Online criminals are targeting vulnerable small businesses every day in Australia. Common ways include compromising administrator accounts by “cracking” poor quality passwords or intercepting and even altering communications between the website and a visitor’s browser. In other cases, cybercriminals can flood the website with spam connections (known as a “DDoS” attack) or exploit vulnerabilities in older versions of website platforms.
Cyberattacks are a proteiform threat that needs expertise to be fought against. Limited budgets and resources shouldn’t prevent you from adopting simple but effective security precautions. By implementing the four simple strategies below you can drastically reduce the chances of your website being damaged or compromised by online criminals.
#1 Choose strong passwords
Bad passwords make administrator accounts more vulnerable to hacking; cybercriminals use automated software that can potentially guess 350 billion passwords per second. Choosing passwords that are long and complex (using a combination of uppercase and lowercase, figures, special characters) for criminals to guess or “crack” using password dictionaries are critical and will help you protect data. Personal clues such as birthdate, middle names other otherwise, are vulnerable, even written in disorderly. These types of passwords are to be avoided at all costs.
Defining a unique password for each service account you create is a necessary behaviour you need to adopt, to secure the entirety of your credentials and essentially, your bottom line. You should aim to renew all of these on a trimestral basis, at the very least.
#2 Install an SSL certificate
Have you ever noticed how some websites begin with HTTP:// while others begin with HTTPS://? The “S” stands for “secure” and it means the website has an SSL certificate installed, so communications between the website and a visitor’s browser are encrypted. This makes it very difficult for online criminals to intercept or alter them. Installing an SSL certificate to your website will allow it also to improve its Search Engine Optimisation results. Pay attention to this technical detail along with other information such as hyperlink syntax, for a better understanding of the level of trust on a website.
#3 Pay special attention to anti-DDoS features
Distributed Denial of Service (DDoS) is a specific cyber threat that has grown over the years, according to governmental cybersecurity organisations. DDoS attacks leverage various strategies (such as botnet exploitation) to overflow a website or network traffic. They are said to occur every two seconds on the web. For those reasons, reputable website providers always offer some form of DDoS protection, and these services are well worth considering.
#4 Keep your websites platform up to date
Some website providers will secure your service through specific features such as anti-DDoS, there are other common threats that can be easily avoided thanks to a simple habit such as keeping all your components (CMS platform, Plugins, etc.) up to date. For example, CMS editors such as WordPress, Joomla, Drupal or Prestashop offer several updates to patches every year. Those patches will help you keep your website its peak performance, with the latest technical evolutions able to fix all known vulnerabilities. Applying those benefits will cost nothing and can be accessed within a few clicks from your CMS backend.
Putting these four simple security precautions in place will help you have a better comprehension of cybersecurity fundamentals in setting up a website and website maintenance. Considering the quick technological change, keeping updated on cybersecurity issues will protect your website and business long-term.
Sébastien Millanvoye, Product Marketing Manager, OVHcloud