Congrats! You’ve launched your site, and optimized it so search engines can find it. You’re promoting your business (step 5 in our Road Map), and business is humming along. But then, your site starts to really, really slow down. You start getting complaints from customers and employees. So, you call your web host to see if they are having server problems. That’s when you get the bad news: your site is infected with malware and needs a major reboot. Not the way you expected to spend your day (hopefully, not your week!), to say the least.
As in most aspects of life, there is a flip side to launching a site. Once a site is out on the web, and the search engines find it, that means that everyone can find it. Even those shadowy figures you’d rather not be in contact with. Malware and viruses are so prevalent you need to proactively plan your website security strategy.
A few of the reasons why it’s important to protect your website from malware and viruses.
We’re sure you’ve heard the main reason to protect against malware: those nasty ramifications that make the news. Malware on a website has the ability to capture your passwords, emails – and if you have an eCommerce site – payment information.
It’s equal opportunity risk as well. Malware can capture the login information of the site administrator as well as the information of customers. From there, the criminals can potentially access other websites, rack up charges on credit cards, or perhaps open new accounts in your name.
That means: your unsecured site can also pass malware onto your customer’s computer.
What you don’t hear in the news is how the malware will have ripple effects on your business. Your site could start to slow down, way down. If your web hosting company finds an egregious virus, they can wall off your site from the rest of their server. Net result: your site is down until the web host can confirm the site is wiped clean. (We had this happen to a client right before the December holidays. Not fun.)
And the criminals are getting increasingly creative. Some enterprising criminals write viruses that lock down a computer or server, and then will send a lovely ransom message to the owners. This is the ordeal known as ransomware. For several thousand dollars, they are happy to unlock your server.
How to guard against malware
We can’t stress enough that naively hoping the criminals will find some other website to pick on is not the best strategy. The good news is that there are incredibly smart engineers working constantly to protect against each new attack. We’ve compiled research-based steps that small business owners can easily take to protect their online identity and assets.
While we can’t guarantee to keep every attack away, these are several steps you can take to reduce the likelihood of dealing with them.
- Be smart about your passwords. Make sure you use a very wide variety of passwords across
systems, and change them at least once a year. The best passwords are very long, are random, and have numerals, lettersand symbols. Password managers help keep this simple. - If you are on a platform that uses multi-factor authentication (i.e. you
login with a password, plus enter a confirmation code from your phone or email), activate it. It’s a pain, we know, but it’s proven to be effective. - Budget time for security. Keep your operating system up to date on your desktop and mobile phones. WordPress sites are known for being favorite targets of malware, so if you have a WordPress site, keep your Theme, Plugins
and WordPress up to date. Why? Most updates add security patches to your code that address the latest viruses out there. - Look into security options from your web host. Most companies have extra services that can add a firewall to your site, for instance. If you have an eCommerce site, WordPress or a site with heavy traffic, it could be worth the investment. Also, an SSL Certificate for encryption of passwords and other data will protect you and your clients.
- Beware of links and attachments. Keep an eye not just on emails you receive, but also anything out of the ordinary in the comment section of your blog.
- Protect your data by backing it up with a multi-tiered approach. Many platforms and software packages have automatic backups to the cloud. Security experts also recommend having a physical hard drive as a backup to your backup. This helps in the event your cloud storage gets hacked.
Finally, if your site does get compromised, react quickly and honestly.
We don’t exaggerate when we say that this happens to everyone. If it happens to you, and you think your customers are affected, let them know you addressed it as quickly as possible and what areas have been affected. Your customers will appreciate an update as soon as you realized something has happened.