October 22, 2015
We have all heard in the headlines about major companies like Chase, Target, and Home Depot having data breaches with Ashley Madison being one of the latest high-profile victims.
The threat to small businesses on experiencing attacks by hackers is very real and not something to ignore. In fact, according to a 2013 survey by the National Small Business Association over 44 percent of small businesses have had their systems hacked.
The Dangers of Not Protecting your Systems
It’s easy for a small business owner and entrepreneurs to say “Oh, it won’t happen to me.” Or because they are too busy with the day-to-day operations of the business not to make website security a top priority.
But the dangers of doing nothing are alarming. Hackers can:
- Break into your database and steal customer information.
- Deface your website and put inappropriate pictures or text on it.
- Submit malicious code through forms to deliver viruses and other harmful code to visitors who enter your site.
- Log into your email server to send spam through your server.
As a business owner, it’s important to understand these dangers and know what needs to be in place to minimize your risk of being compromised.
How To Protect You And Your Website from Hackers
1. Keep your Website Platforms and Scripts Updated. If you use a CMS (Content Management System) such as WordPress, Drupal, or Joomla etc., it’s important to install updates as they become available.
The makers of these platforms often find and fix security holes that will leave your website vulnerable to attack.
WordPress is especially vulnerable due to the extent of its popularity.
Same applies for shopping cart systems or plugins and scripts that facilitate extra functionality on your site.
2. Be Careful with User Uploads. While allowing users to upload an avatar, picture, or other file to a website or form can add interactivity, it also allows a way for malicious scripts to be uploaded to your server.
Ensure security measures are in place that check submitted items from users to see if they are safe before uploading them to your website server.
3. Protect Your Web Forms. It is possible for hackers to fill out a contact form and place malicious code into the name or e-mail fields.
Having a tech person review your website can protect you from leaving this opportunity open to hackers.
4. Set Up Strong Passwords. While many people are learning the importance of strong passwords, some still leave their usernames at ‘admin’ or set simple passwords like ‘password123’ or use the same password for every online account they have.
Passwords like first names, pet names, and simple words are easy to guess. There are algorithms hackers can use to easily figure out your user ID and/or password when either are very simple.
Adding numbers, symbols, and capital letters to a password makes it harder to expose. Plus, many password management programs can help you generate a random hard-to-guess password.
This may seem inconvenient to have to memorize a more complex password but doing this to avoid being hacked is very much worth the effort.
5. Lock Down Your Directory and File Permissions. It’s important to have someone with technical expertise review your hosting server directories to make sure the read, write, and execute permissions are set in a way that allows for maximum security.
Look at folders, directories and individual files to review their settings to ensure your website is as secure as possible from harmful attacks.
6. Set Up A Generic Website Error Page. If you have a portion of your website where users need to log in with a username and password, be careful what information you share on the error page.
For instance if someone is trying to log in and gives the wrong username, it’s better to have a generic error message that says “wrong username and password combination.” This way, you’re not providing would-be hackers any clues to guessing the login credentials.
Having the ability to lock a user from trying to log in after too many failed attempts can protect your website as well.
7. Use A SSL Certificate. If your website has a shopping cart system, a membership component, or collects sensitive personal data via online forms, it’s always wise to get a SSL certificate installed.
A SSL (Secure Sockets Layer) certificate will protect the data that is being submitted into your website by encrypting it as it travels from the Web browser to your Web server, making it much harder for hackers to intercept and malign.
Not only does an SSL protect your data but it also invokes a sense of security for your customers when they go to purchase. You will probably lose sales if you don’t have an SSL installed.
Additionally, Google gives a small SEO ranking benefit to websites with SSLs installed.
Make a Point to Review Your Website Security Today
If you feel uncomfortable doing a security review yourself, hire a “techie” to do it for you. When you are hiring a Web developer, make sure that he or she is aware of security issues and is taking a proactive approach to protecting you.
Has your website ever been hacked?
As the founder, Susan Friesen brings a unique advantage to eVision Media clients by having earned a Bachelor in Business Administration degree with a concentration in Computer Information Systems through the Thompson River's University. Her experience in the Web development industry since 1999 has gained her much insight and knowledge in how to effectively brand a business and then translate that to a user-friendly, search-engine friendly, custom designed website. She is a graduate of the Vancouver Film School multi-media program and also earned several certificates in technology through the University of Victoria and Athabasca University. She won the 2003-2004 Governor General's Bronze Academic Award for achieving the highest academic standing in a diploma-level post secondary program. http://evisionmedia.ca