Your Guide To Website Security: 8 Ways To Protect Your Site
In 2017, cyber security is the most pressing issue for online businesses. Recent years have seen an average of 80 to 90 million hacking incidents across the web, costing sites billions in lost revenue and hitting them especially hard in the all-important consumer trust factor. Thankfully, as cyber attacks continue to rise so do our cyber security options. What used to be a relatively sparse market is now one of the most populated niches in online business—there’s a reason why cyber security stocks are so hot at the moment.
There are a few measures you should consider to keep your site safe from attacks and keep consumers confident in your brand. We will discuss these in a bit. First, and know we’re not here to scare you, but it’s important to recognize just how rampant cyber attacks are becoming for businesses of all sizes—not just for the Fortune 500 variety. Nearly 1 out of 2 small businesses are targeted by attackers, and most cases result in total bankruptcy. Here are some recent infiltrations of both large and small businesses.
Examples of Cyber Attacks in Big and Small Businesses
- Ashley Madison
The “dating” site for married individuals experienced one of the largest and most embarrassing security breaches in recent memory. In total, 37 million users had their personal information (email and physical addresses) revealed to the world.
It started as a blackmail scheme by a hacking organization called Impact Team, who formed for the sole purpose of bringing down the infidelity site. The hackers stolen personal information of members and told Ashley Madison’s parent company, Avid Life Media, that they would release it to the public if the website was not taken down. Avid Life Media didn’t comply and the hackers followed through on their promise.
- PATCO Construction
PATCO, a small construction and contracting firm out of Maine, was targeted back in 2009. Thieves attached a Trojan to one of the company’s systems, then proceeded to steal nearly $600,000 from PATCO’s checking account in only a week’s time. As this was still in the early days of cyber security, the incident came as a crushing blow to PATCO. Only $243,000 was reimbursed to PATCO by the bank, while the remaining $345,000 went practically ignored.
In response, PATCO sued People’s United Bank, the parent company of their bank, on the concept of “commercial reasonableness.” This would be a landmark decision for the future of small businesses with regards to internet security. The ruling in favor of PATCO stipulated that banks must be responsible for maintaining their clients safety by informing them whenever an irregular purchase is made.
Cases like these have forced cyber security technology to evolve in ways that better serve businesses and financial institutions.
How Cyber Security Has Evolved
Cyber security has continually improved thanks to a more awakened public. The demand for online safety measures has skyrocketed as clients and businesses recognize the imminent threats presented by hacking organizations, and the lengths people will go to steal personal information.
Many years ago, the only fear you’d have is catching some minor spyware or opening a phishing email. In most cases, it was easy to separate real from fake. Now, it’s not so simple. As cyber hacking continues to be a lucrative enterprise, the incentive for thieves to excel at their job will only increase. A 2015 Business Insider report found that an average hacker can earn about $3,000 each day from inserting pieces of ransomware onto a victim’s computer.
What Preventative Measures Can You Take?
Now that we’ve painted such a doom and gloom picture, let’s brighten things up for once. In 2017, there are many steps you can take to make your site less vulnerable to hacks. Some of these will take you just a few minutes to set up, but the result will be long lasting security for your customers and brand.
Ways To Protect Your Site From Attacks
- Backing Up Your Site
Regardless of where your website is hosted, backups should be fairly simple to perform. If you are using WordPress, their support section explains step-by-step how to do regular backups that can be completed in just a few minutes. There are also several WordPress enabled plugins that will perform automatic backups for you so that you’ll never forget, one of our favorites is BackupBuddy. Regardless of the automatic update you pursue, we advise that you manually backup your site as well.
A manual WordPress backup consists of backing up your database, and also backing up all associated files (images, audio, and video). Be sure to save multiple copies of these files on a secure hard drive. As for backing up the database, there are several ways to do this. WordPress recommends using phpMyAdmin on your server and proceeding to export all of your “wp” tables onto your drive.
WordPress also recommends keeping at least 3 backup copies at a given time.
Most web hosts provide intuitive control panels like cPanel or Plesk, making the job of organizing your site’s backups that much easier.
We’re not trying to bog you down with technical details here. Just remember to keep multiple copies of your site close by. This way if hackers attempt a takedown, you can restore everything immediately, preventing a loss in content and revenue.
- SSL Certificate
This step costs a few dollars per year, but it goes a long way towards making your site a virtual fortress. SSL stands for secure socket layers. This security certificate automatically encrypts information going in or out of your server, preventing hackers from accessing sensitive information.
If you operate an ecommerce site that stores consumer’s emails, passwords, and banking info, an SSL Certificate is definitely a necessity. It works by forming a set of letters and numbers that are only recognized by your website, like a password. When buying an SSL Certificate, it’s imperative that you have your site running on a dedicated IP address—not one that’s shared by other websites near your location.
The next step is the actual purchasing of the SSL Certificate. This can vary drastically in price so do plenty of homework upfront. Thankfully, most SSLs require just a one-time payment for that entire year, and some even have discounts for buying multiple years at a time.
There are certain factors worth considering when purchasing this encryption utility—many of which affect the total price. You’ll need to consider what level of assurance you want for your site; how long you’ll need it for; what level of support and assistance you want from the provider; what kind of warranty you need from your certificate. Also remember that a higher cost can be passed down to you, the consumer, in the form of additional fees—set-up, subscriptions, bundling, etc.
- Installing a Firewall
Chances are, your personal PC has a firewall installed. Shouldn’t your website have one too? To keep your site safe 24/7, you should install a web application firewall (WAF). These are available as either hardware products or software applications. To figure out the best options for your site, discuss this topic with an IT professional.
One of the most popular hardware devices is made by cyber security giant, Imperva, called the SecureSphere.
SecureSphere is able to identify and block attacks while consumers continue to access your site. No one will know that anything abnormal is occurring, and the threat will be neutralized pronto.
Out of the many software cyber security offerings, SiteLock SecureSite is one of the web’s most reputable solutions. It is simple to set up, taking less than 10 minutes for most of us, and will employ a number of stealth security measures against malicious visitors. SiteLock also includes a content optimization feature resulting in website acceleration, increasing the overall performance of your site and site speed is one of many SEO factors.
Even if your primary goal is simply to protect a blog, the software will detect any piece of spam and eradicate it from your content.
- WordPress Security Plugins
Sorry to bring up WordPress so many times, but since nearly 30% of websites run WordPress we’d be remiss not to mention at least one of its security plugins…
WordFence is one of the most popular security plugins on the WordPress platform, which must mean it’s pretty effective (and has a brilliant name). The plugin is free, but you can pay for WordFence Premium which gives you extra features like Country Blocking, Scheduled Scans, and Premium Support. In its standard version, you still receive many great features as well as an alleged 50x boost in site speed. Plus anytime there is an intrusion, WordFence will shoot you an email right away so you can react accordingly.
- Remove Auto-fill Options
Form auto-fills are great because it makes signing in faster and more convenient. However, some would argue it makes things way too convenient for hackers when computers are in public spaces. One of the easiest ways for someone to hack your site is by simply utilizing the log-in information from the previous user. This happens all the time in libraries, coffee shops, or internet cafes. In a matter of seconds, a consumer’s profile can be tampered with and your site becomes vulnerable. Yes, auto-fills are a nice feature, but not having them is also a nice feature for the improved safety of your site.
On the topic of access…
- Improve Access Control Measures
The most dangerous log-in to have stolen is that of your site’s admin. It contains the keys to your entire operation. Things like passwords, usernames, membernames, consumer information, and database files are all usually found under the admin’s account, making it a hot target for thieves. Short of removing it entirely—you can’t do that obviously—there are a few measures you can take to tighten its access.
Firstly, make the password really difficult to crack and change it on a regular basis. Next, change database prefixes away from something that sounds like a WordPress database prefix, “wp_.” Limit the amount of allowable log-in attempts within a given time period and be sure to NEVER have your log-in details sent to your “work” email account. It’s no secret that emails are easy prey for cyber threats.
- Hiding Admin Pages
Nobody needs to see your admin pages except for, well, the admins. There are multiple ways to hide them.
To hide them from other contributors on your site, download the WordPress plugin Adminize—it will keep unimportant items and information away from others, and increase your privacy.
There’s also the robots_txts file. When placed on admin pages, they prevent search engines from indexing them. It’s like a metaphorical STOP sign to Google’s eager little bots.
- Update, Update, Update
Keeping your site safe from hackers could be as simple as updating it on a constant basis. Make sure your security software or hardware devices are up-to-date, check if your web host has released updates on its end, and stay abreast of the latest plugins to make your site safer and better for you and your consumers.
Utilize patch updates containing bug fixes. Although bugs aren’t an imminent threat, you want your entire system running as optimally as possible. And of course, look for security updates for Microsoft as well as for WordPress, Drupal, or whichever CMS your site uses.
Be Proactive, Not Reactive
The worse thing you can do is sit back and allow thieves to infiltrate your website. Then you’ll be reacting to the massive losses in revenue, personal information leaks, and deterioration of your consumer trust. Instead, remain proactive. Even if you don’t implement all of these 8 methods, at least try your hand at a couple. Every layer of protection is better than none.
The doom and gloom nature of cyber threats can keep lesser prepared website owners up at night. Don’t let this be you. Take these simple steps toward peace of mind and long-term stability. There are plenty of obstacles confronting your site on a daily basis. Cyber thievery should not be one.