infoTECH Feature

November 28, 2016

Is a Secure Website Possible in 2017?

If you read the news headlines and spend much time studying cybersecurity trends, then you know how volatile things are out in cyberspace. But just how dangerous is it? And will it be possible to secure your website in 2017?

The Rise in Cyberattacks

Just because your company hasn’t been compromised by a cyberattack in the past doesn’t mean our business world isn’t facing a massive crisis. And while large organizations have long been on the forefront of combating dangerous attacks, small businesses need to step up their game.

“It’s now small mom-and-pop businesses of all stripes – retail shops, leisure activity businesses, hotels, health clinics, even colleges are getting hammered by cyber criminals,” reports Elizabeth MacDonald of Fox Business. “And it’s pushing many entrepreneurs to the verge of bankruptcy.”

MacDonald cites a report in which Symantec (News - Alert) explains that 43 percent of cyberattacks worldwide were against small businesses in 2015. In total, the FBI reports that 7,000 U.S. companies of various sizes were victims of cyberhacks. Annual losses are nearing $1 billion for American companies alone.

“The cyber crooks steal small business information to do things like rob bank accounts via wire transfers; steal customers’ personal identity information; file for fraudulent tax refunds; commit health insurance or Medicare fraud; or even steal intellectual property,” MacDonald says. “The criminals can also hijack a small business’s website to cyberhack other small businesses.”

How Businesses Can Respond to Rising Threats

There are probably as many as 20 different ways a hacker can get into a website, which makes it extremely challenging for small businesses to cost-effectively defend against threats. And while it’s impossible to fully protect your website – after all, the IRS, State Department, and even the White House have suffered attacks in the past few years – there are some things you can do to make your website less of a target.

1. Stay Updated

Nothing creates greater risk for your website than operating an out of date CMS version. It’s so very important that you update your CMS platform and plugins as soon as new versions become available. New versions often exist to close loopholes that may have previously existed, and having an outdated version sends a warning signal to would-be hackers.

If you’re running an ecommerce website, it’s especially important that you remain cognizant of security when selecting a payment processor. The last thing you can afford to do is work with a payment processor that’s vulnerable to external threats.

2. Implement Smart Password Habits

While you may think that all website hackers have sophisticated technologies by which they tap into websites and gain access to data and information, this isn’t always the case. Many hackers find their way in just like the rest of us – via a simple user ID and password.

When it comes to logging into your website, it’s important that you practice smart password habits. Poor password integrity can lead to unnecessary exposure and risk. Here are a few tips that should become habitual:

  • Passwords need to be random. Using your dog’s name followed by the year you were born isn’t good enough. A random string of characters is much better. Think you’ll have trouble remembering the string? Make it an acronym. (For example, TPIAASTHCSI = this password is an acronym so that hackers can’t steal it.)
  • Passwords also need to be long. Three or four characters isn’t very secure. Aim for 10, 12, or 15 characters if possible.
  • Here’s a very important piece of advice: Don’t reuse passwords. If a hacker gains access to your website admin password, you don’t want them to also have access to your business tools, email, bank account, etc.

Just following these three rules will greatly diminish your chances of being hacked via the traditional admin login avenue.

3. Be Cautious With Extensions and Plugins

Plugins and extensions for your website are great. They allow many businesses to cost-effectively add functionality to their sites without investing in full-service software. However, you shouldn’t assume that just because a plugin is available that it’s worth being used.

With each extension or plugin you add, you’re creating a new portal to your website. If you don’t absolutely need the extension, don’t download it. And, by all means, if you stop using a plugin, delete it.

4. Hide Admin Pages

There’s no need to have your admin pages indexed by search engines. You should be using robots_txt files to dissuade search engines from listing them. This makes it harder for hackers to access them and tap into your website. This guide from SEOBook will give you more information on how to use robots_txt files.

5. Conduct Backups

While you would prefer to never be attacked or compromised, it happens. The last thing you want is for a hack to leave you in shambles. This is why experts suggest conducting regular backups.

A backup won’t prevent an attack, but it will make recovering your data and files easier on your end. For a few dollars a month, you should be able to conduct daily backups to put your mind at ease.

The Danger of Remaining Idle

Website security isn’t something that’s fun to deal with. It’s like paying for life insurance. You could think of thousands of better ways to spend the money – and chances are the policy will never be used – but when you need it, you really need it. Sit idle and you may end up as part of the statistic. Hackers are becoming more sophisticated – your website should do the same.

The good news is that it’s actually fairly simple to tie up some loose ends and patch up obvious holes. Implement some of the tips referenced in this article and you’ll be one step ahead of the game.  

Edited by Alicia Young

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers