UPDATE — JULY 24, 2018: Today Google began rolling out Chrome 68. Now, Google’s browser will display a “Not Secure” warning next to the website in the address bar if the site is not secured with HTTPS.
If you’re like most small business owners, you know you need to get more informed about cyber safety but might not be sure how to get started.
Want to check if the windows and doors on your website are secure? Look here for tips on how to review your website’s security status.
With the many breaches of data security around the world and across Australia recently, it’s becoming increasingly important to be diligent with online security. You owe it to your business to at least do the minimum to reduce the chance of being victimised.
Just as a “Beware of dog” sign and your dog’s stress bark can stop criminals from breaking into your home, there are similar preventive measures you can take to protect your online “property.”
Listen to learn how SSL encryption can protect your website:
8 things you can do to safeguard your website
Why risk the cost and embarrassment of being hacked? Use these tactics to keep digital criminals away.
Verify your site in Google Site Console.
Invest in a malware cleaner.
Get an SSL certificate.
Install a web application firewall (WAF).
Keep your CMS up-to-date.
Use a different password for every site.
Give every user their own account.
Make sure your site is backed up.
The truth is, all websites are targets for hackers. Here’s what you can do to minimise your risks.
Who is at risk?
You might have heard that malware has been used to compromise Australian factories and even traffic lights!
But business websites are increasingly popular targets — and the size of your business doesn’t matter to the bots that are constantly scouring the web for ‘easy’ targets.
The risk for a small business website is now greater than ever and not limited to online merchants and shopping sites.
These automated computer programs look for sites running versions of vulnerable systems and automatically attack them. If they can get sufficient access, they can then turn that website or server into another machine in their bot army to send spam and/or attack other sites.
In many cases, planting malware is the first part of a break-in. If left untreated, other mayhem could follow. What’s more, malware is increasingly versatile and destructive. It can do all sorts of bad things, including:
- Erase all your data.
- Steal your customers’ information.
- Encrypt your data and hold it for ransom.
Editor’s note: If your site has already been infected with malware, GoDaddy’s Express Malware Removal can begin cleanup in as little as 30 minutes.
Get ahead of hackers with this checklist
Hackers don’t really care where they get their digital goodies — they’re simply looking for the path of least resistance to data they can sell on the darknet. Here’s how to fight back and protect yourself.
1. Verify your site in Google Site Console
If you enter your website in Google Site Console, the search engine will alert you if it finds malware on your site. Although Google typically sends malware alerts to your Message Center, you can have your Message Center messages forwarded to your email account.
2. Invest in a malware cleaner
Hackers look for the tiniest gap in your cyber safety protocols and use it to take over your website or blog. One of the easiest proactive measures you can take is to get a malware scanner for your website. There are many comprehensive malware cleaners available, including GoDaddy’s Website Security, powered by Sucuri.
Automated daily malware scanning and removal can head off security breaches that would otherwise cause business downtime and negatively affect your reputation when the word gets out you’ve been hacked.
3. Get an SSL certificate
Another key cyber safety strategy is to add an SSL certificate to your website. These digital certificates encrypt data as it moves between your site and visitors. It is the “Beware of dog” sign for your website and an essential step to establishing site security. Hackers can’t intercept these encrypted exchanges, so anything your customers submit to your site — passwords, credit card numbers and other private and confidential details — is safe.
SSLs are becoming so important to search engines that Google Chrome will soon display a warning when anyone attempts to visit a site that isn’t protected by a valid SSL certificate.
4. Install a web application firewall (WAF)
A web application firewall (WAF) is a cloud-based service that screens web traffic in real time, determining whether the traffic is normal or malicious. The WAF enhances cyber safety by blocking malicious traffic from reaching your site, while allowing legitimate visitors to proceed unimpeded.
Editor’s note: A WAF is included with the Express and Deluxe plans of GoDaddy’s Website Security malware cleaner to deflect malware between daily scans.
5. Keep your CMS up-to-date
Updates include security patches for recently discovered vulnerabilities, so the sooner you update, the sooner you’re protected. Don’t forget, hackers only need one door or window to sneak in and cause havoc.
6. Use a different password for every site
If ever there is a breach, having different passwords prevents the damage from easily and quickly spreading across all your sites. This goes for devices, too. Since all devices are now interconnected, a security gap in one makes all of them vulnerable to break-in. You can find tips on creating strong passwords that are harder for thieves to decipher here.
7. Give every user their own account
Another simple cyber safety strategy is to avoid sharing accounts between people, limiting each user’s access to only the data and repositories/folders they need to use. Don’t give anyone unrestricted ‘admin’ privileges unless they are completely trustworthy and require that level of access.
8. Make sure your site is backed up
It is recommended that daily backups are done with backups stored off-site for 30 days. Test the backups regularly to ensure they are complete and that restoring the site can be done quickly by staff who are readily available. It serves no purpose to have a plan that relies on just one person who might or might not be available when needed!
Cyber safety efforts pay off
I’ve been saying for quite a while that “an ounce of perspiration is worth a gallon of blood,” which rings especially true when it comes to cyber safety. There are many little things that can make a big difference to removing the temptation for spam or malware bots to pick on your site rather than other less well-protected sites. Use these strategies to make your website as secure as possible.