UPDATE — JULY 24, 2018: Today Google began rolling out Chrome 68. Now, Google’s browser will display a “Not Secure” warning next to the website in the address bar if the site is not secured with HTTPS.
Consumers place an enormous amount of faith in companies when they share private information with them, but the reality is, they’re facing a fight online. Cyber attacks cost Australia more than AU$1 billion a year and they are continuing to increase. Is it any wonder website security is on just about everyone’s mind?
If your business collects customer information such as names, passwords or banking details, you have a responsibility to protect that data. Read on for a list of website security tips you can implement today.
Ward off hackers with these 6 tips
No matter how small, no business can succeed without a solid digital security strategy. Use these tips to craft yours.
Use a reputable web host.
Get an SSL certificate.
Scan for malware daily.
Use strong passwords.
Add two-factor authentication.
Keep all software up-to-date.
Before we list the website security steps you should take, let’s talk about what’s at stake for your business.
The rising costs of cyber crime
It’s easy to take an it-won’t-happen-to-me approach when it comes to website security — especially for small businesses. But chances are, if your website hasn’t already been compromised, hackers will try sooner or later.
According to the national Cyber Aware National Report, 20 percent of small and medium-sized businesses (SMBs) have suffered a cybercrime event.
Forty percent of these events cost the businesses between $1,000 and $5,000; for most of these businesses, the costs were unrecoverable.
The national study, commissioned by various state small business commissioners and the Australian Small Business and Family Enterprise Ombudsman, investigated cyber security awareness amongst SMBs across Australia. It found:
SMBs are worried
Cybercrime is rated by SMBs as the third-biggest risk to their business, with a further 83 percent saying their concern is heightened by recent worldwide cybercrime events.
Fear is holding them back
Forty-two percent of SMBs believe they can protect their business from cybercrime by limiting their online presence — discounting the significant economic benefits of a greater presence online.
What they don’t know is hurting them
Well over half of SMB owner-operators continue to unknowingly expose themselves to cybersecurity risks through their most frequent online activities — sending and receiving emails and using social media.
The threat of cyber crime is real, yet as the study clearly shows, Australian businesses aren’t adequately prepared. With 44 percent of business owners turning to Google for help with website security, there’s a knowledge gap among Australian consumers.
Protecting your business website and tackling cyber crime head-on doesn’t have to be complicated. Here are six tips to help you protect your online business.
6 tips for bolstering your website security
Ready to beef up your website security and start sleeping better? Implement these six security strategies.
1. Use a reputable web host
A quality web host is your first line of defense against cyberattacks on your website. So rather than opt for the cheapest host, do your homework and invest in a solid hosting package with a reputable host.
Check that your web host supports the latest versions of basic web technologies, such as PHP and MySQL. PHP 7 is the official recommended PHP version for WordPress, which now powers 30 percent of all websites.
2. Get an SSL certificate
If you don’t already have an SSL certificate set up for your site, now’s the time to do it. With the release of Chrome 68 in late July 2018, web sites that don’t have SSLs will be marked as “Not Secure.”
Starting in July, anyone who tries to visit a website not protected by an SSL will get a warning that the site is untrustworthy.
This change is a big deal because Chrome has 60 percent browser market share. This means if you don’t have an SSL, 60 percent (or more) of your visitors will see a warning when they access your site. Chances are, they’ll click away.
An SSL certificate ensures that any information sent to or from your site is encrypted and protected during transit. It’s especially important if you run an eCommerce site, since banking details are particularly attractive to hackers.
Your first port of call when getting an SSL certificate should be your web host. GoDaddy offers a range of different SSL certificates, depending on the security needs of your website.
If you prefer to DIY, you can get a free SSL certificate from Let’s Encrypt and install it to your hosting account manually. This option requires a basic understanding of shell commands and shell access to your hosting account.
3. Scan for malware daily
Hackers routinely target poorly protected websites and upload malware in an effort to break into the site. There are various ways they can do this — by disguising the malware in a plugin, through email attachments, or by injecting malicious code into a comment submission form, for example.
A popular misconception is that hacking is all about defacing a web page. More often than not, hackers don’t want you to know that your site has been hacked.
Some hackers want to sneak around your website and use your site’s resources to carry out malicious attacks.
It’s often hard to identify malware, as it can be pretty well-hidden within your website. This is why it’s important your website security plan includes regular malware scans. There are security plugins available for WordPress that can help with this:
Good web hosts also provide malware scanning — GoDaddy’s Website Security includes automated daily scans, unlimited malware removal and ongoing monitoring to keep your site off the Google blacklist.
4. Use strong passwords
Always create and use strong and unique passwords — preferably based on pass phrases — for your website, email and any other accounts associated with your online business.
Like usernames, passwords are another piece of the puzzle for hackers to guess. The stronger your password, the more difficult you make it for hackers to successfully log in to your website. If you use WordPress, it will automatically force a strong password during installation and ask you to check a box if you enter a weak one on purpose.
If you need a hand coming up with a strong password, read this for tips. Or use a tool like Secure Password Generator — it will create strong passwords for you. Be sure to keep them safe and don’t share them with anyone.
5. Add two-factor authentication
Even with a strong username and password combination, Brute Force attacks can be used to guess your log in details. This is where two-factor authentication can help.
Two-factor authentication introduces another step in the login process. You still enter your username and password, then you’re asked to enter a code that is sent to your mobile device or authentication app. This thwarts automated Brute Force attacks designed to crack your username and password combination.
GoDaddy, for example, provides two-factor authentication as an option for all its user accounts. WordPress users can add this extra layer of security to their websites with plugins like Two Factor Authentication.
6. Keep all software up-to-date
Ensuring all software you use for your website — including your Content Management System — is up-to-date and running on the latest version is one of the easiest ways to protect your site from attack.
Only download and use software (such as WordPress plugins and themes) from credible, reputable sources, such as premium providers. While it might be tempting to use free software, sometimes dodgy developers insert malicious code, which would compromise your site.
Lastly, only keep software on your site that you’re actually using. The more unused software you have, the higher the risk of getting hacked. So review your site regularly to ensure it’s lean and running on essential software.
Bonus points: Back up your website
Scheduling regular backups is a must. Despite your best efforts, your site might still fall prey to an attack. So it’s critical that you’re ready and have a plan in place for quickly restoring your site in case of an emergency.
Check out GoDaddy’s Website Backup service; it can safeguard your website and data with automatic daily backups and one-click restore.
Website security is your responsibility
Like filing tax returns or submitting business activity statements, digital security is another important facet of running a business that SMBs need to prioritise. It’s not something you can simply put in the too-hard basket — not when 20 percent of Australian SMBs have already suffered a cybercrime event. Businesses are spending literally thousands of dollars each year cleaning up after hackers who penetrate their sites.
Hopefully, the tips above have given you a basic understanding of website security. If you’re new to securing your website, start small and keep building. Update your password with a strong one, and then move on to the next tip you feel you can tackle. If you feel out of your depth, get in touch with your web host for advice. It’s far better to be proactive than wait for a hacker’s attack.