19 Dec / Website security in 2019: A critical New Year’s resolution
Website attacks are a threat for all business sizes, not just large corporations. Studies have shown that 43% of cyber attacks are aimed at small businesses! With startling statistics like this, we’d like to remind you to make website security a top priority in the coming year. To help your company better understand what happens during an attack and the risks to your brand, we’re going to answer a few of the common questions about website security, and specifically website attacks, as well as offering tips to help your company prevent such threats.
What happens if your website is attacked?
There are several different types of website attacks that can take place on a website, but as a result of any attack, there are risks to your company. Some of the greatest threats include:
- Obtainment of sensitive or private information from your company or your customers
- The attacker taking control of the website
- Denial of Service (DoS) whereby the attacker makes the network or machine unavailable to an authorized user either temporarily or indefinitely
- Injection of malicious code causing defacement of your website, which can disrupt functionality and/or display offensive images and messaging
- A decrease in user and customer trust
Why do cyber criminals attack websites?
Often there’s a hope for a financial gain when a cyber attack happens. An attacker may threaten the theft and sale of intellectual property or sensitive information unless a payout is made. In other cases, the attacker may be looking to gain publicity through the act of attacking a large corporation’s website. Attacks on smaller sites are often used as “practice” for hackers. In any case, website attacks threaten the security and sense of safety not just within your company but for your customers as well.
How to protect your company against website attacks
No matter the size of the business, or the information obtained, a website attack can wreak havoc. Thankfully, there are ways to help protect your website from cyber criminals and prevent an attack from occurring. Here are a few security tips recommended by Homeland Security and the United States Computer Emergency Readiness Team (US-CERT):
- Make sure you have implemented an SSL certificate on your website to keep visitors’ data protected.
- Help prevent attacks by deploying a firewall on your website.
- Keep your website platform and any plugins updated regularly as each update typically includes added security protection.
- Be sure that anyone with logins and access to your website and server has the least amount of privilege necessary.
- Whenever possible, use a multi-factor authentication so that people with login credentials are required to go through a security process before accessing the information or site.
- Make sure that logins to the website and server have strong usernames and passwords; you want to avoid the use of default login credentials or passwords that are too easy to guess. It’s also wise to routinely update passwords.
- When a user account is no longer needed, it’s best to delete that account right away.
- Check that any data (especially sensitive data) that does not need to be on your web server gets removed.
- Perform routine backups of your website and files so that in the event of an attack in which the cyber criminal may take over access to your site, you will be able to restore the website once the threat has been resolved.
Is your company ready to batten down the hatches and increase your website security in 2019? As cyber attacks continue to rise, it’s critical to keep your company protected! As always, be sure to reach out to our web development team for help establishing a more secure site in the New Year.