The risks

Like any system or platform that’s connected to the internet, your website is vulnerable to an online attack. For example, hackers could:

  • infiltrate your site to try and steal customer information, or
  • use your website to host phishing or other attacks.

How to protect your business

  • Secure the data across your website

    Your customers trust you to keep their information, and the communication you have with them, safe. An easy way to give your website added security and privacy is to enable HTTPS.

    HTTPS keeps the information transferred between you and your customers confidential by encrypting it. This makes it much harder for attackers to get the login details or credit card information customers submit on your site.

  • Update software and devices

    Updates add new features, but they also fix issues or vulnerabilities that allow attackers to get your information. Most software companies work hard to make sure security holes are fixed in each software update.

    As the business owner, it’s your responsibility to make sure your website’s software is updated and any security patches are applied. This includes things like plugins on your content management system and your web server. Give yourself one less thing to think about by automating your updates.

  • Renew your domain

    If your domain name expires, an attacker could claim it and set up their own scam website selling fake goods or serving malware using your business’ name.

    Ask your domain provider about auto-renewing your domain.

  • Use a strong and unique login password

    Logins are a point of vulnerability for any website. Create a long, strong and unique login for your website – we recommend a passphrase of four or more words that aren't based on any personal information.

  • Turn on two-factor authentication

    Any systems you can log into over the internet are susceptible to attack. We strongly recommend adding two-factor authentication (2FA) to your website. That way, an attacker would need your 2FA code as well as your password  to access your site.

  • Back your website up regularly

    Having a recent backup means you can restore your data quickly and easily if it’s lost, leaked or stolen, for example if:

    • your web server gets hit with ransomware and stops responding
    • your website’s compromised by another sort of online attack
    • you accidentally delete a section.

    Backups are most useful if they’re recent and cover both the pages themselves and any data your website holds, like customer databases.

    Ensure you or your provider set backups to take place automatically. It’s preferable to make a couple of copies and store them in different, secure (but easily accessible) places. That way, if one backup is compromised, you have a spare.

     

Sign up
Sign up for news and updates from SamCERT.