For most business owners, your website is a customer’s first touchpoint with your brand, so keeping it secure must be a priority. However, security best practices are not always top of mind during day-to-day decision-making and budgeting process.
By Neill Feather
Now that summer is upon us, small businesses have the perfect opportunity to revisit and reset their website security initiatives. Taking the seasonal opportunity for a summercleaning of your website security should be on every business owner’s radar.
Summer clean to protect your business
A cyberattack can be devastating for a small business, so auditing your website’s security measures is vital. Although it requires sufficient resources and knowledge to keep your security strategy up to date, it’s imperative that businesses make the investment. According to Ponemon Institute, cyberattacks cost SMBs an average of $1,207,965 in the year following a breach.
While the coming season makes for a good excuse to revamp your site’s security strategy, SMBs should prioritize website maintenance and security audits at least once each quarter. The average website experienced 44 attacks per day in Q4 2017, so while this maintenance can seem tedious for a busy business owner, it’s vital to keep your security efforts updated and running efficiently.
Where to focus your efforts
When summer cleaning your website security strategy, the goal should be to cover all bases. A good place to start is with the following basic practices:
- Update user permissions list: Reviewing the list of all users with website editing privileges should be one of the first tasks on your summer cleaning list. It’s likely that list contains users who no longer need access, such as contract workers or former employees. As a best practice, always remove any unnecessary editors to ensure that only relevant and authorized employees can access website controls. Regularly updating this list should become a standard practice.
- Automate patching updates: Patching is a golden rule in the website security realm. However, many small business leaders struggle to keep up with patching updates, leaving content management systems (CMS) and other tools vulnerable to attack. Last year, 55 percent of infected WordPress sites were not running the most up-to-date and patched version of the CMS.
The easiest way to avoid the nightmarish situation of a compromised site is to automate your patching updates. By working with an outside security expert or implementing a dedicated security solution, small business owners can make sure patches are never missed.
- Remove obsolete data and applications: Data and applications that are no longer needed can present a significant website security risk to small businesses. If this information were compromised by cybercriminals, they could use it maliciously against you or your customers, so it’s best destroyed. For example, if you decide to switch your email newsletter platform, be sure to remove its plugin from your site. Allowing it to sit unused and fall behind on updates puts loyal customer data at risk.
Some industries and companies have regulations or policies requiring data be retained or archived, so be sure to confirm that it is within company policy or government regulations to delete any data or information before doing so.
Small business owners already have a lot on their plate. Too often, website security doesn’t make the to-do list. Unfortunately, a security breach could spell major trouble in terms of lost revenue or reputation damage, so frequent cleaning of your website security must become a standard practice. Creating and adhering to a website security maintenance plan will ensure that your site is secure while supporting your brand value and overall business success. What better time to get started than this summer?
Neill Feather is the president and CEO at SiteLock, the leading provider of website security solutions for business.