Last week, we outlined some of the reasons cyber-security matters for small business. This week, we're going to provide you with some basic tools to help secure your Web site.
Fact: Proactive security works.
The Target hack, in addition to frustrating many consumers, was a wake-up call to the reality regarding the importance of cyber-security policies and their enforcement. Many companies and individuals that weren’t talking about cyber-security started to do just that following this massive breach and it marked the first time a CEO was dismissed over a data breach. For as much as 85% of companies, simple protections like strong passwords and implementing a “patching policy” (where you actually install those critical updates Microsoft and Apple put out) is enough to avoid a breach and don’t require large investments.
Cyber-security defense doesn’t have to bankrupt you.
Adequate security isn’t about throwing a bunch of money at the problem, it’s about doing what’s reasonable within the constraints of your budget and the two proactive steps mentioned in the previous paragraph can be implemented at nominal or no cost. You shouldn’t underestimate the real risk posed by cyber-threats and the potential aftermath. Even when you suffer a data breach or hack, your business is the victim but, unlike other crimes, you are also legally responsible for the damage that may result from the crime. Whether you are held liable depends upon whether you took reasonable steps to protect your customers’ data. What do you do?
Start using strong passwords: use a tool like LastPass to manage those passwords so you aren’t so overwhelmed and fall back into bad patterns like reusing passwords or using simple, easy to remember (and easy to guess) passwords.
When you get a notification on your office computer about a critical update, don’t wait to install it because you’re busy. It’s better to lose 20 minutes of your day because you’re updating than to lose days or weeks trying to manage the aftermath of an incident.
Improve security by adding layers.
For free or a nominal subscription fee, you can add some basic plugins to your Wordpress site (and many other popular platforms) that assist with security monitoring. You should also implement strong passwords and make sure you update Wordpress and all your plugins regularly (the two proactive options we’ve already discussed). You can also add another layer of security with an SSL certificate - the same thing all ecommerce sites use to encrypt the purchase process. SSL certificates are inexpensive and encrypt the connection between your site and any visitors. In addition to obscuring the traffic, running your site over HTTPS/SSL with a certificate also helps improve your search ranking with Google. Remember, most hackers are just as opportunistic as any other criminal and if breaking through security begins to take too long, they are more likely to move on to easier targets.