Almost every month, another big brand hits the headlines after a cyber attacker identifies and exploits a vulnerability in their website security. From human error to undetected bugs, if there are any loose ends, there’s a good chance a bad actor will find them – and the threat is by no means diminishing.
A breach of sensitive customer data has widespread ramifications. Most critically for brands, it impacts trust.
Trust plays a pivotal role in your credibility – winning it takes hard graft. Losing it? That’s much easier. 81% of us state that trust colours our purchasing choices. If a brand is mired in a scandal or exhibits unethical behaviour, 45% of us would never trust it again, and 40% would stop spending with it entirely. In terms of the bottom line, that’s a body slam.
So, how can you fortify your website security and qualify as trustworthy in your audience’s eyes? Get started with our 6 top tips…
1. Run a well-oiled CMS
Your business website likely depends on a custom or off-the-shelf content management system (CMS) such as WordPress to run. In addition to your CMS, you probably put to work add-ons and plugins to enhance site functionality.
Whichever CMS, add-ons, and plugins you’re using, updates will be required as vulnerabilities are spotted, and new features are introduced. Older sites may not be compatible with these updates, becoming ticking time bombs for a data breach and, eventually, totally obsolete.
To maintain robust website security, you’ll need to continually assess your CMS, plugins, and add-ons for updates, or opt for a new site altogether, when the time comes. You’ll also need top-notch anti-malware software and consummate Distributed Denial of Service (DDOS) protection.
When elements of your site become outdated, the door opens to attackers. Cybercriminals are becoming ever more sophisticated, utilising new technologies to hack one website every 39 seconds. If you want to give your site the very best protection and slam that door closed, it’s vital to install new versions of the tools you use as soon as possible.
2. No pet names for passwords
Human foibles are gold dust for cybercriminals looking to compromise website security.
This is why password management should be one of your first focal points. Over 80% of hacks trace back to compromised credentials – likely helped along by our penchant for easily guessable passwords and complacency replacing them. Your cat’s name is more memorable than an ever-changing string of random characters, right?
You can quickly and easily improve website security by using a password manager such as Dashlane, LastPass or 1Password to create unique, complex login details for each user. Make sure every user changes their password frequently, too, however secure it seems.
You can check how secure your password truly is on websites like howsecureismypassword. It’s interesting if you compare, say, a randomly generated 12 character password with one comprised of random words: it reckons ‘y5Kht9ByqrFn’ would take a computer 2000 years to crack (and probably a lifetime for me to try and remember and type it correctly), whereas if you chose some random words, let’s say ‘SproutPigOrange’ with a capital letter for each word and no numbers, this would take a computer 43 MILLION YEARS to crack!
If you want to go one step further, add a number and a special character and then it goes up to 93 trillion years! Secure password – done!
3. Avoid too many cooks
Place a cap on user permissions, so only a limited number of people are authorised to access and edit your website. On a CMS such as WordPress, you can customise user permission settings, allowing for varying levels of modification powers from user to user.
Giving your whole team blanket access to your site is a recipe for compromised website security, as should just one member fail to follow set protocol (such as generating sophisticated passwords regularly), a vulnerability is created.
4. Backup – constantly
Surprisingly, many businesses have a less-than-airtight backup schedule. A backup of your site empowers you to pivot fast when issues arise, from a hack to a malfunctioning page or function.
Whether you choose to create a manual backup timetable or automate it via a tool or your provider, make sure you save and backup your website often – we recommend daily.
5. Signal your website security credentials
As customers become more informed about dubious data harvesting and cyber-attacks increase by the year, website security and privacy are of enormous concern.
You might have the most robust back end in the world, but the user can’t see this. It’s important to signal your website security credentials where people expect to see them, or they’ll likely feel unsafe spending time on your site.
Additionally, a website deemed insecure by search engines such as Google could see its SEO ranking take a hit. With all of this in mind, what boxes should you be ticking?
These days, every website worth its salt has a Secure Sockets Layer (SSL) certificate. These are used to encrypt sensitive data such as card and address details so that they can be securely transferred during transactions.
SSL certificates show as a padlock beside your URL on browsers such as Google Chrome.
If you don’t have one, your URL will sit next to the two dreaded words: ‘Not secure.’ After seeing that, few customers will be comfortable inputting their data.
If you have an e-commerce site, your online checkout security also needs to provide the visual safety cues today’s customer is accustomed to. On a basic level, you’ll need:
- An address verification system (AVS). This helps stop fraudulent payments from going through.
- A credit card verification value (CVV) form field for those checking out with a credit card. A CVV form field asks customers to input the security code on the back of their credit card – another protective measure against fraudsters.
6. Use a pro
A developer with advanced coding skills is a necessity for certain website security tasks. For example, reducing cross-site scripting (XSS) vulnerabilities requires expert knowledge. Simply put, this involves combing your HTML code for malicious elements and removing them, in addition to building safeguards into your existing code.
Likewise, preempting and combatting SQL injection attacks – when hackers seize and plunder a database server for sensitive information – is a job for a pro, ranging from executing complex data storage protocols to reducing user permissions and more.
Investing in your website security
Whether or not you choose to collect and store user data (which, done ethically, can be highly beneficial), it’s crucial to ensure your website is kept secure and up to date by a professional.