3April 2022
No matter what size your company is, your website is at risk, in fact over 43% of cybercrimes target small businesses!
Industry experts will point out it’s not a matter of ‘if’ you will get hacked, it’s more a case of ‘when’…
In this day and age almost every businesses relies heavily on technology, which opens up the potential of hackers getting in to your website and costing your company time, money and lost clients!
Whatever product or service you offer, hackers see small businesses as an opportunity to profit, at your expense.
Over 50% of businesses across the world admit they have had at least one attack in the last 12 months, and those are just the ones that have some way of knowing it’s happened…
Many businesses that get hacked don’t realise until it’s way too late and the damage is done – Would you?
9 Cyber Security Tips For Every Small Business
Here’s the basic steps you can take right now to strengthen your website is security today:
1. Keep it up to date – Form the operating system on your computer to the themes and plugins on your site, ALL of these need to be kept up to date, automatically if possible.
Older and out of date software is the bread & butter of hackers, it’s where there are more KNOWN ways they can get in to systems, so keeping all your systems up to date is a big step in the right direction.
2. Don’t leave the windows open – not just the physical ‘RW’ windows, but all the computers in your office. Your staff need to be educated on the importance of security and shown how to put their computer in to sleep (or switched off entirely) whenever they leave their desk.
And login screens should all be password protected – otherwise ANY visitor to anywhere in your office (or out of the office if you have staff with devices out and about) becomes a security hole.
3. Use real passwords – ‘pass1234’ does not cut it as a secure password!
It’s essential to use strong passwords, such as DiceWare generated passwords [https://diceware.dmuth.org/] AND they should be updated several times each year.
If you have any shared passwords you should limit who has access to them and change these far more often.
To make your logins even more secure, wherever possible/practical your should use 2 Factor Authorisation (2FA) where you need an extra code generated by an app on your mobile, or texted to you.
4. Phishing emails – do not click on unexpected links or attachments, ever!
AND check the from email address is the genuine email address expected, not someone else pretending to be the client/customer/contractor etc.
Thieves are becoming more sophisticated and are willing to invest the time and effort to setting up fake email accounts that mirror a real clients email, then hijack emails to get funds redirected.
5. Get Anti Virus Software – Windows 10 has pretty good security built in, but adding an anti virus program adds another layer of security for thieves to get through.
You can see test results and comparisons of the best anti virus programs here:
6. Make sure your site uses https protocol – this should be a priority for a number of reasons:
it not only makes your site far more secure
it also helps your ranking in the search engines
and it increases your reputation with visitors, yes, people do now look for the green padlock in their browser address bar!
Be aware this shouldn’t cost you the earth, in fact we show you where you can get an “SSL” certificate for your site for free in our web security action guide!
7. Backup – and yes, we’re talking about your website here, not just local files/data, don’t simply rely on your webhost taking care of this for you.
If/when your site does get hacked, being able to restore a recent backup is THE quickest and safest way to get your site back up and running.
There are also options on automating the process to make it hassle free, the simplest is running a plugin on your site that runs a backup and stores it somewhere safe for you on an automated schedule.
8. Secure your website – There’s quite a few actual steps involved in securing your website properly, so we’ve created a full step by step action guide for securing your website which you can grab by opting in below.
The obvious and easy steps that you should take immediately are to make sure you don’t still have default usernames [e.g. ‘admin’] or weak passwords [e.g. ‘pass1234’] for any of your logins.
9. Get Good Web Hosting – If you’re on ‘shared hosting’ then it doesn’t matter how secure your site is, if anyone else’s site on the same server gets hacked they will be able to get in to your site as well!
The upside hear is that good hosting on a VPS (Virtual Private Server) is no longer expensive, we can point you at some recommended providers, one’s we have tested and use for our own sites.