As a website owner, do you often wonder if you will ever be hacked? What can you do to prevent hackers? You don’t want to wake up one day and see all of your work altered or entirely wiped out by some crazy hacker?
Data breaches and hacks are in the news a lot, but they don’t bother smaller sites, right? Why would someone come after my small business website? Hacks can happen to any size site, for various reasons. Some reports found that small businesses were the victims of data breaches about 43% of the time.
Let’s look at how to keep your information safe online and protect it from hackers. Keeping your website up and running is key to your success on the Internet. Knowing some risk factors and having as much protection as possible built into your website will help prevent your site from going down or being hacked. Maybe your information isn’t something you think is worth stealing or being hacked, but websites are compromised often not to steal data, but to gain access to a server. Once hackers have access to your server they can place scripts to gather information from your visitors, spread viruses or pirate your email account. Any of these can cause your web host to take your site down or have Google place an unsafe warning with your site. Neither of which is good for business!
Here are four helpful tips for keeping your website safe from hackers.
1. File Uploads
Allowing users to upload images, files, videos and such is great from a user perspective! It’s interactive and helpful, but it can also cause your server to be open to hackers. If your server is open to uploads, hackers can gain access to uploading scripts which may spread a virus using your account or your website. Yes, your host does their best to avoid this intrusion on your server and can aid in fixing it, but the best plan is for you to help ensure it never happens. When using this option, be sure to consider the risks. Ask your web designer or web host to help you understand the risks involved and what you can do to have the best possible security from the server side.
2. HTTP vs. HTTPS
Ever look at the beginning of your web address when browsing the Internet? Usually it starts with HTTP or HTTPS. You may have noticed that most times there is a padlock in the address bar. This has to do with the security level of a website. I’m going to try to NOT to get too technical here.
Hyper Text Transfer Protocol (HTTP) is the basic protocol over which data is sent between your browser and a website.
To help explain, HTTP is an environment for information to be displayed and non-personal data to be transferred. Sending an email address or phone number is not usually considered confidential information. For most websites HTTP is safe. However, Google and many other browsers recognize whether a site has added security or an SSL and display an icon to let you know it is safe to browse or show a warning if it does not have the extra SSL certificate.
When you see the HTTPS at the beginning of a web address it means it is a secure version of HTTP. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website is encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.
A Secure Socket Layer (SSL) Certificate is purchased from your web host to ensure your data is encrypted. This in turn tells your web browser to include the “S” at the end of the HTTP and show the padlock icon in the web address bar.
Side note, all of our hosting accounts come with a free SSL certificate.
3. Email Address on Website
Listing an email on your website for all to see is helpful for your visitors. However, it can also clue a hacker into what domain name or email to use as an email relay for spam. Hackers write automated scripts to search the Internet looking for dormant or vulnerable websites in order to gain access to your server and pirate your email accounts. This may cause your legitimate email accounts to get blacklisted by email servers. Emails being hijacked cause your email inbox to be flooded with spam which is a big nuisance. Unfortunately, once hackers have your email address it is almost impossible to reverse it. Using a spam fighter on your email client will help. Many email service providers have this built in to their service. Contact your web host or email provider to see if they can block certain domains that keep coming up in your inbox.
4. Security Monitoring Software
There are many ways to monitor your website to see if there has been a security breach. On websites we build, software that monitors all server activity is included. We receive an email every time someone tries to sign in and whether it is successful or not. We also receive emails of any activity that needs attention from the server. There are security tests that you can do to see how secure your website is and how safe it may be from an attack. Most of this should be handled by your web designer or web host. However, we wanted to mention it for those techy people and to let you know it is good information to ask about when designing a website either on your own or with a designer. We suggest Sucuri.net. Be sure to read the results carefully as their main objective in scanning your site is to find leaks where their software would help. That being said, here is a link to do a free scan of your website: https://sitecheck.sucuri.net/
No one cares about your reputation more than you. Your online presence is your responsibility. You buy insurance for disaster relief for property, you need to do the same for your online presence. Hire someone to help you know you are protected from disaster and then keep a list for yourself. Ultimately, if your site goes down, you are the one that will want it back up and running as soon as possible. The #1 tip to keeping your reputation close at hand is to keep several current backups where you can access them quickly. Hopefully, disaster will never strike you on the web. But if it does, the best option is to have a plan to recover.