not “HTTP” before the URL. An SSL is crucial to website security for both your website and for customers accessing your website.
Not even accounting for the additional security provided by an SSL, users will receive a warning once they navigate to your site warning that it is an ‘unsecure” connection. This is usually enough to deter potential customers from visiting your site, meaning less potential leads for your business. If you operate an ecommerce site, it is 100% required to have an SSL in order to use an online payment processor on your website and there are automated processes in place to inspect your site prior to you being approved for an online payment processing account.
An SSL can be set up through your host and there are free or low-cost options available depending on your website host and or who your website developer is. At YouWho Digital, we provide all of our customers with a free SSL through our hosting platform so you don’t have to think twice about this basic website security feature.
3. Use strong passwords and change them regularly.
Your website security is only as good as the preventative measure you put into place. Having a strong username and password for your websites is one of those preventative measures. I know it can be tempting to use “Admin” as your username, but doing so makes it exponentially easier to hack your website or host server. Once they can guess your username, a hacker can use programs to guess your password in a matter of seconds. Use a username that is unique and mix in numbers if possible.
The same for your password. A password containing only numbers can be guessed instantly, but a password containing a mix of numbers, upper and lower case letters and symbols can take days to years for a hacker to crack. It is also a good website security best practice to use different usernames and passwords for different platforms. In the instance you do have a breach, having different usernames/passwords helps to limit the extent that hackers can breach your other platforms and accounts. Using a password manager is a great way to keep track of your different passwords and help to create unique credentials for each instance you need them, without requiring you to memorize each login!
4. Use a firewall.
Malware is everywhere today and hacker bots are constantly attacking websites to find a vulnerability. Another powerful way to prevent a hack is to install a firewall on your website and scan your site daily for malware and other vulnerabilities like outdated themes or plugins that could provide a hole in your website for hackers to access.
Wordfence and Sucuri are two free or low cost options to help in this area and they can exponentially increase your website security with little or no effort on your part – even if you don’t have much experience with website security. These resources are meant to help secure and deter potential website security issues and are regularly updated by their respective internal teams to stay on top of new threats and vulnerabilities from bad actors.
5. Keep your plugins and themes up-to-date.
Your website plugins and themes are constantly being updated by their developers to include security patches for vulnerabilities along with their new features. Keeping plugins and themes updated is one of the single best ways to maintain website security. An outdated plugin can contain errors or unknown vulnerabilities that can offer an entry point to hackers or malware. If exploited, these vulnerabilities can crippled your website and leave you spending time and money to recover your website and all of its contents. There could also be the possibility that these hackers could install ransomware and hold your website as a form of collateral to collect money from you.
These are all situations that can be avoided by regularly keeping your website and its components updated. In a perfect world, you would be checking your site at least once a week to ensure everything is up to date and functioning properly. If you don’t have the time or expertise to manage your own site, it could be a worthwhile investment to hire a website management agency to help you keep your site updated and secure. This simple task could save you hundreds if not thousands of dollars later as well as the peace of mind that comes along with a secure website.
6. Back up your website regularly.
In 2021, 61% of small businesses were the target of cyberattacks. Small businesses also account for nearly 43% of ALL cyberattacks on businesses. The best defense is sometimes a great offense and by taking daily backups of your website, you can quickly restore your site should something go wrong. Without a website backup, there may be a chance that your website cannot be recovered from a cyberattack and you will be left building a new website and having to recreate the content, pages, and products on your website.
Check with your hosting provider or website manager to ensure they are taking daily backups and always maintain an offline backup if possible. At YouWho Digital, our website hosting platform automatically creates daily website backups and stores them for 7 days, all at now cost to the customer. We also have the ability to store manual website backups and will do so at regular intervals or if we suspect an issue.
By following these website security best practices, small businesses can help to protect their websites from attack and keep their data secure. To learn more about website security or to have us perform a free website security audit, contact us at YouWho Digital today!