Cyber Security Awareness Month: How to Keep Your Website Secure

Is your website secure? October is Cyber Security Awareness Month, so it’s a good time to reflect on your site and think about possible vulnerabilities.

Unfortunately, there are a lot of threats to websites online, and they can have a huge impact on businesses.

Luckily, we know a thing or two about website security, so we’re going to go through some of the things you can do to keep your business’ site safe from attacks.

The scale and impact of cyberattacks

The government’s Cyber Security Breaches Survey 2021 found that a whopping 39% of businesses have experienced attacks in the past year.

21% of these experienced financial or data loss as a result of the breach, and one-third reported other forms of negative impact.

The survey reflects the damage website attacks can have on businesses; not only can money and information be lost, but reputation can be damaged and time can be wasted restoring the site after the breach.

If your site takes card payments, you could even be liable for a fine for PCI compliance violations if card processing companies find that you are the origin of a hack.

Who is at risk?

Small businesses are particularly at risk, with Verizon’s latest report finding that 46% of confirmed data breaches occurred in small organisations.

This could be because small business owners assume they would not be targets so do not put cyber security measures in place.

The reality is that all websites are targets, particularly those that are perceived as vulnerable.

Despite the many threats, 40% of small businesses admitted that they rarely check their website’s security. Don’t be part of this 40%!

Create a strong password

This may seem obvious, but you wouldn’t believe how many people use ‘password’ as their password!

This list of the top 10 most common passwords shows how lax people can be on password security, with the most popular passwords including: ‘123456’, ‘qwerty’, and (we weren’t joking!) ‘password’ itself.

Try to use a password with more than six characters, a mix of upper and lowercase letters, numbers and special symbols (such as ! or @).

Avoid using personal information such as your date of birth or hometown.

It’s a good idea to use a passphrase of several unrelated words, as these can be much more secure than one-word passwords.

They’re also easier to remember than a long string of random characters (though this is also a relatively secure option).

Change passwords regularly

Most people fail to change their passwords regularly.

Though it can be an inconvenience – and can feel unnecessary if you have a strong password and don’t think you’ve been hacked – it’s always best to be on the safe side.

It is possible for your password to be compromised without you knowing, so take preventative action and aim to change your password a few times a year.

Don’t reuse passwords

Avoid using the same password on different platforms.

If you use the same password for your website as you do for your Facebook account, a hacker only needs to crack one to gain access to the other!

If remembering different passwords for all of your accounts seems difficult, try using a password manager such as LastPass.

Password managers can not only store and automatically fill in all of your passwords across different sites and platforms but can also generate secure passwords for you.

Two-factor authentication

You’re likely already familiar with two-factor authentication, as many websites have put it in place over the past several years.

It has become so common for a good reason – it gives you an extra layer of security in addition to your password.

Typically, this involves requiring the user to verify themselves on their mobile phone after entering their password.

It is relatively easy to put into place – there are numerous authenticator apps that can help you to implement this feature on your website.

Keep your website up to date

Keeping your website up to date is crucial for security.

If you use a Content Management System (CMS) such as WordPress, you need to keep on top of the frequent core updates the platform releases, as well as updates to any plugins you may have installed.

Some businesses can be reluctant to install updates, as they worry it will break their site. This way of thinking, unfortunately, opens your website up to hackers, as they will exploit the vulnerabilities of outdated sites.

Updates are typically rolled out to fix bugs, glitches and security flaws, so it only makes sense to take advantage of them.

In fact, it is pretty essential, as security vulnerabilities found by developers will be disclosed publicly after an update is rolled out, so those running old software will quickly become targets for attacks.

If you’re using WordPress, you can check if you’re up to date by simply logging into your dashboard.

You should see an ‘Updates’ tab in the top left corner that will notify you of updates when they are released.

Install an SSL certificate

Installing a Secure Sockets Layer (SSL) certificate for your website adds another layer of security.

SSL is particularly important if you run an e-commerce site and are being trusted with credit card information but is also advisable for any website.

SSL certificates encrypt data that is sent through your site, making it safer for both you and your users. You can tell if a site has an SSL certificate by the padlock icon next to the URL in the address bar.

Google often flags sites without an SSL certificate as unsafe and may give users a warning about their data being at risk when they visit the site.

This is of course off-putting for users, so an SSL certificate is a good idea for both security and user experience.

Google also gives preference to sites with the certificate in its search engine rankings, so an SSL certificate is great for SEO too!

There are free and paid options for installing an SSL certificate. Let’s Encrypt is a free service that will issue an SSL certificate.

Enable HTTPS

An SSL certificate allows you to qualify for HTTPS.

HTTPS is essentially HTTP with encryption (the S stands for secure) and can be enabled by installing your SSL certificate in the ‘Certificates’ section of your website.

Your SSL certificate and HTTPS encryption will expire, so make sure to renew them every year.

Create frequent backups

It’s best practice to back up your site frequently.

This means that if you were to experience an attack that caused your site to go down, you could quickly get everything back online so you don’t lose out on business.

Daily backups are best, and backups should be carried out before you apply updates or make any other changes to your website.

If you use WordPress, there are lots of backup plugins available that can schedule automatic backups for you.

Summary

With so many threats to cyber security out there, keeping your website safe is more important than ever.

A hack can be hugely damaging to any business, so it’s best to focus on prevention rather than cure.

Just putting a few of our suggestions into place could go a long way to protect your website, customers and business.

And remember, though Cyber Security Awareness Month may be limited to October, website security is a 24/7, year-round task!

At Link Digital we provide website maintenance plans that include installation of the latest software updates and security patches, daily backups, malware scanning, uptime monitoring and WordPress recovery service – giving you complete peace of mind. To find out more, contact us for a free consultation and we’ll see how we can help.