How To: Protect your website from cyberattack
Cyberattacks are a reality of the modern & interconnected world. What can you do to protect your website? We provide 7 steps on how to protect your website from attack.
You’ve no doubt heard of all the recent cyberattacks on big-name brands such as Optus, Medibank and Vinomofo. The sad reality is that cyberattacks happen every day, and more often than you think.
A 2020 report from the Australian Cyber Security Centre reported that they receive approximately 144 reports of cybercrime per day. This harrowing statistic is made even worse by the fact that they estimate over $300 million per year is lost to cybercrime.
$300 million per year in estimated annual losses to cybercrime based on ReportCyber data.Australian Cyber Security Centre, 2020 Report
Whilst it is important to understand that there are many different types of cybercrime, and there are many different ways to protect yourself. I want to focus on how you can protect your website from a cyberattack. Website protection is paramount to protecting your brand.
After all your website is the most exposed your business is to the internet. It is the world-facing view of your business and it is important that you keep it secure. There are two important questions you should ask yourself:
- How much is your business’ reputation worth to you?
Look at how much Optus is getting dragged through the media – their reputation is in the trash.
- How much do you value your customers’ security & trust?
Not only talking about protecting customers’ data – but how much do you value their trust?
What steps should you take to protect your website from a cyberattack?
First of all, it is important to recognise that you can’t prevent attacks from occurring. Hackers don’t just decide to hack your website – they use sophisticated methods of deploying crawl bots to identify vulnerabilities and use automated attacks to access data. Essentially, if your website is accessible to the world wide web – you are vulnerable to an attack.
However, there are several you can take to ensure that you are as secure and safe – and to have a procedure in place should there be an attack.
Our Recommended Steps are:
- Utilise secure web hosting from reputable suppliers
- Keep your website up-to-date and secure
- Wherever possible, ensure no sensitive data is stored
- Prevention wherever possible
- Never, ever process credit card payments directly
- Have a plan in place to deal with a cyberattack
- Enlist specialised support
1: Utilise secure web hosting from reputable suppliers
Start with the basics – choose a web hosting provider that helps prevent attacks on the actual physical box. Securing web hosting is not a case of just doing one thing, but can be a combination of different factors. Popular methods that secure providers use to protect your website:
- Web Firewalls in place
- DDoS (Distributed Denial of Service) attack prevention
- Virus protection
- Spam filters
- SSL Security Certificates
In my opinion, all of these are a must-have and should be on every website.
2: Keep your website up-to-date and secure
Understanding the technology your website uses is important. There are many different content management systems (CMS) out there, all with varying levels of support and security. WordPress is the world’s most popular CMS platform, powering over 43% of the world’s websites. So there is almost a 50/50’s chance you are running a WordPress website – the benefit to this, there are so many tools and plugins out there to help you. WordPress is a great platform and is well-supported by a very active community.
However – there is a big problem hiding in plain sight for WordPress, it is open source. Open Source is great in so many ways, it means that the source code for WordPress is able to be inspected, maintained and improved by the broader developer community. However with the code being able to be inspected by anyone, any vulnerabilities are identified very quickly by people who wish to exploit them. So in this regard, it is very important to keep your website up to date and running the latest, most secure version possible.
3: Wherever possible, ensure no sensitive data is stored
If you can avoid storing any sensitive customer data on your website – do it. Every time you need to store anything about a customer, think if it is really necessary. If you were to experience an attack, and the hacker gained access to sensitive customer data – think about how you would explain this to your customers, why were you storing this data and why were the attackers able to access it?
If you do need to store it – explore ways to possibly encrypt it, and keep it as secure as possible from the outside world.
4: Prevention wherever possible
Having in place web firewalls and DDoS (Denial of Service) attack prevention is a great step to take to ensure your website is secure. There are many different providers out there but we often lean on Cloudflare – not only do they have many tools to help speed your website up, their DDoS & Attack prevention is second to none.
5: Never, ever process credit card payments directly
Always use a trusted third-party payment provider, such as Stripe, to process all your online credit card payments. Never attempt to do it directly, and more importantly never, ever store credit card information on your website.
6: Have a plan in place to deal with a cyberattack
Imagine this – you’re experiencing an attack, you’re getting phone calls from staff and customers, and you don’t know what to do. It’s stressful and you’ll need to try and find help to get you through. However if you have a plan in place that specifically outlines:
- Who’s in charge of taking action
- Who to contact in the event of an attack to assist you
- What steps and measures do you need to take internally to ensure data is secure
- What notifications (if any) do you need to provide to your customers / staff
- What steps do you need to take after the attack
Having this plan will make sure that you can take the steps you need to ensure you deal with the attack swiftly, minimise any potential loss and prevent potential damage to your reputation.
7: Enlist specialised support
Most businesses can’t afford to have a dedicated person on staff, but you also can’t afford to have your reputation damaged by an attack. The solution to this – is asking someone like Strong Digital to give you a hand. For WordPress websites we offer affordable website care plans that help keep your website safe, secure & up to date. We host and manage the websites on secure Australian based cloud hosting.
Taking these measures can help ensure that your business and your customers are protected. Strong Digital can help provide affordable website protection – after all, how much is your brand’s reputation worth to you?