There are scores of website hacks every single year—although only a handful gains media attention. However, that doesn’t make the damage less devastating. Even if none of your customer’s data is actually stolen and used, a hack can shut down your site, costing you reputation points and profits. It can show your visitors that you don’t take security seriously, and they may go to your competition for peace of mind. A single hack, even if it’s just to show off a hacker’s prowess, can devastate a small business.
Fortunately, there are many things you can do to improve the safety of your website. Hackers are often opportunists, and if getting into a small or mid-sized business’ site is too difficult, they’ll move on to greener pastures. Here are the fastest, most cost-effective ways to up the safety of your site today:
- Switch from basic web hosting to a virtual private server (VPS hosting): Many web hosts offer both types of hosting, and all it takes is a phone call or online request to upgrade. Even better, VPS hosting is often the same price as basic hosting (or close to). However, since you’re “sharing” a physical server but using a section of a virtual server that acts like a dedicated server, your site is much safer.
- Update your software: This one seems like a given, but most people have updated software on their computers so you need to make sure any software on your website is updated as well. With your server, if you opt for managed hosting, research a reputable company; they’ll take care of those updates for you. The same should be true of a web designer if you rely on a pro for maintenance.
- Be conservative with error messages: Your error messages should be very simple with minimal information. Some error messages unknowingly give away key information that a savvy hacker can “translate” to access vulnerabilities. For example, simply put “Incorrect username or password” instead of saying only part of the information was correct.
- Change your passwords regularly: This one is annoying, especially if you have trouble remembering your passwords. Keep two hard copies in secret locations (storing your password information in the cloud or on your computer can be accessed by determined hackers). Ideally you should change passwords monthly, but at the very least stick to quarterly. Make them random; include capitalized letters, characters and numbers, and keep an ongoing list in a safe spot.
- SSL Certified: SSL means a security certificate has been attained so that personal information being shared on servers, websites or databases is better protected. Pair this with updated firewall protection and you’ll go far when it comes to protecting your site.
There’s no way to 100 percent protect your site from hacks, attacks and viruses. However, the biggest breaches in recent time were easily avoidable with something as simple as SSL certification or changing passwords more than once a decade. “Best practices” are in place for a reason. Use them.