By Ben Wilson
The intensity and sophistication of cyber-attacks are making it increasingly difficult for small businesses to protect sensitive information online. By implementing the simple steps below, small business owners can build trust and loyalty by ensuring their website is safe for customers to visit, search, enter personal information or complete a transaction.
1. Create unbreakable passwords – Strong passwords are essential on any account related to your online presence (domain registrar, hosting account, SSL provider, social media, PayPal, etc.). Brute-force attacks where a computer is used to rapidly guess your password are surprisingly common and effective. To prevent your business accounts from being hijacked, we recommend that you use a password generator to create strong passwords and a password safe to store them. Many services now also offer a two-factor authentication option and we recommend that you take advantage of this whenever possible.
2. Consider an SSL certificate – In today’s world of ecommerce, consumers need to have trust in your brand and your authenticity. If you’re a small business and don’t have the brand identity that your larger competitors enjoy, verifying your identity and trustworthiness with an SSL certificate can make a major difference in your online success. Extended Validation certificates enhance the assurance provided to your customers by displaying your company name in green in their browser’s address bar. Even if your website doesn’t do ecommerce or collect private information, you should consider an SSL certificate to authenticate your business to visitors.
3. Regularly scan your website for vulnerabilities and malware – It’s common for sites to become infected the same way that your PC can. When this happens, the website might load slowly, display unwanted advertisements and infect your customer’s computers with more malware. Just as you should run a virus scanner on your PC, it’s a good practice to monitor your site for problems. There are many vendors that will do this automatically and alert you if they find a problem.
4. Don’t forget updates and patches – Make sure that someone is regularly patching your website. This is especially important if your site is built using popular software like WordPress or Zen Cart. This software is constantly being updated to address security problems, but those updates must be installed on your website, just like installing the latest Windows Updates on your PC. We recommend that you check with your hosting provider or site designer to find out if they are updating your website’s software on a regular basis.
5. Maintain control – Make sure that you have control over your domain name, SSL certificate and website. It’s all too common for business owners to hire someone to build their website, and leave that person as the only one with access to the SSL, domain name and hosting account. When these services come up for renewal or need to be changed, you can run into big problems if you can’t reach the person who originally built the site. We recommend you make sure that someone at your organization is also listed as a contact on these accounts so that you will still be able to maintain continuity with and otherwise manage your certificate, domain name, and hosting account.
Ben Wilson is General Counsel and Senior VP of Industry Relations at DigiCert on behalf of the Certificate Authority Security Council (CASC). Wilson oversees DigiCert’s legal department and industry relations efforts. In addition to his role at DigiCert, Wilson is also a member of the CASC, an advocacy group comprised of leading global Certificate Authorities that are committed to the exploration and promotion of best practices that advance trusted SSL deployment and CA operations as well as the security of the Internet in general. You can visit the CASC website here: https://casecurity.org/
