Depending on how integral a website is to a business, having it hacked can have serious implications. On the severe end of the scale the impact can be almost unimaginable. When Yahoo was hacked in 2014, every single user account was breached. The impact to Yahoo’s market value was devastating!
Most business aren’t on the same level as an Internet giant, but a security threats can still impact the bottom line. If your site is hacked, a lot of damage can happen:
- Users cannot access your site.
- You and your user’s data will be compromised.
- Your brand’s reputation, trust and authority will be affected.
- Organic ranking and traffic to your site can decline.
Critical Steps for Website Security
1. Keep Security at the Forefront of Your Organizational Strategy
Keeping your website secure should be of the highest priority for any organization with a website that is a key part of their business strategy. Ensure that everyone who works on your site – developers, marketers, SEO professionals, etc. – understands the importance of security. You can learn more from our recent article about the fundamentals of information security.
2. Invest in Security Software and Keep it Updated
It may seem obvious, but it is vital to ensure all software is up to date. Typically this falls under the responsibility of an organization’s IT team. If the website is hosted on a managed solution then there will be less for your organization to do as the hosting company will be applying security updates for the operating systems. If your website is using third-party software such as a CMS, you should ensure you are quick to apply any updated security patches. Most third-party vendors will have a mailing list or RSS feed detailing any website security issues. For example, you can sign up for the Drupal security mailing list here.
3. Back up Your Site Regularly
Maintaining regular backups of your website is is one of the most effective ways to recovering your site is something goes wrong. A backup of your website is also very useful if there are problems when updates go wrong.
4. Sign up to the Google Search Console
Verifying ownership of your site in the Google Search Console is a critical step for SEO. This step also ensures that you receive critical notifications from Google such as, vulnerabilities and hacking warnings. According to the Google’s Webmaster Guidelines, a hacked website is one of the reasons they may take manual action against a website. Paying close attention and staying on top any infractions is important to ensure that Google doesn’t penalize your site.
A Quick Word About HTTPS
In a nutshell, HTTPS is a protocol used to provide security over the Internet. It is related to, but different from securing your website from intrusion. HTTPS guarantees users that they're interacting or sharing information with the website they expect to, and that nobody else can intercept or change the content they're seeing in transit.
If you have anything that your users might want private, it's highly advisable to use only HTTPS to deliver it. That of course means credit card and login credentials. A login form will often set a cookie for example, which is sent with every other request to your site that a logged in user makes, and is used to authenticate those requests. An attacker stealing this would be able to perfectly imitate a user and take over their login session. To defeat these kind of attacks, you almost always want to use HTTPS for your entire site.
Google urges using HTTPS everywhere, but if you have limitations, then use it on sensitive data at the very least.
Main photo by Jason Blackeye on Unsplash