SearchRise

Website Security-Why it matters

Introduction

You could be forgiven for thinking that only large multi-national companies, banks and government agencies are targeted by cyber criminals, after all we’ve all seen huge organisations such as Talk Talk, Sony and even the US presidential election hacked, but you would be wrong. There has been a massive increase in small business cyber-attacks over the last few years. In fact, according to recent studies over 40% of cyber-attacks are aimed at SME’s. It’s often a challenge for smaller companies to protect themselves from potential threats as they often don’t know they have become a target until it’s too late to do anything about it.

Your site may be small and you might think you have nothing valuable to offer a hacker but these people use automated tools and sophisticated software to find vulnerable sites, this means there is no consideration for size or industry and any website is a potential target.

Your website more than likely offers some form of communication with its visitors and when any interaction takes place you have a potential web security risk. These include;

  • Transferring to a page containing dynamic content
  • Searching
  • Contact forms
  • Logging in to an account
  • Requesting a quote
  • Shopping carts
  • Creating an account
  • Signing up for a freebie

Yes, I hear you cry, but I don’t take online payments so what harm can a hacker do? Well, believe me, a lot! Although lots of cyber-attacks are aimed at stealing credit card or banking details there are many other ways a hacker can cause chaos.


DDoS (Distributed Denial of Service)

Distributed denial of service or DDoS attacks as they are more often called are one of the most common cyber-crimes, multiple compromised systems, often infected with a Trojan, are used to maliciously target a single system resulting in a Denial of Service.


Malware

A program designed to infect and damage a system, Malware is a general term which can cover everything from advertising software to viruses. It can also transfer the user into other hacked devices controlled by one or more hackers, yes believe it or not these people do have friends and unfortunately for your business are happy to share their successes. These networks can also be used for DDoS attacks.


Inside attacks

Former disgruntled employees can gain access to your website and cause damage to your reputation and business so it is essential that all access is revoked after a contract has been terminated.


(XSS)

Cross-site scripting attacks insert malicious JavaScript into your webpages, and can alter page content, or steal data. For example, if you show comments and reviews from clients on a page with no validation, then an attacker could submit comments containing script tags which would then run in all your user's browsers, allowing the hacker to take control of every users account who viewed that comment.


Injection

This involves exploiting the website and the impact to a small business can be dramatic, especially when the hacker compromises legacy systems and accesses internal data, it can be used to undermine customer's trust in your company, alter or completely destroy a database's content.


Password attacks

Hackers use sophisticated dictionary programs until they find the right combination to gain access as well as keylogging software which tracks all of a person's keystrokes, including passwords and log ins and consequently gives them the right ones needed to gain access to sensitive information.


Spam

We've all heard of spam which is where the hacker sends out bulk emails, so with either advertising or phishing scams. If these are sent out repeatedly and are traced back to your website or hosting, the server may be blacklisted, stopping your business from sending legitimate emails.


Phishing

Source: UniversityofIdaho.com

This is where emails are sent in order to scam the user into giving private information that can be used to steal money or for identity theft. We've all had these dodgy emails at some point, they are extremely common and the last thing your business needs is one of these scams being traced back to you instead of the real culprit.


All of these cyber-attacks are bad for your business and could result in the following:

  • Your website could go down completely, losing you business
  • Your reputation can be damaged
  • You could be fined
  • Your website will lose its ranking
  • Your site will not be considered trustworthy by Google
  • You could suffer financial loss
  • It could be costly to repair the damage

You wouldn't leave home and leave your door unlocked so why do it with your website? Security measures are important and there are things you can do to prevent cyber-criminals from targeting your business website including:


Passwords

A strong password is the first step in website security and it needs to be regularly changed the best way to this is to use a password manager they can create complex passwords and store them so you don't need to remember them every time you log in. Some great password managers include Soft-o, KeePass and Dashlane.


Security updates

These keep software such as content management systems safe from vulnerabilities, and are the responsibility of your hosting company so be sure to check they have these important measures in place.


Implement HTTPS (SSL)

This will encrypt data as it transfers between the server and browser, making it completely useless to cyber criminals if they intercept it.


Monitor Google Analytics

This will give a heads up on any negative trends which could be due to hacking activity of course this could also be impacted by poor website design or content but if your website is usually ranked highly and suddenly drops dramatically it could be a sign you've been targeted by hackers.


Have a Backup

Imagine losing all the data stored on your site, scary thought uh? A good tip is to have some off-site backups and verify routinely, so that if you ever need to restore from backups, the data is up to date and usable.


Plug-ins

WordPress sites can be particularly vulnerable to hackers and plug-ins play a large part in this, always make sure when using a plug-in that it comes from a trusted source, don't use abandoned plug-ins and keep them updated regularly.



Summary

The bottom line is, without proper security measures your website is at risk and the damage caused by a cyber-attack can be devastating. Minimise this risk by making sure you implement the best security measures possible.

Want more business?

Give SearchRise Marketing a call to discuss how we can help keep your business website safe and secure.