Website Security for Small Business Owners – Managing and Protecting Your Website Assets

As a small business owner, you may be thinking that your little ‘ole website would never
be of any interest to a hacker. Maybe it’s just a small informational site, and you have it
set up just the way you like it. Perhaps, you have people manage your website for you,
and the less involved you are the better.


Just as you protect and secure other assets like your home and car, you need to make
sure that you’re properly managing your website’s security. Your website and other
digital resources are important assets to your company and replacing them would likely
be costly, time consuming, and a drain on your business.


As a website owner, it’s important to understand the tools that come together to support
your website and to take steps to protect them.

In this article, we will cover:

  1. Understanding your website’s digital assets and how to manage them
  2. What’s the risk? Why would a hacker want to hack MY website?
  3. How to shore up your website’s security and prevent and attack

Understanding Your Website’s Digital Assets and How to Manage Them

Your website requires several “tools” that come together to make it run. As a website
owner, you actually need to manage several digital assets.


Tips for business owners on managing your website’s digital assets:

  1. Know what and where your assets are. We’ve included a list in the next
    section of the assets and services that combine to support your website. Keep
    the logins to your assets ready and available so you can respond to an issue or
    give someone else access to do so.
  2. Maintain access to your assets. It’s great to have an IT team who can help you
    manage your assets, but always make sure you retain access too. Never
    relinquish control to an outside party! It’s like giving someone the title to your car!
  3. Protect your assets. Use strong passwords! See our list below for ideas on
    how.
  4. Handle renewals. Many people lose access to their domain because it fails to
    renew when the credit card on their account expires. Nope, Go Daddy doesn’t
    call you to tell you, and instead you can lose you domain! Plan for how to handle
    this!

Your Inventory of Website Assets Includes:

Domain Login: Your website’s address/URL is kept with a domain registrar, like
GoDaddy. Your URL holds the history and authority that your website has built up with
the search engines. This is a very important asset, and you need to retain control of it
and protect it with a strong password.
Website CMS (content management system) Login: This login provides access to
your website files on a platform such as WordPress. Often other people need access to
your website files, and if so, you can set up a temporary password.
Website File Backups: These are invaluable! If your site is hacked, a backup can get
you back up and running in no time. Without a backup, you might have to rebuild your
entire website! The best way to handle backups is for your hosting provider to record a
daily backup copy of your website files. This way any changes or updates to your
website will be current and included with your backup.
Hosting Login: This provides access to your hosting control panel.

Sound like a lot to manage? Talk with us about Bellaworks’ hosting services. We can
keep a secure record of your website, domain, and hosting logins and make sure you’re
using strong passwords. Our hosting services include daily backups, and if you ever
need them, we’ll be ready to help. We can even handle your domain renewals, giving
you peace of mind that you’ll never miss a renewal notice and accidentally let your
domain expire.

What’s My Risk? Why Would a Hacker Want to Hack MY Website?

We wish we could tell you that hackers only target high value websites like those for
banks and government entities and such. Unfortunately, that’s not the case. All websites are targets
regardless of presumed “importance.”

We have seen the websites of small business owners, even artists and event planners,
become victims of hackers. These business owners are often, understandably, in
disbelief. They ask, “Why would someone want to hack my site? There’s nothing to gain
from this!” However, the truth is that hackers have their motives, and anyone with a
website could fall victim to them.

Reasons Why A Hacker Might Hack Your Website

Vandalize Your Website. Sigh. Yes, sadly there are people who hack websites just for
the thrill.

Gain Server Access. A hacker who hacks a website that sits on a shared server can
then gain access to other websites on that server. Low-cost hosting providers often
group websites on shared servers, and a breach of one website can have devastating
effects on all.

Use Your Website as a Tool to Do More Harm. Once a hacker has access to your
website, he can conduct other malicious activity like installing viruses that steal
confidential information, installing back links to other websites, etc.
Disrupt Service, Steal Money/Information, or Make A Statement. These reasons are
typically behind the large-scale attacks, but any of them can also apply to your small
business.

How to Protect Your Website

Use Strong Passwords
Creating strong passwords is a must! Don’t leave the front door open to your website!
You need to make sure that your website CMS, domain login, and hosting login all have
unique, complex passwords that use a mix of letters, numbers, and symbols.
To give you a sense of the vulnerability or strength of various passwords, take a look at
the chart below from Digg.com.

 

 

Use a Password manager
Password managers like 1Password or LastPass can help you create strong
passwords, manage their use, and keep them safe! These services keep your
passwords in an online vault that will autofill your passwords safely when you need
them.

Two Factor Authentication
Large scale data breaches do still happen, which can expose your long, complex
passwords. Add further protection by setting up two factor authentication wherever
possible. Instead of using your cell phone to verify by text, consider using an app like
Google Authenticator or Duo Mobile for a higher level of protection.

Limit Login attempts
When possible, set up your accounts to limit login attempts. Hackers will move on to a
target that is less secure rather than cycling through unsuccessful login attempts.

Block Logins From Certain Countries
It can be difficult to block login attempts by country because hackers can use their own
VPN (virtual private network), which encrypts their activity. It is possible, though, to
block the IP addresses that are known to be registered in certain countries.

Change Login URLs

Most hackers take advantage of the easy targets sending out bots to attack login screens. If you change your login URL to something less common, it can reduce the change of you being a target.

Website User Roles

You can set different permissions within WordPress to limit a user’s abilities in the backend. Only give full Administrator permissions to those you trust.

Website Form Spam

Protect with the latest Google Captcha or math question. Developers can also use a honeypot field, which is an empty field that humans can’t see. If it populates, it is because of a bot, which will note the form as spam.

Do not click on random email links

Always reset any passwords directly through any website in question. Do not click on links in random emails that you receive.

 

Wonder how secure your website and digital resources are?

Contact us! We would be glad to discuss your current situation and recommend any additional steps that you could take to keep your assets secure.