Whenever a cybersecurity breach makes international headlines, the root cause is often too complex for the average person to understand. To some extent, the complexity of these prominent attacks provide some consolation for the low-profile websites owned by individuals and small businesses. The assumption is that nobody would devote that much time and energy to attack a little known and relatively low-traffic site.
The truth, however, is that the overwhelming majority of successful hacks don’t make the news. That’s not just because most attacks affect small websites but also due to the simple and non-spectacular methods used that aren’t juicy enough for the news. Cybersecurity controls follow the Pareto Principle. Just 20 percent of easy-to-implement controls can thwart 80 percent of cyberattacks.
Even if you have no background in tech or security, you can easily implement the following measures to make your website more secure.
1. Use Strong Passwords
Anyone who can figure out the administrative password to your website’s control panel will have front door access and can do almost anything they wish. If your administrative password isn’t secure, every other security measure is pointless. A strong password is one that isn’t easy to guess and cannot readily be cracked using brute force attack tools.
Ergo, your passwords should be at least 8 characters long. They must contain numbers, upper and lower case letters, and special characters. Never include in your password your name, title, birth date, address, alma mater or any information that someone else can figure out easily.
2. Update Your CMS and Plugins
Content management systems (CMS) like WordPress, Joomla, Drupal, Magento and Shopify, have made managing websites much easier.
Unlike years past where one had to have extensive understanding of HTML programming to run the average website, CMS allows you to add and remove elements with little more than a click of a button and a sprinkling of text. Also, major CMS such as WordPress have an extensive plugin universe that enables you to greatly extend the functionality of your site.
But like any other software, CMS and plugin developers will routinely unearth vulnerabilities with their applications. New releases and updates are geared toward closing these loopholes that exist in older versions. Ergo, to keep your website free of these well-known vulnerabilities, always update your CMS and plugins to ensure you are running the latest versions.
3. Use a Reputable Host
Your website may be accessible from anywhere as long as the user has an Internet connection but its files reside in a specific location and server. This server is owned and managed by a web host.
There are thousands of web hosts you can choose from. As you would expect, different web hosting services have different levels of service reliability, customer satisfaction, and in this context, cybersecurity. Your web host has access to your site’s backend and actually has greater control over your site’s content and availability than you do.
Before you settle on a hosting service, look at the kind of security and access management controls they have in place. Most will be happy to list them or provide additional information if your request for it.
Scan the web for reviews from their past and existing customers. It doesn’t matter if these reviews have nothing to do with the site’s security—if their quality of service in all other respects is woeful, it’s unlikely that their cybersecurity is any better.
4. Delete Files and Pages You No Longer Need
Superfluous files and pages are not only a drag on your site’s speed but they also increase the number of surfaces through which third parties could potentially attack or gain unauthorized access.
Redundant pages are especially vulnerable since you will probably never visit them to see what content they have. If your website has already acquired a significant reputation in the market, hackers could manipulate the content on a redundant page to make users they direct there think that what they read is a legitimate message from you.
Delete any pages and files you no longer need. It keeps your site clean, organized and safer.
Certain cybersecurity controls may require you to call on the services of a security expert. Before you do that though, apply these tips to ensure you have the basics covered.