Business Resource Center

Protecting Your Small Business Website

While most businesses focus their online security efforts at protecting their networks and data, it’s also important to remember that your company’s website represents another attack target that also needs to be secured against unauthorized access and intrusion.

Small business websites are often targeted for a variety of malicious applications, including hosting software designed to:

• Capture personal information and passwords from site visitors
• Steal employee and company information
• Relay spam messages
• Redirect online visitors to different sites

Regardless of the specific attack and its results, dealing with hackers is a hassle you’re better off trying to avoid.

And it’s important for small business owners to avoid falling into the trap of thinking their company isn’t large enough for hacker to find or bother with. In fact, more hackers are targeting small companies specifically because smaller companies are considered easier targets. Small businesses are, in general, less likely than their larger counterparts to invest in dedicated IT security teams or sophisticated security software and devices.

Securing Your Site

Some of the basic steps you take to secure your network can similarly help reduce the risk of your company’s website being attacked.

For instance, requiring the use of strong passwords is critical in protecting the website’s administrative sections from unauthorized access and alteration. This will help reduce the risk of someone using a known vulnerability to access your site with an easily guessed password.

It’s also a good idea to ask your web hosting company about its security precautions. For example, your hosting provider should include malware and anti-virus scanning, as well as PCI-compliant card shopping cart software.

You should also make sure your provider offers secure sockets layer (SSL) certificates that encrypt traffic between your users and your website platform. While essential for online commerce, it’s also important protection for sites that are only collecting information via web forms. Customers who see a secure connection are more likely to trust, and share information, with your business.

Protecting WordPress Sites

If you’re running one of the many small businesses that uses WordPress for its main site, there are a number of steps you can take to protect your site.

For starters, delete the default ‘admin’ log-in for site administration. A number of hacker exploits have been developed using the admin log-in as a starting point. Instead, assign specific log-in credentials for any authorized site administrator.

You should also:

• Update your WordPress software and site plug-ins routinely. Hackers often target outdated systems for attack.
• Install Captcha plug-ins that require site users to check an “I am not a robot” box. This reduces the risk of your site being targeted with automated attacks.
• Use security plug-ins that help protect your site against spam comments and malicious software.

Regardless of how or where your site is hosted, it’s vital to back up its content on a consistent basis. Your hosting provider will likely back up your site regularly, but it’s a good idea to download a backup copy to a local server for additional protection.