This is the first part in a series of articles about security and how it affects your business. There is no doubt that fully handling website security requires technical skills. However, there are basic habits and practices you can follow to prevent the worst from happening.
Just when you thought it couldn’t get any worse, it does. While 2013 proved to be quite a year in terms of cyber-attacks (think Facebook, Twitter, and Target just to name a few), 2014 is ramping up to become one hell of a year when it comes to security threats. Cyber risk is the new normal and security management part of daily operations. However, small business owners do themselves no favors by ignoring this fact, and when it comes to cyber-attacks, size doesn’t matter. Symantec’s 2014 Internet Threat Report revealed that 30% of cyber-attacks last year targeted small companies and 69% of small businesses (IPSOS) don’t think data breaches will impact their reputation.
How does an attack looks like and how it can impact my website?
Security issues can manifest themselves differently depending on your website and the nature of the threat.
While it will be difficult to list them all down, these might be the most common ones:
Distributed denial-of-service or DDoS Attack
This is an attempt to make a machine or network resource unavailable to its intended users. It results in making your website or shop unavailable for as long as the attacks are in progress and this can last from few minutes to several days.
Brute Force Attack
It consists of systematically checking all possible keys or passwords until the correct one is found. The main goal is to guess your admin account and password in order to take control of your website. Once the full access has been gained, the result mostly depends on the intention of the hacker.
Malware or Malicious Software
Malwares are an hostile and intrusive software which is added or embedded into your website. It often appears in the form of an executable code or script. It can steal information, participate to large scale attack such as spam or DDoS attack or redirect your visitors to some unsolicited or illegal advertisements.
The reasons for being hacked are usually the same no matter what website you are running:
- Outdated software – It’s a bit of work but it must be done.
- Insecure themes and plugins – Don’t install everything just because it’s free or seems like a good idea.
- Poor credential management – Password123 is definitely not a password.
- Poor server or hosting administration – Cost cutting on your hosting comes with a price to pay later.
- Lack of technical knowledge from your IT team or supplier – Be careful who you trust with your website.
- Corner-cutting – The fastest and the cheapest way is not always the best.
Unfortunately, these are very common practices in small business, mostly due to the lack of knowledge, time or budget.
What is the impact on your business?
Having your website hacked can do a lot of damage to your image and to your brand. Even if everybody knows that the internet is a jungle full of scary creatures, your visitors will hardly forgive you for letting it happen.
Imagine for a moment that your website was defaced, and your users are redirected to Viagra advertisements or worse to a child porn site… What do you think will happen to your credibility and your image?
Most likely you will lose these visitors, prospects or existing clients forever and the income they generate for your company.
Nobody is fully safe but you’re not powerless
Every website is vulnerable to a certain extent. No matter how well it was developed, there will always be bugs and security holes. Knowing this, you should always keep in mind that securing your applications is important. While not bulletproof, there are some basic rules to observe to avoid becoming an obvious target:
- Choose you hosting carefully. Ask for information about the security measures in place (Firewall, Malware Scanning, Web Application Firewall, Server Configuration)
- Choose reputable and supported software. Obsolete software is an easy target and issues will most likely never be fixed.
- Keep your software up to date, use only the latest version. Updates are usually released monthly. These updates fix bugs and also take care of security issues.
- Put particular attention when it comes to themes and plugins. Always look for the most supported, rated and downloaded ones. Simply avoid free themes.
- Be very careful about logins and passwords. Use strong passwords, change them monthly and be attentive to who has access to your website.
Unfortunately, new security threats are reported every day. As soon as a threat is handled, a new one appears. Managing your security is a continuous process. You need to be careful in choosing who will design your website, selecting your hosting provider and deciding how you will handle your website daily. You were protected yesterday but if you don’t do anything you won’t be as safe tomorrow. Don’t cut-cost or cut-corners when it comes to the security of your website, it’s never a good investment.
Part 2: How to Manage your User Accounts