When it comes to your business, your website is one of your most powerful assets. It is likely a valuable source of new leads, sales and database building. However, it is also of great value to hackers. With the rate of cybercrime on this rise you need to ask yourself, is my website secure?
If your website has never been hacked – great! But don’t go celebrating too quickly – this doesn’t mean your website is not a target. If you’re not conducting regular website maintenance, chances are your website is leaving a few, very inviting doors open for hackers.
As a website owner it is your responsibility to make sure you’re not leaving your website vulnerable. In this article I am going to show you how to optimise your website’s security.
The rapid rise of cybercrime
Cyber crime is rising at a rapid rate. Just look at the statistics:
- Cybercrime has risen 300% since 2015
- In 2016, 60 % of Australian businesses detected a monthly security incident
- 30,000 newly infected websites are identified daily
Alarming figures indeed.
There is no denying that the cybercrime game has changed. Once upon a time, if a hacker wanted to launch an attack on your business they had to be coding experts. Nowadays, cybercrime has advanced to become a service that’s offered to hackers on the “dark web”. The current state of play is that hackers with little to no skills can purchase software/code known as ‘cyber weapons.’ These so called ‘weapons’ are capable of hacking your website.
This advancement has more or less opened the floodgates of cybercrime. No longer do you have to be a professional coder to cause destruction, your average Joe is capable of conducting an attack. These so called ‘weapons’ can cause an immense amount of damage to your business – but only if you leave your website vulnerable to them.
“Cybercrime has advanced to become a service that’s offered to hackers on the dark web.”
However, it is good to know that your website doesn’t have to become another cyber crime statistic. *Insert a sigh of relief here*. As a website owner you do have control of your website’s security and it is your responsibility to do everything in your power to avoid an attack.
Is your website worth something to hackers?
An important questions to ask. Let’s take a look at why hackers may have an interest in your website. Many business owners, especially those who have a website of a non-eCommerce nature, think that their website is just a “simple page” with content that isn’t of any value to hackers. If this is you – your mindset needs to change.
The truth is, to a hacker your website, regardless of its nature, is a goldmine.
Once a hacker gains access to your website and all of your files, they can create a path of destruction. A website hack could potentially be something that your business can never recover from.
Here are a few examples of what a hacker can do on your website:
- Install malicious software on your site. Malicious software can be designed to infect the computers of your website visitors. If this happens to your business a big warning is be painted on your visitors screen. Not a good look!
- They can delete all your website files. If you haven’t prioritised website maintenance and frequently backed up your site and this happens to you, this could mean trouble. You’re likely to lose months of data and customer enquiries.
- Present controversial messages on your website. These may be of political or personal nature that may affect your brand image and, as a consequence, damage your reputation. Your brand may also attract some unwanted media attention.
- They can destroy all your SEO efforts. If Google is alerted to any hacker activity on your website they will take action. Most likely to display a dire warning to visitors both on your website page and from the search engine feed. They will also put a black mark against your website which will negatively affect your search engine ranking. If this happens to your website that’s a lot of money and SEO sweat down the drain – it’s also going to be a lot of hard maintenance getting back to your previous search position.
- They can gain access to your website and send legitimate looking emails that contain malicious content. The danger here is that these emails will go undetected by spam filters. If these emails are clicked they can affect your entire IT system and comprise your businesses data and assets.
- Use website databases to compromise customers directly. This can damage your reputation and customer trust. Depending on the data stolen, it could also result in a lawsuit.
- Get into your server. Criminals can steal all of your business files and hold them to ransom, watch emails (where they can pick up confidential passwords) and conduct phishing schemes (target assistants to pay). If they get access to your server the consequences are likely to be catastrophic.
The potential costs of a website hack
There’s no surprise that a hacked website comes with a price tag to fix it. The price to pay however is not just a simple IT invoice. Hacked websites can come with a whole list of damages, that unfortunately, can hang over your business for months after the attack has happened.
Some cost considerations include:
- Cost of repairs: If an attack occurs the first initial cost will be the IT bill to fix your website. Resolving the initial issue (e.g. removing the bad code), is the equivalent to putting a bandaid on. While it will work in the short term – your website is still at risk of another attack. For this reason the costs of repairs will need to involve setting up new preventative measures. This will act to strengthen your website and remove existing vulnerabilities that initially opened the door to the attack.
- Business disruption: Productivity and administration costs for your internal team who will be charged to fix it can add up. That’s a loss of internal productivity. If you operate an eCommerce website, time is precious. It can sometimes take days to get your site back up. Think about all that lost revenue.
- Information loss: There is a price tag for data recovery. That is, of course, if you have the data backed up. However, it’s very hard to quantify the value of any data lost. Data breaches can expose private and confidential customer data. Again a loss of customer trust on this level may never be repaired.
- Revenue loss: While your website is down, your business could be losing leads, sales, conversions and customers.
- Equipment damage: If the hackers gain access to your internal systems (most likely through crafting a malicious email), your entire company could be at risk. This will result in more costs to repair any damaged systems and the individual computers.
- Damage to your reputation: The confidence of your customers is likely to go out the window. The media love to pounce on these kind of stories and the damage done to your brand can be nation wide. If this happens that’s another bill for the reactive PR efforts.
How to keep your website secure on WordPress
WordPress is an open source Content Management System (CMS) that acts to house all the digital content that appears on your website. When it comes to CMS applications – WordPress is the market leader. There are over 15,886,000 websites currently using WordPress. But there is a downside to this popularity. As millions of business are powered by this CMS, hackers have a high interest to target it.
Something that is good to know is that WordPress are on top of this threat. They are constantly releasing new updates. This method is used to protect your website from the new and improved ways hackers have discovered to enter it.
These updates however will only work to protect you website if you keep on top of them. As a website owner, you need to be taking actions to keep your website secure, regardless of whether it has been professionally developed or not.
Remember, hackers move at a fast pace.
While WordPress are taking measures to tackle this threat, only 40% of WordPress sites are up to date. That means that the 60% of websites not up to date are all at risk of an attack. It also means that the ball lies in the website owners court to reduce the rate of cybercrime.
The take home message here: if your website has not installed the latest WordPress update your business could be at risk.
“If your website has not installed the latest WordPress update your business could be at risk.”
The Solution: Make a plan for website maintenance
Every website MUST have a plan for maintenance.
The reality is, in today’s digital world, the only way to protect your website from an attack is to schedule in regular website maintenance. This is the best way to remain proactive.
Conducting this maintenance activity should involve regularly checking on your site, completing updates (Both WordPress and Plugins) and scanning to make sure nothing is compromised.
When it comes to conducting this maintenance you can do it yourself. However, unless you are an expert at website development – think twice before doing this. The reason being, running updates can trigger code issues. These errors may not be immediately identified and can go undetected for weeks. The consequence of this is that when they finally are discovered, you will need to revert your website to a backed up version. If your website has not been backed up recently you could lose a lot of valuable data such as recent online orders and client enquiries.
The best practice for keeping your website safe is to involve an IT professional or a website developer.
Website maintenance packages
This article wasn’t meant to scare you, but the importance of scheduling in regular maintenance is something your business needs to have front of mind.
If you don’t have a plan for maintenance – it is highly advised you get one – as soon as possible. This is the only way to ensure your website is not a vulnerable target and your business isn’t set to become another cybercrime statistic.
At Thirst Creative our team are highly specialised in conducting website maintenance with our monthly WordPress Maintenance Packages.
We catch any issues before they take over the site. This is a prevention method to avoid costly fixes that may compromise your brand value, online presence or impact your lead generation.
Our packages include important updates such as:
- Monthly CMS and plugin updates
- Monthly security scans
- Backups of the site once scanned and checked (for any reason we need to revert to the latest secure version)
- Security report
Our maintenance packages start from $220 per quarter.