Your website is an important tool for attracting customers and prospects. Whether you use it as a virtual storefront or solely for providing information to visitors, it’s important to take prudent security measures to prevent the site from being compromised by hackers and online criminals. Website attacks can run the gamut from relatively benign vandalism or defacement to full-bore attempts to harvest personal or financial information that can be used to commit online fraud.
Some small businesses hope their comparatively small profile online will shield them from hackers. While lower traffic volumes can reduce the risk somewhat, automated hacking tools routinely scan websites of all sizes to search for vulnerabilities. A small-business site may not generate as much traffic as the web’s leading properties, but it’s likely to be considered an easier target.
Knowing the risks
At the low end of the threat spectrum, websites can be defaced or altered if hackers using automated tools can exploit unpatched vulnerabilities. The primary consequences of these types of attacks are potential embarrassment and the time and effort required to undo the vandalism.
More serious hackers can upload “drive-by” viruses or malicious software (known as malware) into the website’s code and pass the virus to people who access your site. The most serious attacks attempt to steal sensitive information that can later be used to gain access to banking, billing or merchant accounts.
When customer data gets compromised in a website attack, you may be required to notify customers under various data breach disclosure laws.
It’s important to think about the potential effects on your business if your website is attacked or taken offline. An e-commerce site would obviously lose business and suffer reputational damage, while a site that primarily demonstrates a company’s capabilities could lose some credibility (especially if the company provides technology-related services).
Locking down the gates
While it’s nearly impossible to secure a website completely against hackers, a variety of routine measures can make a website secure enough to resist casual attacks:
▪ Using strong passwords on your site, including your FTP and blog software
▪ Updating your website or blogging software, including any plug-ins. Updates known as patches are frequently issued after vulnerabilities are discovered, so it’s important to make sure your site has the latest defenses in place.
▪ Using separate accounts for all employees who have to access or manage your site and removing the access of any former employees.
▪ Backing up your site’s code and content routinely and monitoring the site regularly
▪ If your website offers an online checkout, using a secure connection and ensuring your company is PCI compliant
▪ Using SSL certificates for transactions
▪ Not storing any sensitive customer data
By following these measures, you’ll reduce the chances (and potential effects) of a web-based attack that can affect your business online.
This news is provided as a service to you by Marlin Business Services Corp., a nationwide leader in commercial lending solutions for the U.S. small business sector. Marlin’s equipment financing and loan programs are available directly and through third-party vendor programs, including manufacturers, distributors, independent dealers and brokers, to deliver financing and working capital that help build your success.