Most of us like to think that our company website will never get hacked. But just how secure is your website? Many small businesses don’t take enough steps to ward off cybercriminals and can end up becoming an easy target. Below are just a few questions to ask yourself to determine how secure your website is.
Is the payment gateway secure?
When accepting payments through your site, a secure payment gateway is essential. Many websites nowadays use hosted payment pages, which prevents sensitive customer information passing directly through your site. There are sites online that can tell you how to get up a hosted payment page. Choose trusted payment gateway services that do not have a history of data leaks in order to keep your customers’ data secure.
Have you got an SSL certificate?
An SSL certificate can help to encrypt visitor information so that it is less easily hacked. For many customers, an SSL certificate can be a symbol of trust – your website will move from HTTP to HTTPS and the browser will add a padlock symbol next to the URL that will notify visitors that your site is secure. If your website URL still reads at ‘HTTP’, you still need to apply for an SSL certificate – check out this guide to SSL certificates for more information on how to do this.
Are plug-ins up-to-date?
It’s important that any plug-ins included on your website are working and are still supported. Once plug-ins lose support, they can become an easy entry point for cybercriminals to inject viruses. There are tools online that you can use to test WordPress plug-in security to ensure that your plug-ins are secure.
Who has administrative access to your site?
Many business owners allow employees administrative access to their site, typically as a means for publishing blog posts or accessing analytics. Be careful as to what level of access you grant employees – particularly newer employees who you may not fully trust. Giving people you don’t trust unlimited administrative access to your website could increase the risk of an insider attack in which important data could be leaked or links could be redirected. It’s best to only give your most trusted staff full access.
Are your passwords secure?
Any administrative passwords need to be ultra secure. This reduces the risk of a cybercriminal hacking into your website. Use random combinations of upper case letters, lower case letters, numbers and symbols and keep password length above 8 characters. If customers can create accounts on your websites, you should also encourage them to set secure passwords to prevent these accounts from being easily hacked.
Is your website backed up?
If your website is hacked and needs to be taken down, it could be important to have backup files stored somewhere so that you can recover your website at a later date. Some website providers will automatically back up your site. If your website was built by a developer, you should ask them if they have backup files stored somewhere. If you built the website from scratch yourself, it is your duty to back it up. You can find out how to back up a website online.
Have you checked similar domain names?
Cybercriminals will sometimes buy websites with similar domain names and create clone websites with the intention of redirecting traffic from your site to theirs. This is why it’s often worth buying as many similar domain name variations as possible (for example, on top of ‘.com’, it could be worth buying up ‘.org’ and ‘.net’ domains too)