Owning or running a website for your business or brand often presents many different challenges, from making sure you have ongoing content in place through to making sure it continues to work across every device imaginable, but when it comes to security, this can often be forgotten about.
There are many reasons why people do not really take care of their website in terms of making it secure, and these reasons include assuming it will be ok, thinking that the hosting company is responsible, deciding that their site is too small to be attacked or sometimes, not really ever giving it much consideration at all. From small websites through to large, multinational ecommerce websites, security is important, very, very important.
It really does not matter if your website is for your small plumbing company in Bristol, or your website sells thousands of products every day, you simply have to think about the security of your website otherwise the consequences can be disastrous.
We are all aware these days of the major consequences that some national brands have recently suffered due to glitches in their websites, with customer data being stolen, credit card details possible accessed and generally, weak holes in security allowing access to areas where there really should not be access. You cannot assume that just because you do not take money on your site or you do not store customer details that everything is ok, as once your site gets hacked, it can often be a long road back to making sure that you get your customers back.
The biggest three causes of websites being hacked can often fall into the following categories:
Control Access / Login Details – Anywhere from poor passwords to your details being stored, found, accessed and then used, getting access via normal logins is actually very common, with software that allows millions of user name and password combinations until access is found. Things like FTP details, CMS login details and Control panel logins, once you get access to any of these, the rest is pretty simple if you are wanting to cause some issues.
Software / Hosting Vulnerabilities – Even the best hosting companies in the world cannot claim to be 100% secure, as even if there is a patch out of date by a few days, if someone can get access, they most certainly will. And if you are running on a CMS based site, like WordPress or Joomla to name a couple, these must be kept updated at all times.
Third-Party Integrations Or Plugins – For anyone with a WordPress website then you will know half of your site normally runs on plugins, and this is probably the most common point of hacking now, with out of date plugins or out of date platforms that have vulnerabilities. Most content management platforms use plugins and in fact, many websites use scripts and extras, so once again, if they are vulnerable then so is your website.
So, why care?
It is easy just to sit back and think you can deal with it if and when it happens, as the chances are small and the consequences are smaller, but this is very much the wrong attitude to have.
Any website is now at risk as hackers do not always target big websites, they often aim for smaller sites as they know they will have a better success rate and they can do more damage on a wider scale. Not every hacker wants customer details, many just want to spread viruses, Trojans and malicious nasties, and small to medium sized websites are perfect for doing this. Only the very best hackers will target sites for credit card and customer details, most hackers just want to spread viruses and phishing scams across the Internet.
You need to think about the damage for your customers and for your brand, as a hacked website can lead to their computer getting a virus and it can also lead to Google displaying that your website might be hacked every time someone searches for you. As a customer, you are not going to click that link, even if they trust you and know of you, so you really do not want this displayed on your Google results. Many leading Anti-Virus programs also do the same, and this can take much longer to get your site removed from.
The short term damage might be limited, but the long term damage might be massive, so even if you are running a small website, security still needs to be a priority to you or you should be speaking to your web design company or hosting company to make sure everything is as secure as it should be.