There is no disputing that a company website is among the most valuable assets a business owns. With the average user forming an opinion about a website in 0.05 seconds, businesses are (rightly) investing heavily in website build and design. Your website is your store front, your business advert and in many cases your sales platform.
So why does website security matter?
Protects User Data: If you’re collecting sensitive data like usernames, passwords, credit card information, or personal details, ensuring its security is paramount. A breach can result in the theft of this data, leading to identity theft or financial fraud.
Maintains Trust: A hacked website damages your credibility and trust with users. If your site gets compromised, visitors will avoid it, and it can take months, if not years, to rebuild your reputation.
Prevents Downtime: Cyberattacks can take your website offline, causing severe business disruption. If your site is down, customers can’t access your products, services, or content, resulting in lost revenue and productivity.
SEO Implications: Google and other search engines consider website security when ranking websites. A site with security issues is likely to rank lower in search results, which can affect your visibility and traffic.
What are the non-negotiables?
If you run or work for an SME, the chances are there will be someone in your team that is closely involved with your website and by extension, its cyber security. Below, are the top five security protocols that should be enforced at a bare minimum.
SSL
SSL is a security protocol that provides privacy, authentication, and integrity to Internet communications. It works by ensuring that any data transferred between users and websites, or between two systems, remains impossible to read. It is possible, that even with a newly developed website this may not be enabled.
2 Factor Authentication
Ideally, this should be enabled for anyone who has a login to your website, no matter their level of access. Editors should be non-negotiable. Some of the most secure ways to implement 2FA are via an authentication App or hardware based 2FA. In the IT WORKHOUSE office, we use Yuikeys that are authorised via fingerprint recognition.
reCAPTCHA
reCAPTCHA is a fraud detection service that stops bots and other automated attacks while approving valid users. The technology works by providing a login test that is easy for humans to pass but bots cannot. We would recommend adding reCAPTCHA on logins to block bot access to the main site and adding it to your website contact forms to decrease the number of spam submissions.
Updates
Ensure your website is updated regularly. Reputable website providers will be constantly working on security patches for the most recently discovered vulnerabilities on your site, so it is essential that you keep on to of this to receive the most effective protection.
Security plug in
We would recommend Sucuri as the best product that will work effectively with a large amount of website providers. There's even a free malware checker on their website where you can scan your URL and check for any malicious code, viruses, website errors or out of date software. There is a range of products that would work well with specific providers too eg Wordfence for Wordpress etc.
To conclude:
It is relatively easy to protect your website, at least on a basic level. If you rely heavily on your site, we would always recommend getting professional advice on how to go deeper with your cyber security. Luckily, we can help with that.