In my last article, I described the experience of my small business’ website getting hacked, and described the basics of how websites work—and how hackers can invade them. In this article, I will provide practical tips on how to protect your company’s site from attack.
My site was hacked for more than six weeks before I discovered the problem, and it took another three weeks and thousands of dollars to fix it. This does not include the lost revenue and reputation that resulted from the attack.
Among the many things I learned from this experience was how easily it could have been avoided. The following precautions can help you steer clear of making the same mistakes.
Staying Up to Date
Software developers attempt to stay ahead of security shortfalls through updates. My website was vulnerable because I had not updated my version of the open-source program for more than two years.
Hackers use tools called spiders to scour the Internet, searching for outdated software and other security flaws. This piece of advice is applicable for everything on your computer, from the operating system to the browser: If you are connected to the Internet, you need to be updated.
Many of us are guilty of being passive about passwords. I thought, “Why would someone be interested in stealing my password? Why would someone be interested in hacking
The answer is because small business owners are less likely to have invested in the security systems a larger organization would use. Also, because many small businesses do not have dedicated IT employees, they are less likely to notice if their websites have been compromised.
You are not protected just because you mix up a couple of letters or numbers on your password and you believe no person could ever guess it. Hackers do not try to guess—they use computer programs that easily do it for them. And if you use the same password for everything you do, they are golden if they guess it just once.
Use sites like www.strongpasswordgenerator.com  to create passwords for you. The random mix of characters will be far more difficult to breach.
If you do not have a security program installed on your computer that offers the latest protections from viruses and malware, your computer is vulnerable. Even an accidental visit to an infected website could allow malicious software like a key logger to be installed on your computer. Hackers would then have access to all of your passwords, including those used to manage your website.
Paying for Security
Website management companies that design and manage websites usually protect their sites well. This is a good option if you do not expect to make a lot of changes to your site. If you want a site that is more interactive and offers you more control, however, paying a website management company can get expensive quickly.
If you download or use a program from a reputable hosting site, you can feel pretty confident that the original program is secure. But the hosting site is only responsible for storing and hosting your website — not securing it, even though it does nightly backups and offers a high level of security for its servers.
The hosting site I use partners with a company that offers several tiers of security for websites. I signed up for the lowest tier, thinking this would be adequate for my small business needs. It may have been adequate had I followed the other pieces of advice I am offering here, but I run a business, and I do not have the time or interest in making sure every last piece of software is updated and secure.
When I realized my site was hacked, I spent hundreds of dollars with the Web security company to clean it up. This lasted about three days and my site was hacked again. I followed the security company’s advice and updated my software, changed my passwords and bought a higher level of security.
Take It Seriously
More than ever, customers are relying on the Internet for information. Websites are often customers’ first impression of companies, which arguably makes them among the most important pieces of our business structure.
The days of being able to design a Yellow Pages ad one time and not worry about it until next year are disappearing. The attention you give to your website and its security can have a tremendous impact on the success and growth of your company. Don’t fall into the trap of thinking that you are too small to get noticed by malicious intent. You are not — it could happen to you.