It isn’t just huge businesses and tech firms that have to worry about cybersecurity. An alarming proportion of cyberattacks are directed at small businesses. In just the last few months, we’ve reported on a range of new attacks, from the rise in DNS abuse to the rapid increase in fake legal websites.
There are a couple of good reasons for that. One is that many small businesses are simply not aware of how sensitive – and how valuable – the data they hold is. Even a list of customer names and email addresses can be lucrative for hackers, and if they manage to steal it you will lose both customers and reputation.
A second reason is that many small business owners lack the basic skills necessary to implement enhanced security on their website. In this guide, we’ll give you five basic steps you can take to make your site a little more hack-proof, and keep your data safe.
5 Steps for Hack-Proofing Your Website
Install Security Plugins
One of the easiest and most effective ways of locking down your site is to make use of third-party security plugins. Those that are available for your site will depend on the CMS platform you use, but many of them work in a similar way.
Common features include the ability to limit the users who are permitted to log into your site and encrypting key files. This is particularly important if you have extra systems attached to your website. Many small businesses use their website as the “core” system around which their other systems such as their accounting software or merchant services are built. Such business services rely on secure encryption methods to ensure secure customer transactions.
Hack-Proofing Your Site with HTTPs
When you are browsing the web, you’ll see that most sites will display a small, green padlock icon next to their address. This indicates that the site is protected via HTTPs, a secure form of the standard HTTP protocol that is used for exchanging information online.
In order to implement HTTPs, you will need to download and install SSL certificates which tell visitors that your site is legitimate. These can be bought from a number of providers.
Using HTTPs not only makes your website more secure, but many users will not even be able to access your site unless you are using this system. Google released a Chrome update in July of 2018 that alerts website visitors if your website doesn’t have an SSL certificate installed. This means that many Chrome users will simply go elsewhere unless you are using HTTPs.
Update Your Software
Everyone knows they should keep their software up to date, but few of us take the time to do it regularly. Whilst you are improving the security of your website in other ways, take the opportunity to update all of your software as well.
This is particularly important if – as we mentioned above – you are using your website as a core part of your business infrastructure. Over 51% of companies are now taking advantage of the “Software as a Service” model to source key pieces of software, and this comes with huge security advantages. If, that is, you can keep your software up to date.
Hack-Proofing Your Passwords
Using strong, unique passwords for your site is another step that might sound basic, but it’s incredibly important for making your site hack-proof.
The most common forms of cyberattack are still those that attempt to guess your login credentials, and most of these can be defeated by using a password that is long and complex enough to resist being guessed.
If you only edit your website from one place, you can also add another layer of security. Many of the security plugins mentioned above will give you the capability of limiting website users by their IP address, which will mean that no-one else can log into your website even if they obtain your password.
This is one key element in implementing a zero-trust security strategy if you work together with a team of people. If you often work remotely, on the other hand, there are other ways of staying safe when working in this way.
Backup, Backup, Backup
When most people think of hacking, they imagine that a criminal will break into their site and steal their data. That’s not always the model, though. In attacks that make use of “ransomware”, a criminal will merely encrypt your data, and then demand that you pay them in order for it to be returned.
The best defense against this type of attack is to backup regularly. If you have a copy of all of your key data, you will not need to pay the ransom. There are plenty of automated backup systems around, and many of the best web hosts offer an automated backup of your website for free. Make use of this feature, and you won’t even have to remember to manually back up your website.
Hack-Proofing Your Website is a Process, Not an Event
You should also be aware, however, that ensuring website security is not a one-off task. Instead, you need to spend regular time auditing the security of your site and looking out for new threats.
In taking action now, you’ve taken the first steps toward making your site hacker-proof, but you’ll also need to review your security regularly in order to stay that way: making a habit of checking your security should be one of your cybersecurity resolutions for 2020.
Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.