How to keep your website safe from hackers
For smaller business, cybersecurity is not always top on the list of concerns. We are used to hearing about hacks and data breaches happening to big corporations like Facebook and Google.
However, 43% of cyber attacks actually target small businesses. This means that regardless of your business size, you need to take security very seriously.
As a smaller business, you may not have your own in-house cyber security team to give you the low down on keeping your website safe from hackers. To help you along the way, we have put together the following article with some advice on how to keep your site safe.
Understand what hackers are looking for
Let’s start with a pop-psychology exercise; what is it hackers are looking for?
As a small business, you might think you are safe as you don’t have anything a hacker would want. Unfortunately, this is not the case. Generally speaking, hackers are after 1 of 3 things: gain access to data, gain access to hardware, or target SEO.
Let’s boil it down a bit;
Data: Most hackers are interested in seemingly mundane information like dates of birth, credit card numbers and passwords. “Why” you ask? Well, this information can be easily used to break into other places or sold on. This means that one successful hack can lead to many more.
Hardware: On the other hand, hackers might not be looking to break or steal anything. They could be trying to get access to your hardware, so your computers, servers or other devices. Anything with computing power can be used to mine cryptocurrency or run other programs. The more hardware a hacker gains access to, the more processing power they gain.
SEO: Hackers looking to help their own websites and damage yours might break into your site just to add links. Google examines links and uses them as a vote of confidence. A hacker could add a link to your website to help another site succeed. They could also add bad and damaging links to your site to hurt your search rankings.
How to keep yourself protected
Now that we have covered some of the risks posed to your website, now it is time to learn how to protect it.
The following simple steps will help to keep your website safe:
- Make sure that you are running the latest version of your website CMS
- Keep your website plugins up to date
A plugin is a piece of software that you install in your CMS to increase functionality. By running old or out-of-date plugins you make it easier for hackers to infiltrate your website.
- Carry out a penetration test
A Penetration Tester is a person who is paid to try and break into your website. They will tell you if there are any security weaknesses in your website and give you information on how to fix them.
- Fix any issues flagged up by the penetration tester
A penetration test will only flag up where your website is vulnerable. It is up to you to then fix these issues.
- Run regular penetration tests moving forward
Every day new security threats are discovered. If you run regular tests on an ongoing basis you will significantly reduce your risk.
- Always use strong passwords
This means using passwords of at least 15 characters with upper and lowercase letters as well as special characters.
- Use a password manager
If you struggle to remember several different passwords, rather than reusing the same password for several applications, use a password manager to store all of your different passwords.
- Think about hiring a cybersecurity specialist
While not possible for all small businesses, hiring a cybersecurity specialist (or putting one on a retainer) will significantly speed up your ability to deal with or recover from security threats.
- Back everything up as often as possible
If you are an unfortunate victim of a cyber attack, having a backup copy of your website means you can restore your information quickly.
By following these tips you will be able to protect your site from most threats. However, as we mentioned earlier, your website isn’t the only things that hackers might try to target. You also need to secure your hardware.
Servers are a particularly high-value target for hackers. With this, we have put together a list of general security measures to help keep your servers safe.
- Use an infrastructure tester
This is similar to a penetration tester, but for hardware.
- Keep your server software up to date
Software updates will often include security patches that fix holes. By skipping an update you are putting your server at risk from hackers.
- Have a firewall in place to restrict access
A well-protected server will only allow access to necessary services through a firewall.
- Again, always use strong passwords
Like for your website, use passwords of at least 15 characters with upper and lowercase letters as well as special characters.
- And again, use a password manager
As we said, If you struggle to remember several different passwords, use a password manager to store all of your different passwords.
- Back everything up as often as possible
Not meaning to sound like a broken record, but if you are an unfortunate victim of a cyber attack, having a backup copy of your website means you can restore your information quickly.
By putting these steps in place, you will be able to protect your hardware from the vast majority of attacks. If you are unlucky enough to be the victim of a cyber attack, it is important to remember that you should get in touch with a specialist web developer before you attempt to update a CMS or plugin. If the update is done incorrectly, then it can affect your site in unexpected ways.
If all this sounds a bit too much, we are here to help. We can build you a secure site, keep your existing sites up to date, and provide you with all the ongoing support and testing you need. Simply get in touch today to learn more or have a chat about your requirements.