Securing Your Company's Website¹
Your company’s website is an important tool in attracting customers and prospects, demonstrating your capabilities and, if you’re offering products directly through the site, serving as a virtual storefront.
Regardless of your company site’s purpose, it’s important to take prudent security measures to prevent the site from being attacked by hackers and online criminals. Website attacks can run the gamut from relatively benign vandalism or defacement to full-bore attempts to harvest personal or financial information that can be used to commit online fraud.
Some small businesses hope their comparatively small profile online will help shield them from hackers. While lower traffic volumes can reduce the risk somewhat, automated hacking tools routinely scan websites of all sizes to search for vulnerabilities.
These tools often don’t know or care what they’re exploiting, as long as they find a site with weaknesses of which they can take advantage. A small business site may not generate as much traffic as the Web’s leading properties, but it’s likely to be considered an easier target.
Knowing the Risks
At the low end of the threat spectrum, websites can be defaced or altered remotely if hackers using automated tools can exploit unpatched vulnerabilities. The primary consequences of these types of attacks are potential embarrassment for the company and the time and effort required to undo the vandalism.
More serious hackers can upload "drive-by" viruses or malicious software (known by as malware) into your website’s code and pass the virus to people who access your site. Similar attacks include using your company’s site to relay spam messages, which could cause problems with your hosting company.
The most serious attacks attempt to steal sensitive information that can later be used to gain access to banking, billing or merchant accounts. If customer data is compromised in a website attack, you may be required to notify customers under various data breach disclosure laws.
It’s important to think about the potential effects on your business if your site is attacked or taken offline. An ecommerce site would obviously lose business and suffer reputational damage, while a site that primarily demonstrates your company’s capabilities could lose some credibility (especially if your company provides technology-related services).
Locking the Gates
While it’s nearly impossible to secure a website completely against hackers, several routine measures can make your site secure enough to resist casual attacks (and send hackers in search of softer targets).
- Using strong passwords on your site, including your FTP and blog software, is one of the most important basic steps you can take. It’s a good idea to use different passwords on each account, even though keeping track of all of the passwords can be challenging.
- Updating your website or blogging software, including any plug-ins you may be using, is another good step. Updates known as patches are frequently issued after vulnerabilities are discovered, so it’s important to make sure your site has the latest defenses.
- Use separate accounts for all employees who have to access or manage your site, and remove the access of any former employees. If someone doesn’t need access anymore, there’s no sense leaving active an account that can be exploited.
- Back up your site’s code and content routinely.
By following these measures, you’ll reduce the chances (and potential effects) of your company’s website being attacked.