In the U.S. alone, 1,473 data breaches were recorded in 2019. The highest breaches were in business (644), followed by medical/healthcare (525), education (113), and banking/credit/finance (108).
Hacks take many forms, and each can hurt your business and your customers.
- Identity theft: Hackers can use your credit card information to make purchases. Customers also lose trust in your business when they find out about these breaches.
Sites using web accessibility resources and tools for disabled individuals also need to be aware of their clients’ vulnerability to audio eavesdropping. For example, malicious individuals can steal the data of visually and hearing-impaired individuals who are providing bank details using screen readers while in public places.
- Redirecting traffic: Hackers can redirect your customers to a dummy site to steal your traffic. Then can also gather your users’ login credentials and use these to access other accounts.
- Stealing intellectual property and sensitive business information: Losing these critical data can compromise your company’s operations and cost you your competitive edge in your market.
Businesses suffer heavy losses when their operations are compromised. Moreover, it can be difficult to win back your customers’ trust after a leak in your system has exposed their personal information. Companies thus lose more clients or witness a dip in their sales.
In 2018, global cybercrimes led to an average annualized loss of US$18.37 million. Also sustaining heavy losses were the utilities (US$17.84 million) and software (US$16.04 million) sectors. Meanwhile, losses in the consumer goods, health, and retail sectors were at US$11.91 million, US$11.82 million, and US$11.42 million, respectively.
While big companies may be able to survive heavy losses, smaller businesses may be less financially ready to take the economic hit of a hack.
Some hackers simply enjoy causing these disruptions. Others are motivated by financial gain. They steal other people’s ideas and business secrets to dominate the market. Cybercriminals can also distribute malware or ransomware to encrypt applications, access files, and databases then ask for payment in exchange for a decryption key. Others still resort to cybercrime to destroy another person’s reputation or spread hate messages.
Others resort to hacking to influence election results and spy on other countries or competitor companies.
Given the severe consequences of cybersecurity attacks, institutions and businesses must take further steps to protect data that are stored on the web. Build a business website that can keep your company, employees, and clients safe from cyber-attacks by doubling down on website security measures.
10 Proven Ways to Keep Your Business Website Secure
Have strong passwords
It’s tempting to use passwords you can easily remember, such as these terms that topped SplashData’s list of worst passwords in 2017:
Keep your account safe and those of your staff and customers by encouraging them to use strong passwords.
- Use passwords with at least 12 characters and a mix of numbers, characters, and upper and lowercase letters.
- Have different passwords for each website or account you use.
- Update passwords regularly.
Go for high-level encryption
Norton defines encryption as “the process that scrambles readable text so it can only be read by the person who has the secret code, or decryption key.”
There are different types of encryption providing varying levels of security. Don’t settle for the standard or low encryption levels that hackers can quickly decode.
Safeguard your data with high levels of encryption. For instance, the military keeps highly classified information safe with an AES 256-bit encryption.
Use web application firewalls
HTTP applications are safe by applying firewall rules to filter harmful web traffic. WAFs can come in the form of hardware, software (server plugins or inline web servers), or both, shielding your business from threats like denial of service attacks, SQL injection, and cross-site scripting.
Shift to https
The hypertext transfer protocol (HTTP) that facilitates data transfer between web servers and browsers is not secure.
As such, many businesses have switched to HTTPS (or HTTP over SSL or TLS), which uses a secure sockets layer (SSL) or its more recent version, the transport layer security (TLS) to build a secure connection between web servers and browsers.
HTTPS protects data like your clients’ credit card and login credentials from malicious individuals who are waiting for opportunities to steal this information.
Even if some of your sites are not handling sensitive data, switching to HTTPS offers other advantages:
- It protects your visitors’ privacy and security from intruders who may try to use the information to extrapolate about their behaviors or de-anonymize the data.
- It strengthens your customers’ trust in your company, which can help boost your business.
- It may also benefit your SEO and help improve conversion rates, as Google is using HTTPS as a ranking signal.
- HTTPS helps enable several browser features, especially for progressive web apps.
Secure your cloud server
Cloud servers contain your customers’ private information and other crucial business data. Go beyond default security settings and take extra steps to protect your data on the cloud.
- Don’t use the cloud to store sensitive information.
- Implement procedures for logging in and off and using strong passwords.
- Use two-factor authentication.
- Draw up an access control policy for your employees and classify data into several levels (ex., classified vs. public). Make sure that your staff can only retrieve data they need to get their tasks done.
- Encrypt your files before storing them on the cloud or get a service provider who can do this for you.
- Restrict the devices that can access your cloud data.
- Use other techniques like file scanning and user behavior and network traffic analysis to detect malware or malicious behavior.
SSL.com refers to SSL and TLS as “protocols for establishing authenticated and encrypted links between networked computers.” By encrypting data like credit card information and passwords, SSL/TLS prevents these from being intercepted by hackers, or man-in-the-middle attacks.
To know if your website has SSL:
- The URL should include https:// and not just http://. Some browsers show the https:// portion but others don’t. You can also use HubSpot’s free SSL checker tool to make sure a site is secure.
- The certificate is valid. You may want to double-check this before sending sensitive information such as payment details.
Different industries have specific SSL requirements, so be sure to check with your IT which one is best for your business website.
You may have heard of a virtual private network and may be wondering what is VPN and its meaning or relevance to your business operations. A VPN is an exclusive connection built over a public network such as the internet. VPNs protect you by encrypting your data so no one, not even your internet service provider, can see what’s in it. Businesses also use VPNs to enable their employees to safely access internal computer networks from anywhere.
When choosing a VPN for your business, make sure that they:
- can provide you with a high level of encryption;
- follow a no-logs policy;
- can give your team a fast connection;
- can scale up and grow with your company.
Update your website platform and software
Hackers take advantage of security flaws or software vulnerabilities to get your data, encrypt these and ask for a ransom, or take over your devices. Moreover, through these compromised devices, you can unintentionally infect your colleagues’ devices.
Keeping your software updated ensures that you are using its most secure version. Software updates fix security flaws, on top of addressing bugs and giving you access to new features.
Sample release notes from f.lux in 2016. The updates strengthened the computer program’s security.
Take extra precautions when allowing file uploads
If your website requires file uploads from visitors and clients, you need to put measures in place to make sure hackers cannot transfer malicious files. These files can overwrite files in your server, give hackers control of your site, or cause unscheduled downtime.
If file uploads are essential to your business, take the following steps to keep your site safe:
- Have a whitelist of permitted file types.
- Use file type verification to protect your website from hackers who may dodge your filters by inserting a second file type or dots to the document’s name.
- Impose a maximum file size to prevent distributed denial-of-service (DDoS) attacks. DDoS attacks can take down sites by overloading your web server or network.
- Use antivirus software to scan files before opening these.
- Automatically rename uploaded files so hackers cannot easily access these.
- Put the upload folder outside the webroot.
Prioritize website backups
Due diligence can protect your site from online security breaches, but you can never be completely sure that malicious activities cannot break your site.
Keeping a backup of your website or online store–whether manually or automated–doesn’t just help you bounce back faster during security incidents. They also:
- Protect you from data loss due to human errors and technology failures.
- Minimize revenue losses during downtimes. With a complete backup in place, your team can restore your data/site faster, and customers can start visiting and ordering from your online store again.
- Decrease the cost of site recovery. Without a website backup, you have to rebuild your pages from scratch, which drains more financial and employee resources.
Even if your chosen platform is keeping backups, you as a merchant must have your own data recovery and security system in place. You must have regularly updated copies of your databases, code, asset directory, themes, products, content, inventory, orders, and client details.
Keeping your business data secure may seem tedious and an added cost. But you can look at it as an investment in your company’s long-term stability and your customers’ trust.
How many of these cybersecurity tips are you already using in your company? What other cybersecurity measures can you suggest for business owners?