UNBXD Host: 6 Website Security Steps to Protect your SME from Hackers
Your business is innovative. You manage risk well. You are successful. But is that enough? Unfortunately, in many cases it is not. Almost all businesses are vulnerable to cyber attacks unless they actively protect themselves.
For your business to succeed, you must protect your most valuable assets (your data) and your customers need to trust that you’ll protect them from viruses, hackers and identity theft. Here are our 6 top tips on how to keep your website secure.
How bad is it?
We often hear it in the news - British Airways, NHS and Netflix all recently suffered major security breaches - but it’s often the smaller companies that get targeted the most as they are the most vulnerable and least secure.
Experts say that 60% of SMEs that encounter a cyber attack close within 6 months, 55% of companies within the UK experienced a cyber attack last year and on average it costs them £14k to repair damages. Imagine if this happened to your business. Would you be able to recover?
Why would someone want to hack me?
You may be thinking that as a small business, unlike Netflix or Facebook, you may not be a good target for hackers. Think again. Your cyber attacker hasn’t chosen you specifically, they haven’t even looked at your website. In fact with any company that is not a large, well-known brand, attacks are usually automated and do not distinguish between the size or type of companies.
Hackers and cyber criminals are very creative: they can create hundreds of ways to attack your business online but they tend to want three key things from your website:
To redirect your website traffic to their money making website - these pages can even include your logo and branding to trick your visitors into thinking it is your site.
To distribute malware through pop ups and downloads. Those pop-ups that remind visitors to update their Flash Player or any downloadables you have on your website can be contaminated.
To get access to your data - one of your most important but vulnerable assets.
How do I protect my website?
STEP 1 - install an SSL certificate
When someone visits a website without an SSL certificate a warning message appears on their browser. The connection is not secure. They cannot trust the website. While an SSL certificate will not prevent hackers from accessing your site, it will protect your data by creating an encrypted link between a web server and a browser, ensuring all data remains private and secure. It protects both you and your customers from unnecessary risks. Due to the GDPR regulations, you could be held liable and charged a hefty fine if customer data is stolen from your website and customers are more likely to abandon a web page if it is insecure. With this in mind, a web hosting provider, such as UNBXD Host, should install an SSL certificate on your website as part of their package.
STEP 2 - back up your website
Make sure you back-up your website regularly for that extra piece of mind and to recover quickly in case of an attack. Unexpected downtime caused by hacks and other security threats can be avoided - website security packages not only scans your website for malicious activity and alters when it spots something suspicious, it also provides an automatic back-up that will store a secure version of your website when it’s needed. Essentially it’s your website’s safety net! Check out our website security packages at UNBXD Host.
STEP 3 - use strong passwords and change them regularly
A simple password, that is used across your accounts, is an open door to hackers. By creating difficult passwords with capital letters, numbers and symbols without personal significance to you can prevent hackers accessing your website admin account. Similarly, small companies should learn from larger businesses, who create protocol into their systems that require employees to change their password on a regular basis.
STEP 4 - limit log in attempts
Take inspiration from banks. Hackers are determined and can run automated attacks on your login pages. By limiting login attempts you can protect your website from several attempts and lock the account for a set time until you can access it. Some web platforms also add human verification to unlock the account, which is too complicated for hacker scripts to solve.
STEP 5 - limit user access
Identify privileged accounts for those who need access to sensitive data and terminate access that is no longer in use. By having too many accounts with unnecessary access to valuable and sensitive information can not only open the door to hackers but also to internal attacks. Disgruntled employees can cause a lot of damage - some have even suggested that the infamous Sony attack in 2014 was an insider job.
STEP 6 - educate your team and raise awareness
To best way to prevent is to educate. By raising awareness amongst employees on areas such as phishing emails and malware can protect your data. A phishing email appears to come from someone that the recipient knows and trusts, such as a manager or director and can contain a link which then opens your computer up to further attack (such as downloading a virus). Show them examples of these emails and inform them what to look out for. Keep an eye out for wrong email addresses, asking for personal information, spelling mistakes and threats. If your team know you will never email them asking for money - they have more chance of being protected.
If you would like to find out more about our UNBXD Host services or would like to discuss web design/development, contact a member of our team today.