Updated January 1, 1 . AmFam Team
While your website is a key component of your marketing plan, it’s also a tempting target for cybercriminals intent on hijacking networks, setting up temporary web servers and stealing customer data. Fortunately, there are a few powerful — and inexpensive — things you can do to make your website hacker-proof.
Computer crime is at an all-time high, according to a recent survey from auditing giant PricewaterhouseCoopers (PwC). “We are in a cyberwar,” says Darren Guccione, co-founder and CEO of Keeper Security, which makes password management and digital vault software for businesses and individuals. Today, 90 percent of websites have security vulnerabilities, he says. While Internet security doesn’t have to be your most expensive line item, Guccione advises business owners take the following steps to button up their websites:
Protect your passwords. Weak passwords are the number one reason companies get hacked, says Guccione. Weak passwords include those that are not long enough or don’t contain enough letters, numbers and symbols. Also, hackers know something your employees and customers may not — the average user reuses the same password on multiple websites. Try having your employees use a password manager, a program that stores and encrypts passwords, he says.
Check your servers, websites and apps for vulnerabilities. If you don’t know where the holes in your Internet security are, how can you expect to keep hackers out? To make sure you have a secure website, Guccione recommends small business owners check out a cloud-based security solution provider such as Qualys to find and fix the holes in their network. “It’s a great place to go to test whether your website is protected or vulnerable,” he says.
Build or host your architecture on a sturdy foundation. “Make sure that the architecture being used to create the site is secure, world-class, highly certified, and SOC 2 compliant,” says Guccione. That means utilizing the security protocols of encryption, layering and Perfect Forward Secrecy (PFC). PFC is a encryption-based security method (Opens in a new tab) that helps to ensure all transactions sent over the internet are secure. Most major service providers fit the bill, but if you’re unsure you can test your site’s security configuration at Qualys’ SSL Labs. Without encryption, once hackers have infiltrated your system they have easy access to plain text information such as Word and Excel documents, he says.
For customer transactions, use 2-step verification, also known as two-factor website authentication. Incorporating two-factor authentication – a security method in which a user needs two forms of identification or credentials to get into the site – is a good way to make sure the people trying to access your site are customers and not thieves.
Upgrade master password requirements. The first factor is a master password to access the site. Slow down hacker’s access to the site by limiting the allowed number of login attempts a user can make to enter the site by blocking access for a period of time if that limit is met. Remember to set expiration periods for passwords as well. One important measure: be sure real users can still communicate with your staff by including a Contact Us link on the blocking page in the event that the user truly is unable to gain access.
Security via email login. The second factor could be a six-digit code, for example, which is sent to customers via text once they enter their passwords, says Guccione. “That is a very common and strong way to make sure you’re working directly with your key customers and not a hacker.”
Get certified. Security certifications from privacy management and auditing services such as TRUSTe or McAfee SECURE reassure end users, says Guccione. “You only know how good you are when you have third-party experts cracking through security weaknesses and auditing security architectures.”
If you are hacked, Guccione urges patience. Consumers today are very forgiving, he says, but you need to give people a reason to trust you moving forward. You do that by letting them know you will be using a better, more secure solution in the future. “That’s how you build and secure trust,” he says.
Now that you’ve got a better idea on how to improve security on your company website, take time to review your business policy. Contact your American Family Insurance agent (Opens in a new tab) today and discuss any adjustments made to your business in recent months — like upgraded online security software. Your agent will help you make the most of your coverage, and you’re going to feel great knowing that your website, and your investments are better protected.