High profile cybersecurity breaches are shining a spotlight on the lack of preparedness of most organizations. News about hacks is announced almost daily, so it’s alarming that the majority of businesses still hold on to outdated website security myths. Small to mid-sized businesses, in particular, remain in the dark about security threats because they lack the resources to stay ahead of web security issues.
Hackers are becoming increasingly sophisticated in their approach, constantly adapting and developing better methods to compromise our websites and steal our information. However, business owners have not kept pace in defending their sites. They must stay informed and take defensive action in order to keep up with tenacious hackers.
In order for businesses to thwart the efforts of hackers, a few misconceptions need to be cleared up. Below are seven website security myths to leave behind as you head into the new year.
Website Security Myths to Leave Behind in 2018
Small business owners don’t need to worry about being hacked.
This is definitely not true. In fact, 62% of all cyber attacks are aimed at small and mid-sized businesses, according to IBM. Small business sites are often easy to breach because they are not as well protected as the sites of large companies, making them the perfect target for hackers. The U.S. National Cyber Security Alliance reported that 60% of small companies that suffer a hack are out of business within six months. (Source)
Mobile devices can’t get viruses.
According to the HPE Cyber Risk Report for 2016, researchers found 4.5 million Android malware samples and 70,000 iOS malware samples. If employees are using their personal smartphones or workplace issued phones to store and view important company data, your business may be at risk. Even more alarming is the fact that 63% of 720 IT professionals surveyed don’t have a policy concerning the type of company data that can be accessed and stored on their mobile devices.
If you don’t store customers’ credit card information you, don’t need an SSL/TLS certificate.
If you don’t have one of these certificates, your site may be marked by browsers as not being secure. Visitors will be wary of your site and may not return, potentially decreasing your site traffic and negatively affecting your reputation. If your site requires visitors to fill out fields requesting credit card information or a password, and your site doesn’t have an SSL certificate, your site may be blacklisted by Google. With the release of Chrome version 62, any site that requires a text input (credit card information, contact forms, passwords, search bars, etc.) will be marked as unsecure if they do not possess an SSL/TLS certificate.
Your password is strong enough.
Most people don’t give much thought to their passwords, often choosing something simple and using it for every account they have. This can leave site owners vulnerable to brute force attacks, or attacks where hackers employ a program to continuously guess different passwords until the correct one is found. A hacker discovering your password for one account is bad enough, but if you use the same password for all accounts, it can be a nightmare. Site owners can use a password generator, such as LastPass, to better protect their site.
Security through obscurity is an effective way to protect your site.
Security through obscurity is the practice of concealing vulnerabilities in a system, making it harder for a hacker to gain entry. For example, a site owner might change the name of an important file to something like “family vacation pictures.” Disguising this file may make it harder for it to be found, but any experienced hacker will be able to gain entry. While this method isn’t always a bad thing, it can become a problem when it is the only security measure that someone has taken in arming their site. Website owners should use firewalls and security plugins as one layer of defense.
A firewall and antivirus software is enough to protect your site.
While a firewall and antivirus software is essential for basic site security, they should not be your only methods of defense. Hackers can quickly adapt to move around firewalls and antivirus software without being detected. Site owners can invest in data loss prevention software and encryption to enhance the security of their site. Remember to update your security software and perform backups of your site regularly. It is also important to stay educated on measures you and your employees can implement to protect your site.
Your employees can’t impact your network or website security.
It’s not uncommon for a website to be compromised due to an employee slip-up. If network security policies aren’t instituted, and employees aren’t properly trained to keep your site safe, they might click on a suspicious link or a spam email, leaving your site at the mercy of a hacker. As reported in PR Newswire, 90% of all cyber attacks were the result of an employee unintentionally revealing access information and their system ID to hackers.
Make website security a priority for your business in the new year. Hackers are constantly evolving so business owners need to do the same. Abandoning outdated web security myths is just one step in protecting your site. For tips and tools to improve your website security click on the image below to download our free checklist.