Protecting your website is complex, with online security depending on many factors – the type of website and platform you have, the passwords you use and the security measures put in place by your website host. Staying safe is further complicated by the growing number of threats. According to PwC there were 59.1 million security incidents detected in 2015.
Issues of online security and hacking are often in the news, and these stories are concerning for everyone, none more so than the small business owners responsible for customers’ data.
We spoke to 13,000 UK small business owners to find out how these issues were affecting them, and what steps they were taking to survive.
What we found surprised us. As many as 10% of Britain’s online businesses have taken no website security precautions, which equates to hundreds of thousands of websites that are vulnerable to attack. The survey also revealed that a lack of knowledge is hampering businesses efforts to stay safe; 20% admitted not knowing what security measures they have in place, whilst 43% believe that security is the responsibility of their hosting provider. 60% of online businesses don’t have a plan in place if they do have a security breach.
I have run a number of small businesses. The reoccurring theme is that being a small business owner means you are time poor, resource light, and can be left behind by the rapidly changing digital landscape.
We recently discovered that 85% of micro-businesses lack basic digital skills. This inevitably means that online security is rarely at the top of the agenda.
A few of my businesses worked, and many didn’t, but all took a great deal of time, effort and energy. This can all be taken away in less than a minute if you’re not secure; a hack can undo years of hard work, leading to loss of revenue, reputation and the end of a business.
I’ve used experiences with my own businesses and as digital director of 123 Reg to come up with some quick and easy steps that any small business owner can build into their day, in order to stay secure.
1. In all my previous ventures I’ve found that the actions you take offline to improve your security are incredibly effective in helping to protect your business in the online world. If you employ a small team, it is important to make sure everyone is aware of their own responsibilities.
Ensuring that everyone within the business has their own personal login to all your software and systems means that if any breach occurs, it is easier to track down the reason. It also increases accountability and security; if only one person has access to an account, then third parties cannot compromise it.
2. The use of online tools should be restricted to the IP address of the business. This means that your businesses online applications can only be accessed in the office, and not offsite. This allows businesses to control who has access to internal systems, which may contain sensitive data.
3. Small changes to behaviour can also make a big difference. This includes making sure that any stored login information is encrypted, that passwords and usernames aren’t written down and left lying around, and by not allowing strangers into your office or near any of your computer equipment.
It is also important that unattended computers are always locked, and that users must log back in to carry on with their work.
4. Passwords are often cited as an important line of defence when it comes to online security, and they are an easy way to make your online business more secure. Passwords should be regularly updated, and contain a mixture of letters, numbers and special characters. Once an individual has left the business, their account details should be changed, or their access disabled.
Different services should all have different passwords. If one password is compromised, this means that only one system is affected.
Good password practice will allow you to have control over who has access to important company information or sensitive data.
5. Installing a website security package is a good way to monitor your online business. Some packages scan your website, alert you to any existing vulnerabilities, and advise what steps you need to take to reduce the risks. Others can identify malware and even remove it automatically; whilst at the highest level they can prevent any malicious code from coming close to your site.
123 Reg partnered with the online security experts SiteLock to offer all of our customers a range of different security products. These are small investment compared to the financial and reputational losses that occur as a result of a hack or security breach.
6. Despite the increased sophistication of online attacks, ensuring that all your programmes and software are up to date is a simple, and very effective, way to defend your online business. Updates include the latest versions of crucial security fixes, so if you don’t install the latest version, you leave yourself vulnerable. Having up to date anti-virus protection is key, and there are a wide range of free anti-virus packages along with varying degrees of paid-for packages.
If the worst happens, a robust contingency plan can reduce the fallout, and limit any reputational and financial damage. Despite this, our research showed that 50% of online businesses still don’t have any kind of planned response to a security breach.
You might think this will never happen to your business, but our research found that nearly one in 10 UK e-commerce sites have fallen victim to hackers. A further 13% didn’t know if they had been hacked or not.
Online security is a team effort – we’re making sure that everyone is doing what they can to keep customers safe, whether they are hosting providers, small businesses, or software providers.
There are many elements to keeping your online business secure, however if these simple steps are followed you, and your customers, can be confident you are doing everything in your power to protect your business.
Nick Leech, Digital Director, 123 Reg
Image Credit: ESB Professional / Shutterstock