We can all agree that no one wants their website hacked. Obviously, when you create your website, you won’t be thinking to yourself, “What can I do to make my website even easier to hack?” However, these days, with our lack of precautionary steps when creating and maintaining our websites, we might as well be thinking that outrageous question to ourselves.
According to Symantec, in 2014, roughly three out of five websites that were hacked belong to small and medium sized businesses, and the average cost of data breaches to small businesses totaled US$36 000. Now, that’s not an amount that people should just overlook. Small businesses can’t afford to have employees dedicated to preventing cyberattacks, so they are often targeted by hackers. And to make things worse, a newer phenomenon called “ransomware”, malware that encrypts files on your computer, then demands a ransom to unlock them is growing in popularity in the hacking community. With this increasingly aggressive cyber environment, what can you do to protect your website?
No ad to show here.
What do the tech experts think?
Tech experts for years have been telling business owners to take precautions to prevent cyberattacks, but unfortunately, the response from business owners has not been strong. However, now is the time to take control of your website and protect yourself from losing your valuable personal and financial assets. Here are some top tips from industry leaders on how to prevent future hacks on your website.
1. Train your employees to against cyberattacks
Sometimes, your employees just do not know that it is not good cyber hygiene to send sensitive customer data via e-mail. Clearly distinguish and teach your employees on what information should be sent via email and what should not. If they need to send that information via e-mail, then make sure that you have a strong data encryption service in your e-mail system.
According to Jayne Friedland Holland, Chief Security Officer and associate general counsel at technology firm NIC Inc., it is also a good idea to educate your employees about any laws that pertain to protecting customer data, as they have a legal obligation to protect sensitive customer personal information.
2. Never store customer data
News regarding customer data breaches to major corporations, such as Home Depot, Target, T-Mobile, and most recently, the Dow Jones, are common place. Unfortunately, all of these situations could have been prevented if these companies followed industry compliance and did not store customer related private information. According to Forbes, all e-retailers are held to PCI-DSS standards, but honestly, there is no reason why companies themselves should store customers’ account numbers, credit card numbers, or expiration dates for long periods of time.
In simpler terms, if you have nothing to steal, you won’t be robbed.
3. Create more complicated passwords for yourself and customers
This sounds like web security basics, but it needs to be said. Both employees and customers struggle to create complex passwords and consistently commit to changing them at least every 90 days. According to SecurityScorecard CEO, Aleksander Yampolskiy, “A big portion of the breaches out there is because of weak passwords.” Companies need to be cognizant and place an emphasis on the importance of avoid simple data breaches due to easy to guess passwords.
One best practice is installing a program on employees’ computers that force them to change their passwords every 90 days with character requirements. Another great method could be to send recurring reminder e-mails and/or website notifications to customers to request that they change their passwords based on character type and minimum requirements.
4. Make sure you have a website application firewall (WAF) to prevent web attacks
If you own an eCommerce site, you may be hosting your storefront with a major retailer (i.e: Etsy, Amazon, etc.) that already provides sufficient protection. However, if you are hosting your own website, you may be defenseless against a cyberattack. If you are relying on your content management system (CMS) or web hosting service for basic protection, it may not be enough. Even the biggest CMS services, such as WordPress, are susceptible to thousands of hackings every day. Depending on your site’s needs, you need to take action on protecting yourself against cyberattacks before it’s too late. This is where WAFs can help!
WAFs work to act as a filter between a user and a web server. Essentially, these services are your shield from the outside world. Just as you wouldn’t let any random stranger into the privacy of your home, you wouldn’t want suspicious intruders to gain access to your online information.
These days, most WAF services are cloud-based services. Brad Causey, CEO of the tech consulting firm, Zero Day Consulting, shares that any organisation with technology exposed to the Internet can benefit from having a WAF. These services work by analyzing and filtering harmful web traffic that could potentially lead to malicious attacks or intrusions. This way, your website is kept safe from attacks such as malware and Distributed Denial of Service (DDoS), which can flood your website with bad traffic to, ultimately, shut it down. If your website isn’t functioning properly for long stretches of time, it can be bad for business and could potentially lose long term customers.
By using a WAF, you can stop hackers before they can access your website. There are even WAF systems that you can use for free up to a certain level of monthly data traffic. Search for a WAF that best fits your website’s needs and commit to moving all of your domains under WAF protection.