UPDATE — JULY 24, 2018: Today Google began rolling out Chrome 68. Now, Google's browser will display a "Not Secure" warning next to the website in the address bar if the site is not secured with HTTPS.
As we are living in a digital age, many of us are starting to pay more attention to our data and online privacy. Malicious hacking events frequently make the news, and we consider ourselves lucky if we haven’t been victimized by a cyber security attack (yet).
As a business owner, you need to be aware of website security risks and take steps to prevent attacks by hackers.
You owe it to your customers and visitors to protect the private information that they share with your business through your website. And with Google poised to start labelling websites without encryption as “Not Secure,” there’s no time to waste.
Protect your website with these 6 pro tips
Read the headlines lately? Cyber security now tops the list of worries for business owners around the world. Time to craft a cyber security strategy, if you don’t already have one.
Install an SSL certificate.
Start scanning for malware.
Update all software promptly.
Make regular backups.
Use strong passwords for your CMS login.
Only use trusted devices and networks.
Let’s talk briefly about the dangers of inaction before outlining our pro cyber security strategies.
Sizing up the threat
Hackers and malicious bots are constantly scouring the web for targets that can be hacked and milked for valuable data. The size of your business doesn’t matter, since most small business websites collect or transmit some sort of valuable data. In some cases, hackers use websites as a gateway to customer relationship management (CRM) and other critical business systems.
Hackers steal private information like account passwords, email addresses, health records and credit card details, which are then sold on the darknet.
Let’s explore the essential and super-easy cyber security strategies that can protect your website, your customers and ultimately your business reputation.
1. Install an SSL certificate
The simplest and fastest first step in any cyber security strategy is an SSL certificate. This is a digital data file that encrypts information as it moves between a visitor and your website. This is when information is most vulnerable to interception by a thief — in transit.
SSL encryption is critical for any website that:
- Collects email addresses for a newsletter subscription.
- Has a login system that uses passwords and stores users’ information.
- Processes online bookings, sales or credit card payments (even through external payment providers like PayPal).
Not sure if you have one already? The easy way to check if your website has an SSL certificate installed is to type your web address (URL) into your browser. If it shows HTTP, your website is not secure. If it shows HTTPS: your website is secured with an SSL certificate. Another quick check is the green lock on the left of the URL.
Why is an SSL certificate important?
If protecting your clients from digital theft isn’t reason enough, Google Chrome 68 will mark all sites without SSL encryption as “Not Secure” beginning in late July 2018. This is a warning to your customers that says “Don’t trust this site!”
You can imagine what the average person will likely do when they see that message — leave. And that could end up hurting your reputation and costing you in lost sales.
It’s not a good look for your business to be publicly branded as “Not Secure.”
Google also penalises unsecured websites in search rankings. This means that your HTTP: (unsecured) website is less likely to show up in search results than a website with similar content that is secured with an SSL certificate. That could make the difference between a Page 1 ranking and a spot on Page 2 or 3 (where few people ever go).
Where to get an SSL certificate
You can get a free SSL certificate from companies like Let’s Encrypt, but it’s not a simple tick box option to turn it on. If you don’t have technical skills, you could search the web for instructions on installing one of these certificates (they don’t have live customer service to talk you through it step-by-step).
Those who can’t or don’t want to install their own SSL certificate should consider paying for one. GoDaddy offers one-click SSL installation for sites it hosts. Those who don’t have GoDaddy hosting, can still use their SSLs, choosing from one of several options.
2. Start scanning for malware
There are so many cunning ways that hackers can place malware and viruses on your computer. Many are undetectable ... that is until your computer crashes after a malicious attack. Your personal files might be compromised, and any saved credit card numbers, personal data or passwords are at risk of theft.
A malware scanner checks your computer for existing malware and viruses and provides a fix for known nasties. If you suspect your computer has been compromised, or if you want to prevent a future attack, try GoDaddy’s Website Security. Once it’s set up, it will automatically scan your website daily, removing any malware it finds.
3. Update all software promptly
Operating system software updates include security updates and patches for new viruses. So the next time you get an update notice (on any device, since they’re connected), stop what you’re doing and follow the prompts. By keeping your software up-to-date, you’re less likely to be the victim of a cyber security breach.
4. Make regular backups
If disaster strikes and your website has been completely destroyed, you’ll be glad you had a backup. Some website hosts offer basic backup services, but it’s best to make your own as well so you have multiple backups in case one goes down. GoDaddy’s Website Backup automatically saves every file, folder and database on your site to the cloud on a schedule you choose (it also includes daily malware scanning).
There are free plug-ins for WordPress websites. Or you can opt for a more robust backup-and-restore service via one of the paid options. These solutions come with advanced features such as scheduled and on-demand backups, the option to restore specific files, backup logs and much more.
5. Use strong passwords for your CMS login
So often, we hear of people logging into their Content Management System (CMS) at www.yourwebsite.com.au/admin with a password like “admin,” or worse, “password.” Just don’t do it. They’re the first ones that a hacker will try.
The same goes for easy-to-guess passwords like:
You should never make passwords using information you share on social media or words that could be revealed by a bit of hunting. Same goes for your kid’s name, pet’s name or date of birth.
A secure password that will be difficult for a hacker (or a bot) to guess includes:
- At least 8 characters
- Both capital and lowercase letters
A password like u8$p(gQ@4 should be secure because it’s tricky to guess.
If you have trouble remembering passwords, use a password-managing app like LastPass or Keepass. That way, you only have to remember one password; the app remembers the rest of your passwords for you. Alternatively, write them all down the old fashioned way and keep them in a safe place.
6. Only use trusted devices and networks
The lure of free Wi-Fi at a café is enticing. But free networks can suffer from dodgy security. Anyone who uses unsecured Wi-Fi to log in to their bank account (for example) could be compromised if a hacker is operating nearby.
In 2017, an Austrian man checked his Bitcoin balance while on an unsecured public Wi-Fi network at a restaurant. He later found that his device had been hacked, and he’d lost over $150K worth of Bitcoin from his digital wallet.
Even online shopping using public Wi-Fi can be risky because you’re entering your credit card details into the website. It’s best to use your own device and mobile data for any exchange involving sensitive information.
Time to get serious about cyber security
The writing is on the wall: It’s well past time to put a cyber security strategy in place. If you only do one thing, make sure you get an SSL certificate. SSL encryption is one of the quickest and most effective ways to protect you and your visitors from data theft.
Why not set yourself the goal of adding one security measure per week until you’ve completed all the cyber security tips listed here? It won’t take long. Once you’re done, your customers will be reassured that their information is safe, and you could save yourself a lot of headaches in the future.