AM Design

Website Security - What to Know

website securityDo you believe your website security is sufficient to protect your internet business, your website or your customer details?

It is estimated that around 10,000 websites around the world are hacked on a daily basis.

There is a tendency for hackers to target small and medium businesses because typically, they have less or no security measures in place.

The Cost of Ignoring Website Security

In many cases small and even medium businesses will choose to have a website built or maintained based on the cheapest cost. I can tell you this is false economy. A professional website should never be thrown together in a hurry or on the cheap.

I am very familiar with horror stories from new clients of their negative online experiences. I understand how difficult it can be to find a good web designer from amongst the many available, when you know little or nothing about the pitfalls.

  • Paying top prices doesn't necessarily mean getting a top result. You need to be sure security and website maintenance are included in the deal.
  • Paying too little may mean corners are cut, and most business owners are attracted by low cost.

Website Security is Essential

In today's internet, having your website secured against hackers and malware is essential. It doesn't matter how small your website is or whether or not you collect customer data,  your website is vulnerable to attacks if it is not locked down properly. Even then, a security breach may occur through your server host via someone else's poorly protected website on the same server. Choice of server host is important.

What Really Happens when your Website gets Hacked

  • Hackers use your website to infect other people. Having this happen to your website can really mess up your relationship with your customers and tarnish the reputation of your business.
  • Malware on a hacked website may infect a visitors computer which may then lead to stolen data or blackmailing.
  • Google will stop sending traffic to a hacked website, and may advertise that the website is a threat until it is cleaned. Imagine if your income was affected for days or weeks?
  • Your email address/es will be blacklisted and rendered unusable until all signs of malware have been cleaned.
  • Your email address/es, even if not displayed on the front end may be used for spamming. This really makes your good name mud!
  • If you collect customer data (names, addresses, phone numbers etc), you may be liable if this information is stolen from your website.
  • None of this ever happens at a convenient time and can be time-consuming and therefore costly to repair.
Regular and on-going maintenance of your website is essential.

The technical reasons:

Owning a website is similar to owning a car or a swimming pool  or anything else which requires maintenance. If you don't have the time or knowledge to perform this maintenance yourself, you need to be sure someone is doing it. Usually, the developer of your website is the best person for the job.

If you no longer have a relationship with your website developer - find another one! I'd be happy to help.

If your website uses a Content Management System like WordPress  or a Shopping Cart it uses sophisticated systems which are continually evolving. These systems should always be updated as updates become available. Like your car, the oil and water should be checked and maintained.

Such systems evolve both technically; offering revised or newer code for better functionality, or for security improvements. Therefore, updates are doubly important.

The business reasons:

If you choose to not update your website with fresh and inviting material, any search engine ranking you have will begin to drop out of sight. Hackers love this. They know un-loved and un-maintained website are an easy target. Don't be shocked when no-one can find your website any longer, or it is hacked and your domain name or email is black-listed by Google.

The Role of Web Servers

Web servers open a window between your network and the world. The care taken with server maintenance, web application updates and your web site coding will define the size of that window, limit the kind of information that can pass through it and thus establish the degree of website security you will need to have. Basically, the most secure web server is the one that is turned off and not working at all.

Server hosts or web servers, are the companies which provide the space on a server (computer) which allows your website to be viewed by the world. If your server host company doesn't have tight security protocols in place, if they don't update their servers to use the latest server software and don't monitor their servers and perform regular scans and backups, your website and thousands of others which use those same servers are at risk.

You have two options: One, take the time to learn about quality server hosting yourself so you understand the process, or Two, ensure you are dealing with a web developer who knows their stuff and can advise you on whether the server you use follows good security practices. A good web developer who offers server hosting services to their clients, will always ensure they are using security conscious and efficient server hosts. I use servers based here in Australia and I re-sell to my clients with complete confidence that they are very well secured and maintained.

Website Security Risks

If your website has assets of importance or if anything about your website puts you in the public spotlight then your web security will eventually be tested. In other words, someone will try to hack into it.

It is an established fact that poorly written software creates security issues. The number of bugs that could create website security issues is directly proportional to the size and complexity of your web applications and web server. Most complex programs either have bugs or at the very least, weaknesses, and to add to that, web servers are inherently complex programs. Websites themselves may be complex and intentionally invite ever greater interaction with the public. And so the opportunities for security holes are many and growing.

The very same programming that increases the value of a web site, also allows scripts or SQL commands to be executed on your web and database servers in response to visitor requests. Any web-based form or script installed on your site may have weaknesses and present a web security risk.

The balance between allowing website visitors access to your resources through a website and keeping unwanted visitors out of your network is a delicate one. There is no one setting that establishes totally effective security at an impregnable level. There may be dozens if not hundreds of settings in a web server alone. And then there is the website code....

Website Visitor Security

A website security issue is faced by your website visitors as well. A common web site attack involves the concealed installation of code that will exploit the browsers of visitors.

Your own website is not the end target in these attacks. There are, at any one time, many thousands of web sites out there that have been compromised. The owners have no idea that anything has been added to their websites and that their visitors and their personal information are at risk. Visitors subject to successful attacks may be installing nasty code onto their computers and be completely unaware of it.

This article only touches on the need for website security. It doesn't provide answers or solutions. If you have questions about your website security and how it can be managed, please don't hesitate to contact me. I would be happy to provide advise and solutions.

closechevron-downphoneellipsis-v linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram