Security is an important ongoing task when you create a website, with or without an e-commerce store. Cyber attacks aren’t slowing down. But you don’t want your small business slowing down as a result to this.
And it doesn’t have to. There’s always news covering the consequences of businesses being hacked for personally identifiable information (PII) and personal health information (PHI). But there are more wide-reaching effects from such malicious acts.
This is why security is important for small business websites.
Protect your Data
Data is a broad term even within web hosting. It’s not just what you put on your website – products, researched facts, opinions, contact info, and copyrighted media. It’s server resources you paid for your website’s speed. It’s specifications and other info in Account Management Panel (AMP), cPanel, WebHost Manager (WHM), and WHMCS. It’s what allows disabled users to navigate your content easily.
It’s anything that your website or web application does overall. Anything injected into your website, even without your knowledge, can be assumed to be your work. Therefore, any misinformation and malicious activity upsets your visitors and hurts your reputation.
Securing your data is more than your username and password.
Things like:
- Securing code and links on your website from clickjacking
- Emails to and from your server and domain
- Status and insurance level of your free or paid SSL certificate
- Services dedicated to protecting your website
- What happens when someone types your domain in their browser – accurately or incorrectly (typosquatting / URL hijacking)
- Knowing symptoms to whether a website has been hacked
Proactive Measures
This is why there are so many security plugins for WordPress and other content management systems (CMS’s).
There are countless reputable tools and procedures to counter these issues:
- Mozilla’s Observatory security scanner.
- Our Email Authentication Guide and SMTP Authentication in email clients.
- Monarx Security for real-time monitoring and detection of server hacks.
- Web Application Firewall (WAF) to protect you against malicious attacks.
- Cloudflare content delivery network (CDN) for protection against denial of service (DoS) and other resource hogging attacks.
- Strong passwords to fight brute force password attacks.
- Haveibeenpwned.com to receive updates when organizations are breached.
Reactive Measures
Remember that everything above simply makes it harder for hackers. The possibility still exists as malicious hackers find new exploits and cybersecurity specialists try to catch up. Sometimes, the best option may be to restore from a recent backup.
There are key times when you should create a backup:
- Before a major website change – CMS upgrade, redesign, PHP version update, server update
- Between daily to monthly depending on how often you make changes to the website and/or database.
- When someone leaves the organization (along with changing administrator passwords)
- There’s issues while verifying the latest backup.
The best way(s) to create backups depends on your hosting plan and website.
- cPanel
- WebHost Manager (WHM) for Dedicated/VPS customers
- Website plugins – e.g. WordPress, Drupal, Grav
Protect Customer Info
The rise of hacking for personally identifiable information (PII) – e.g. contact and credit card info – and implementation of General Data Protection Regulation (GDPR) has highlighted the need for improved security for customer information.
Furthermore, it’s mandated more clear and direct communication about how what data is being used.
Online tools like BrowserSpy.dk reveal how Devices send plenty of data in plain text that help determine an user when combined with other data:
- Device information including type (computer or mobile), operating system, browser, and screen resolution
- Do Not Track (DNT) requests web apps not track users. Companies aren’t required by law or technology to grant the request and many admittedly do not.
- IP address tracking reveals location, access habits (time and date)
- Default and preferred languages for the device
Since the implementation of GDPR, many CMS developers have created plugins to assist with GDPR compliance. Meanwhile, many organizations have updated their privacy policy – ourselves included. This is good news since everyone is a consumer of someone else’s product or service in some way. For example, you likely registered a domain and web hosting.
Verification and Trust
Everything above helps prove you’re a legitimate brand that cares about your work and other’s time and life. But there’s still more wide-reaching ways to enhance your reputation beyond having social media accounts.
Claim your official page on social networks – Better Business Bereau, Facebook, Twitter, Yelp, YouTube, etc. Ensure contact information and hours of operation are correct for normal days and holidays. Respond promptly to feedback, especially complaints.
Post regularly on social media accounts using a social media management tool like Buffer.com.
Questions about anything above? Leave us a comment below.