Security is an important ongoing task when you create a website, with or without an e-commerce store. Cyber attacks aren’t slowing down. But you don’t want your small business slowing down as a result to this.
And it doesn’t have to. There’s always news covering the consequences of businesses being hacked for personally identifiable information (PII) and personal health information (PHI). But there are more wide-reaching effects from such malicious acts.
This is why security is important for small business websites.
Protect your Data
Data is a broad term even within web hosting. It’s not just what you put on your website – products, researched facts, opinions, contact info, and copyrighted media. It’s server resources you paid for your website’s speed. It’s specifications and other info in Account Management Panel (AMP), cPanel, WebHost Manager (WHM), and WHMCS. It’s what allows disabled users to navigate your content easily.
It’s anything that your website or web application does overall. Anything injected into your website, even without your knowledge, can be assumed to be your work. Therefore, any misinformation and malicious activity upsets your visitors and hurts your reputation.
Securing your data is more than your username and password.
- Securing code and links on your website from clickjacking
- Emails to and from your server and domain
- Status and insurance level of your free or paid SSL certificate
- Services dedicated to protecting your website
- What happens when someone types your domain in their browser – accurately or incorrectly (typosquatting / URL hijacking)
- Knowing symptoms to whether a website has been hacked
This is why there are so many security plugins for WordPress and other content management systems (CMS’s).
There are countless reputable tools and procedures to counter these issues:
- Mozilla’s Observatory security scanner
- Our Email Authentication Guide and SMTP Authentication in email clients.
- Sucuri web application firewall (WAF) for improved security against malicious attacks
- Cloudflare content delivery network (CDN) for protectiong against denial of service (DoS) and other resource hogging attacks
- Strong passwords to fight brute force password attacks
- Haveibeenpwned.com to receive updates when organizations are breached
Remember that everything above simply makes it harder for hackers. The possibility still exists as malicious hackers find new exploits and cybersecurity specialists try to catch up. Sometimes, the best option may be to restore from a recent backup.
There are key times when you should create a backup:
- Before a major website change – CMS upgrade, redesign, PHP version update, server update
- Between daily to monthly depending on how often you make changes to the website and/or database.
- When someone leaves the organization (along with changing administrator passwords)
- There’s issues while verifying the latest backup
The best way(s) to create backups depends on your hosting plan and website.
- WebHost Manager (WHM) for Dedicated/VPS customers
- Website plugins – e.g. WordPress, Drupal, Grav
Protect Customer Info
The rise of hacking for personally identifiable information (PII) – e.g. contact and credit card info – and implementation of General Data Protection Regulation (GDPR) has highlighted the need for improved security for customer information.
Furthermore, it’s mandated more clear and direct communication about how what data is being used.
Online tools like BrowserSpy.dk reveal how Devices send plenty of data in plain text that help determine an user when combined with other data:
- Device information including type (computer or mobile), operating system, browser, and screen resolution
- Do Not Track requests web apps not track users. Companies aren’t required by law or technology to grant the request and many admittedly do not.
- IP address tracking reveals location, access habits (time and date)
- Default and preferred languages for the device
Verification and Trust
Everything above helps prove you’re a legitimate brand that cares about your work and other’s time and life. But there’s still more wide-reaching ways to enhance your reputation beyond having social media accounts.
Claim your official page on social networks – Better Business Bereau, Facebook, Twitter, Yelp, YouTube, etc. Ensure contact information and hours of operation are correct for normal days and holidays. Respond promptly to feedback, especially complaints.
Post regularly on social media accounts using a social media management tool like Buffer.com.
Questions about anything above? Leave us a comment below.