With almost all businesses and professional activities finding their activity pushed on line over the last 12 months, and the ease with which we open up our phones and mobile tablets to buy, sell, book appointments and the like, the whole area is open for exploitation.
So what can you do about it?
Ironically, the Government has been urging businesses to improve their IT security, only to find that Parliament House has also been hacked (as has RMIT, Nine Media, and many other organisations)
So, a few suggestions are listed below
1. Use a reputable web host
A quality web host is your first line of defence against cyberattacks on your website. So rather than opt for the cheapest host, do your homework and invest in a solid hosting package with a reputable host.
Hosting is what makes your website visible to people around the world.
Check that your web host supports the latest versions of basic web technologies, such as PHP and MySQL. PHP 7 is the official recommended PHP version for WordPress, which now powers 30 percent of all websites.
It’s also worth considering VPS or dedicated hosting. These ensure your website isn’t on a shared server — and not vulnerable to DDOS attacks on other websites sharing the same resources.
2. Ramp up your website security
Bad actors are using increasingly sophisticated tactics to break into websites. Their goal? Sometimes it’s to steal customer data that can be sold on the dark web. Other times it’s to gain access to a bigger company’s network through your site. Regardless of their motives, the outcome is bad for your business.
Look at what your web site host offers in terms of security, ensuring that they offer the following services
The Web Application Firewall (WAF) feature stops malware before it gets a chance to enter your website. It intercepts and inspects incoming data and removes malicious code, preventing damage from being done to your site (and your business reputation).
Malware scanning and removal
Website Security includes a scanner that checks your website for malicious content that could put your site, your customers, and your future prospects at risk. The product automatically scans for malware daily, alerting you when it finds something. All you need to do is submit a malware removal request and our team gets right to work.
Blacklist monitoring and removal
Likewise, if your site is infected and blacklisted as a resulet, you will be notified of the problem and website host can work to get your site cleaned up and removed from the blacklist.
SSL Certificate protects private data
A SSL certificate enables encrypted communication between your customers and your website. It helps to decrease the risk of losing sensitive information to hackers such as:
Credit card numbers
The SSL helps to protect all the private data that is of most interest to hackers and thieves. But there’s another benefit to having an SSL: Google heavily favours SSL-encrypted websites and pushes them higher in search rankings than those without, helping your business become more visible to new customers.
Advanced DDoS mitigation
The Distributed Denial of Service (DDoS) attack can bring down your website by overwhelming it with a flood of automated traffic. And every minute your site’s down, you’re losing customers and sales.
The advanced security monitoring and WAF features of a good hosting service’s Website Security suite will hep to prevent DDoS attacks.
3. Use strong passwords
Always create and use strong and unique passwords — preferably based on pass phrases — for your website, email and any other accounts associated with your online business.
Like usernames, passwords are another piece of the puzzle for hackers to guess. The stronger your password, the more difficult you make it for hackers to successfully log in to your website. If you use WordPress, it will automatically force a strong password during installation and ask you to check a box if you enter a weak one on purpose.
If you need a hand coming up with a strong password, read this for tips. Or use a tool like Secure Password Generator — it will create strong passwords for you. Be sure to keep them safe and don’t share them with anyone.
AND DON’T RE-USE THEM ON DIFFERENT PAGES! Yes it is a pain, but then so is losing your identity and your money to some offshore hacker who is benefitting from all of your effort with a keystroke.
4. Add two-factor authentication
Even with a strong username and password combination, Brute Force attacks can be used to guess your log in details. This is where two-factor authentication can help.
Two-factor authentication introduces another step in the login process. You still enter your username and password, then you’re asked to enter a code that is sent to your mobile device or authentication app. This thwarts automated Brute Force attacks designed to crack your username and password combination.
Many systems (like Xero, and many bank web pages) require 2FA systems to be installed. While it adds to the time spent in logging in and working on these systems, just think – if it takes you that long to get in with all the information at your fingertips, how much longer – and therefore harder – is it for someone else to get in? It IS your money and your business that you are protecting! And make it compulsory for your employees to use 2FA when logging in to your systems – especially in Work From home arrangements.
5. Keep all software up-to-date
Ensuring all software you use for your website — including your Content Management System — is up-to-date and running on the latest version is one of the easiest ways to protect your site from attack.
Only download and use software (such as WordPress plugins and themes) from credible, reputable sources, such as premium providers. While it might be tempting to use free software, sometimes dodgy developers insert malicious code, which would compromise your site.
And only keep software on your site and system that you’re actually using. The more unused software you have, the higher the risk of getting hacked. So review your site regularly to ensure it’s lean and running on essential software.
Website security is your responsibility
Like filing your tax returns or submitting business activity statements, digital security is another important facet of running a business that SMBs need to prioritise. It’s not something you can simply put in the too-hard basket — not when 20 percent of Australian SMBs have already suffered a cybercrime event. Businesses are spending literally thousands of dollars each year cleaning up after hackers who penetrate their sites.