Protecting Your Website Against Hackers What You Need To Know
If you’re paying attention, you know that cybercrime is no joke. In 2015, cybercrime cost $3 trillion annually, and projections indicate that number will double by 2021.
The real question is, what are you doing to protect yourself? A lot of local business owners do the bare minimum and tell themselves it’s enough.
I’ll let you in on a little secret: it’s not enough. If all you’re doing is updating your anti-virus software and filtering out spam, you’re still vulnerable.
Scared? You should be. But that doesn’t mean you can’t do something to protect yourself. Cybersecurity experts are working constantly to stay ahead of hackers. Here are 8 ways you can protect your website and data.
#1: Keep All Software Updated
Have you ever received a notification that your software needed an update and delayed it because it wasn’t convenient? The answer is probably yes, and yet delaying updates for your website can leave you vulnerable to hackers.
One of the best ways to protect your site is to install all updates and patches as soon as they are available. Yes, it can be a pain to do it. But you need to weigh that against the inconvenience and cost of being hacked. Any software, application, or plug-in you use should be as up-to-date as possible at all times.
#2: Install an SSL Certificate on Your Site
As of 2018, Google Chrome is displaying a warning on any site that doesn’t use HTTPS protocol to protect its data. But that’s only part of the problem.
Having a secure site will build trust with your users. More importantly, it will make it far more difficult for a hacker to gain access to your data or to use it in the event they can break through your other defenses.
There are several types of SSL certificates. You can read about them here and decide which one is best suited to your needs.
#3: Require Strong Passwords
When you log into your site on WordPress, do you use a password that you also use for other sites? When was the last time you changed it? If the answers are yes and never, it’s time to create a new password, one that uses upper and lower-case letters, numbers, and special symbols.
At the same time, look at your password requirements for your site’s other users. If you allow clients to sign in on a portal, you should require them to use strong passwords and update them regularly. This is a common-sense change you can make that can prevent hackers from accessing your site.
#4: Hide Your Admin and Login Folders in Plain Sight
Hackers sometimes take the easy way out and scan websites for folders with names like ‘admin’ or ‘login.’ They can focus their attention on those folders and, if they’re successful, gain access to your data through them.
There’s actually a very easy way to prevent this – or at least, to make it more difficult for hackers to find your folders. Instead of giving your folders obvious names, try giving them innocuous names that don’t reveal their importance. A determined hacker may still be able to find them, but at least you won’t have made it easy for them.
#5: Use Double Validation for Form Data
Do you collect data using forms that are embedded in your website? If you do, then the potential exists for a hacker to inject malicious code using the form. And, if your form is in a “one and done” format, you’re making it easier than it should be for them to do exactly that.
The solution is to use double validation for all of your form data. That way, you can accomplish two things:
- Help valid users by ensuring that the data they enter on their forms is properly formatted; and
- Prevent malicious scripts from injecting harmful code onto your website
HTML 5 form validation is now supported by all browsers. You can read more about it here.
#6: Limit File Uploads
If your website has a customer portal where users can upload files, you’ve got to be careful to include extra security measures around the uploads. Why? Because an infected file could easily take your website down. A user might even upload a file they don’t know is infected.
There are a lot of things you can do to protect yourself, but the best option is to quarantine uploaded files outside of your server, so they can be scanned before you allow them in. You should also use secure transport methods (like SFTP or SSH) when allowing files to be uploaded from the internet. Learn more here.
#7: Minimize Administrative Access to Your Site
How many people have the login information for your site? If you have given administrative authority to multiple employees, then you could be opening yourself up to attacks by giving hackers more potential entry points to your data.
Does that mean you should deny anyone access to your site? Not necessarily. But here’s what you should do:
- Delete any users who don’t need access to your site or who no longer work for you
- Require every user to use a strong password that they update regularly
- Talk to your administrators about security and the importance of protecting your data
A lot of big companies use what’s called a “least access” system, which limits employee access to only those systems that they need to use to do their jobs. That’s a method that can work for small companies as well.
Website Security Should Be Your Priority
A lot of small and medium-sized businesses think they won’t be targeted by hackers because they don’t store the same kind of data that big organizations do. Don’t make that mistake. Even a small data breach can do irreparable harm to your business, causing you to lose money. Even worse, it can damage the trust you’ve built with your clients.