Importance of Website Security

Are you concerned about the threat of hacking or other malicious attacks on your company’s website?

You have good reason to be. A recent national survey of 500 SMEs in Ireland by Big Red Cloud showed that 40% of them had experienced some form of cyber-attack leading to theft and loss of data, according to Irish Tech News.  The toll these attacks take is more than the immediate loss.  They erode trust in your brand and confidence in using your site.

The answer is to have regular security checks for your website.  Upgrading your virus protection annually is not enough.  You need to have checks done more frequently not only for your peace of mind and your site visitor’s confidence.  You need to stay on top of cyber security with regular checks for three key reasons:

1. Hackers and other online bad guys work constantly to get around current security measures. This is a battle where time isn’t called out.
2. Likewise, the good guys are working hard to protect customers and constantly developing better and stronger website defences. It pays to have the latest technology protecting you.
3. Technology and the ways we use it are also evolving. A few years ago, live streaming an event or enjoying a multi-player game online on your android device in a pub wasn’t really a big thing.  As our internet habits and equipment change, hackers can find new vulnerabilities.

What Dangers Exist for Your Website?

What are the dangers out there?  More than 40% of those SMEs reporting that they had been the victim of a cyber-attack said their system had been infected by a virus, and about 30% reported phishing schemes.  Ransomware attacks, where the hacker demands payment to unlock or fix, were reported by 18% of those surveyed.

Simple Steps to Securing Your Website

Two types of thieves pose a threat: those who want to steal from you and those who want to steal from your customers.  You need to secure your site against both, and your customers need to know that it is.  You can take some solid steps to secure your site. Don’t store any unnecessary information. Obviously, you want to gather information about your customers to guide your marketing strategy. But you don’t want this information to be connected to any financial details.  Really consider what you need for marketing purposes, and what you don’t need.  (Hint – you need demographic information, not personal details.)

1. Update & Patch – Your site needs maintenance beyond keeping your content fresh. You need to keep your core code and content management system up to date too. They should be checked and debugged monthly.  You should review all of your operating systems and applications and patch them as needed on a monthly basis to stay a step ahead of trouble.
2. Back up – You should back up your whole site at least weekly, and if you are adding a lot of content daily you might need to do it more often. But the critical thing is to keep your backup safe.  If something goes wrong, you need to have your backup out of harm’s way.  It should be off-site.
3. Monitor – You probably look at your site every day, but do you look behind the scenes beyond your analytics? Keep an eye on performance levels as well as your bandwidth and disc space to make sure it isn’t at risk of shutting down from overuse or abuse.  This way, you can take action before disaster strikes.
4. Choose secure payment options. If people can pay via sites such as PayPal or Skrill, that offers a measure of security.  Your own processing should have a PCI compliance.   The big names in finance (Visa Inc., MasterCard, American Express and others) set up the Payment Card Industry Security Standards Council to develop standards to ensure the safety of online payments and to certify those who meet them.
5. Encrypt everything. Encryption is the best defence against cyber thieves.  If you are handling online transactions, you should be using HTTPS, not HTTP.  HTTPS encrypts the data sent over the internet.  Not every page of your site needs HTTPS, but any with forms to complete absolutely do.  SSL certification is another tool to encrypt sensitive information being sent, and it is required for PCI compliance.

When your visitors arrive at your website, what do you do to reassure them they are safe?

Do you reassure them or do you expect that they will trust that you’ve ensured their safety?  Many people still harbour some concerns about shopping online.  They might be willing to order their groceries from the big-name store or do some Christmas shopping for loved ones far away with a global brand, but smaller online retailers don’t always benefit from that same trust.  It doesn’t always transfer, and in fact, the assumption that big names are a safer online shopping option can hurt smaller companies.

Improve UX with Reassurance

The most obvious thing to do is to straight up tell your visitors a bit about how you keep their data safe.  You don’t have to get technical or give away any secrets.  Just point out that you have an HTTPS url if you do.  Tell them that you won’t sell or trade their data if you won’t.  Point out the security features that you might think are obvious and self-explanatory on your site.  Create a page listing your security features and include some warnings clarifying what you won’t do (such as asking for PIN codes or bank details).

You can do a few things other to demonstrate to your online browsers that you are a safe e-tailer.  Give them a way to contact you offline such as a phone number or a street address.  Post your returns policy.  Refer to your presence on various social media platforms.  If you have customers chatting with you on your Facebook posts or re-Tweeting you with comments about how happy they are with you, that gives visitors far more reassurance than a review on your site from someone identified only by their first name.  Ask your customers questions on social media, and the interaction will show that you are for real.

Find out more about UX

Five Chilling Real-Life Cyber Hacks

• A group of hackers has hit Facebook CEO Mark Zuckerberg three times in 2016. They discovered his password and altered his bio on his Pinterest and Twitter accounts.  They hit his Pinterest account again earlier this month.  We can take two lessons from this.  First, it is well worth your while to take the time to devise a strong password with upper and lower case letters as well as numerals.  Second, check your social media profiles frequently.

• Hackers altered the Canadian military’s main recruiting landing page and sent visitors to a page of information about Chinese government officials.  This hack is currently under investigation.  It is the type of hack that should worry businesses.  It’s like someone changing the signs on your shopfront or locking your entrance door.  It would cost a fortune in lost business.

• The biggest hack of Penthouse-owned site AdultFriendFinder. More than 400 million users were affected, including some with deleted accounts.  That’s a lot of people living in fear of having their information exposed.  What happened?  Careless password choices, according to Forbes magazine.  More than half of the accounts hacked had a sequential series of numbers such as ‘12345’ as passwords. Also, ‘password’ makes a very, very poor password.  If your site asks users to set up an account, remind them to choose their passwords carefully for their own protection.

• A group of Pakistani hackers left their logo on more than 7,000 Indian websites. Many are belittling the hackers because they didn’t use a very sophisticated method, but that makes no difference.  You aren’t likely to care how clever the attackers are if your company is losing money.

The tools and tactics to secure your website are constantly evolving to stay ahead of cyber thieves.  Reading this list, it’s tempting to view it as a checklist of once-off steps to take, but it is not.  Your site needs ongoing security monitoring and upgrading because new ways to hack into your site and rob your and your customers’ data are emerging all the time.

We can protect your website!