When your E-commerce website goes live, it’s like opening the doors of a brick- and- mortar business inside a commercial location. Except that instead of welcoming 10,000 people who comprise daily foot traffic, you are on the Internet where 3.7 Billion users are searching for information every day.
People who enter your business premises are not all potential consumers. Some may buy, others may just want to look around while a few may have stumbled upon your business by accident. Then there are those who did intend to enter your premises but not to patronize your products or services.
They have malicious intent. They have infiltrated your business to steal valuable data. Others have a worse agenda. They want to destroy your business through a number of ways. They could eradicate your records, shut down your system or post inappropriate messages to soil your business reputation.
These virtual sociopaths are called hackers. They aren’t petty criminals who enter a convenience to steal a few hundred dollars or a six pack of beer. Hackers are not just high school kids on a mission to build a reputation of online notoriety from their mom’s basement. There are groups that are funded by organized crime to conduct hacking activities.
The Economic Cost of Website Hacking
According to the Internet security teams at Symantec and Verizon, almost one million cyber attacks are launched everyday. In 2014 alone, Symantec uncovered 317 million pieces of malware or software viruses.
The U.S. State Department alone reportedly blocks thousands of hacking attempts everyday. In 2014, the agency was forced to shut down its email system after a series of aggressive cyber attacks from a suspected group of Russian hackers.
A study by the Center for Strategic and International Studies revealed that hacking costs the U.S. economy $100 Billion a year. On a global scale, hacking costs the world economy an estimated $300 Billion every year. The study continues that hacking results in the loss of 500,000 jobs every year in the United States alone due to business closures.
While the mainstream media has mainly focused on cyber attacks launched versus big businesses such as Sony, Target and JP Morgan Chase, small business owners are much more vulnerable to hacking activities.
A study by McAfee showed that nearly 90% of small and medium sized businesses in the United States do not have data protection or security measures installed on their websites. Meanwhile, almost 50% of small business emails remain highly susceptible to phishing scams.
If you think hackers only go after the Big Fish, you are wrong.
98% of all businesses registered everyday fall under the classification of small business. Approximately 543,000 small businesses start out every month. In 2013 alone there were a total of 28 million small business owners in the United States.
Right after the Charlie Hebdo terrorist attacks in France in 2015, hackers went after 19,000 French websites.
Cyber criminals have no conscience. They do not care that you are running an online business simply to pay the bills and put food on the table. They are not impressed that as a small business, you are doing your part to stimulate employment in the economy.
All they want is what you have and will not stop until they get it.
How to Protect Your Website from Hacking Attacks
Small businesses provide a large ocean of opportunity for hackers to unleash their fiendish schemes.
Not having data protection and security measures in place is like having your store’s front door open while your safe is left unlocked and unattended.
Don’t make it easy for hackers to do their dirty work. It should be the responsibility of every business owner; small, medium or large scale, to choke out cyber crime by making sure they come away empty handed.
Here are 10 tips on how you can protect your website from being hacked:
1. Strengthen Your Network Security
Let’s start with the basic, fundamental rule of strengthening your network security. Clients can be lulled to complacency once we’ve updated their current network security programs and added a few more layers of protection.
What we remind them consistently is that hackers are always trying to stay ahead of security programs. There are a few things you can do on your own to secure your website:
- Change your password from time to time and make sure you use strong ones.
- Use password manager programs that randomly generate 20 alphanumeric characters. The password manager will tell you if you’ve already used a particular password.
- Update your antivirus and anti-malware programs.
- Make sure your firewalls are updated and always up.
- Scan all devices attached to the network for malware.
Just because you have not been hacked does not mean it won’t happen to you. A little bit of paranoia goes a long, long way when you are trying to protect your website from malicious attacks.
2. Use Two- Factor Authentication
Two-Factor authentication works as a stop gap measure when someone tries to log unto a service from an unrecognized device.
What happens is that you will receive a text notification with a temporary password. If you receive this message, it means someone was trying to log into your website. Apple, Twitter, Google and Microsoft all have two-factor authentication installed in their network.
3. Fortify Admin Access Control
It is every business owner’s worst nightmare to have their website admin level infiltrated by hackers. Your website will be at their mercy.
Again it all starts with the obvious access points. Make sure you use strong passwords and usernames. Instead of the usual default database prefix of “wp6_”, change it to something more difficult to guess.
Finally, limit the number login attempts within a specific time frame. Practice sound OPSEC or Operation Security measures by not sending login details via email. Remember email accounts are constantly being hacked.
4. Update Your Programs Regularly
It is standard procedure for software manufacturers to install an automatic update feature once it is available. When you receive notice that updates are ready for installation, do not delay. Update your program right away.
Every second that passes leaves your site vulnerable to attacks from hackers. Outdated programs are a favorite access point. The same goes for programs or plugins that are hardly used.
Hackers have voracious appetites; they will stop at nothing to get into your website. The most notorious hackers are known to scan thousands of websites in an hour. If one of them is able to find a breach in your program, you can be sure so will hundreds of hackers.
5. Use a Web Application Firewall
A Web Application Firewall or WAF is set up at a location between your website browser and data connection. It has the ability to read all bits of information that pass through it.
WAF can be software or hardware based although most of the modern versions are cloud-based. For a small monthly subscription fee, you can rest easy knowing full well you have security measures in place that regularly blocks all hacking attempts and filters out other unwanted sources of traffic such as spammers and malicious bots.
6. Set a Limit on File Uploads
Even if you work diligently to ensure the accuracy and precision of your network’s security system, the reality is, not all bugs can be captured. Some may get through and proceed to corrupt your website.
An option to consider is to prevent users direct access to files that have been uploaded.
Store the files outside the root directory. Your web host services provider can give you a script to access the files whenever you need them.
7. Get SSL Certificates
If you are running an e-commerce website, you must absolutely, 100% get SSL or Secure Sockets Layer certification.
SSL encrypts all data that are in transit. Without encryption, data can be intercepted by cyber criminals as it travels through servers and networks. SSL informs you the data came from a verified sender.
Having SSL certificates is also a great way to assure your customers that your website is safe. How do you know if the site has SSL authentication? Its URL address leads off with “https” instead of “http”.
You may even opt for the stronger EV SSL or Extended Validation Secure Sockets Layer with the URL green bar and SSL security seal.
You can read all about SSL certificates and its many benefits in our article, “SSL: What It Is and Why Your Business Needs It”.
8. Backup Files as Often as You Can
As the saying goes, “Even the best laid plans go awry.”
It’s great to have security measures in place but if the White House itself can get hacked, it is always best to assume the worst and have contingency plans ready.
One of the best backup plans is exactly that.
Backup files as often as you can. Every time someone saves a file it should backup automatically in other locations. It is not good to backup just once. You should do it as frequently as possible. Remember your hard drive can fail at any time.
9. Conduct Frequent PCI Scanning
E-commerce platforms should run quarterly Payment Card Industry or PCI scanning to reduce the risk of the site being hacked. All you need is to get the services of a PCI vendor to scan all the IP addresses the public has access to and which are related to your website’s transaction process.
Before acquiring any service, make sure that the company is an ASV or Approved Scanning Vendor.
10. Monitor Your Website Regularly
Did you know that you can install security cameras in your website the same way you would in a brick- and- mortar shop?
Online tools such as Woopra and Clicky allow you to observe how your visitors are behaving on your website in real time and can detect possible fraudulent or suspicious activity. You will receive alerts on your smartphone so you can act immediately and stop the hackers before they can infiltrate your website.
You should also find out from your web host service provider if it regularly monitors their servers for the presence of viruses and malware.
Without a comprehensive security plan in place and consistency in implementing courses of action, trying to stop the attacks of aggressive hackers would be like withstanding the full- borne fury of a tsunami with an umbrella. You’ll get wiped out.
As business owners, your time is best allocated to managing the tasks that improve your company’s bottom- line. The last thing you would want is to be concerned about your website’s security when you should be focusing on building up profits.
Our clients at Mountaintop understand this and have availed of our Extreme WordPress Care Plans.
27% of all websites run on the WordPress content management system. It is to be expected that many of our clients will prefer WordPress and will require regular maintenance for the websites to run efficiently and trouble-free.
By subscribing to our Extreme WordPress Care Plans, clients are assured of having their websites tracked and managed by expert, highly-experienced and proven professionals so they can go about the day-to-day activities of running their business.
We offer more ways to protect your website than just those listed in the article such as:
- WordPress Core and Plugin Upgrades
- Uptime and Security Monitoring
- Priority Email Support
- Preventive Maintenance Work
- Detailed Monthly Maintenance Report
- Daily Website Backups
- Monthly Support Time
- Scan and Fix Broken Links
The extent of the service will depend on the package you subscribe to. The monthly subscription fee is very reasonable and works as an insurance versus costly repairs that could adversely affect business earnings.
If you want to learn more about the real threats posed by hackers and other cyber criminals plus how our Extreme WordPress Care Plans work to secure your website, please feel free to give us a call or an email.