Many small companies don’t think that their site has enough allure for a hack. But imagine when a search of their business url comes up with a site that is selling pornography? Good PR? I think not. Hackers don’t necessarily take over a site for the content or to just mess with the code. They steal a site to use it for the server to send out spam. There are automated scripts which look for security weaknesses in software and the endgame is often a search for Bitcoin or to set up ransomware. It is all about how much risk a company is willing to take with one of their best marketing tools. The added cost of adding a security certificate is much less than it would cost to have to purchase a new domain name, and a new professional website.
Levels of Security for Websites
The first thing to help secure a site is to keep software updated. WordPress updates every couple months. If your site is super simple, without plug-ins, one can try updating on their own. Some plug-ins cause issues, so my suggestion is to have use a web developer. Some developers charge an hourly fee to do this, and others sell a maintenance program. Either way, paying a professional will still save money in the long run.
We all hate passwords. One thing worse than passwords is long complicated passwords. And long complicated passwords that we do not “save” in the computer can drive a person crazy. Then add on top of it all the need to NOT reuse the same password for multiple logins is enough to give up. But all of these are crucial security management tools. Create passwords that are longer than 6 characters, using numbers and symbols. Do not save the passwords in the computer. And vary the passwords from application to application.
Use a contact form instead of showing emails on a website. Spammers have an easy target when they can see the email.
Purchasing a security certificate (SSL or HTTPS) was used mostly for eCommerce or financial institutions in the past. But with the elevation of hacking incidences, Google is now suggesting the HTTPS for most businesses as another wall of security. The SSL has a yearly renewal.
If a business already has HTTPS and wants to take it to the next level, Transport Security (HSTS), a header that can be added to server responses to disallow insecure HTTP for the entire domain.
With Medical sites, HIPAA compliance is crucial. We use a specialized hosting company for any medical related websites that we design. These specialized hosting companies are well versed in compliancy steps, with secure forms, hosting and will sign a liability contract.
Make online marketing tool safe and sound. Decide which levels of risk are worth the cost of a hack and add security to match that level. Call or write 360WD a note with questions about setting up a maintenance program for updates and backups, or purchasing a security certificate.