4 Website Security Tips For SMEs
October 17, 2017 No CommentsFeatured article by Gary Stevens, IT Analyst
Small business owners generally don’t take internet security that seriously. I understand, of course: a lot of SMEs are so focused on their day-to-day business that they have no extra time to worry about the complexities of website security.
There are other problems, however. A lot of small businesses simply think that they have nothing worth stealing, and that they are too small to ever be the target of a cyber-attack. I shouldn’t have to tell you that this is a mistake, but I will.
Bear in mind that website security is about a lot more than just preventing cyber attacks. A properly thought-through security system will also prevent a lot of everyday problems that can cost a significant amount of money. Research on the financial impact of downtime suggests that your website being down for even an hour can end up costing you a lot.
Today, I’ll take you through 4 ways to improve security on your website. None of them will take up that much time, and ultimately could end up saving your company from experiencing downtime, having your data stolen, or worse.
1. The Basics
If you remember when the internet was new, you probably also remember how careful we were in those days about passwords. Nowadays, with so many passwords to remember for so many different systems, we’ve all got a bit lazy.
It may seem strange to mention this here, because using strong passwords is such an obvious way of improving security, but a lot of SMEs have stopped paying attention to this kind of basic security. If you haven’t changed your passwords in a while, or have the same password for a lot of your systems, change them now.
2. Keep Your Systems Updated
Again, a pretty basic step, but an important one. As security experts told the Telegraph recently, hackers never stop innovating, but a lot of SMEs are still using security tools from 10 years ago. Updating these systems need not involve spending a lot of money on security consulting, but merely a few hours spent researching new solutions.
It’s also important to realize that a lot of standard systems, such as Windows, have a lot of security features built in, but also that these are next useless unless they are updated. If you see one of your employees click that “remind me later” button, be concerned.
3. Train Your Staff
This leads onto my next point. A lot of security breaches are actually caused by poor staff practices. Most of the time, vulnerabilities creep into systems because staff take shortcuts that improve their speed and productivity. This is great, but if it comes at the cost of making your systems unsafe, should be highly discouraged.
The key, here, is staff training. Even staff who have been working with computers for years are sometimes unaware of practices that might are second nature to you. Again, implementing staff training need not be expensive – you probably already have a member of your team who is more tech-savvy than most, and organising short peer training sessions is often enough to improve your overall security.
4. Look At Your Infrastructure
If you really want to take security seriously, you need to look at the infrastructure your are using. While this may sound complicated, it’s not. It merely requires the realization that every system you use can introduce vulnerabilities into your IT, and that you therefore need to look at some basic systems that you may have forgotten about.
Of particular note here is your web hosting provider. If you’re business has been going for a few years, perhaps you’ve even forgotten who that is! However, be aware that not all web hosts are equal, and research suggests that your choice of web host can have a huge impact on the security of your website.
5. Create A Secure Environment
I know, I know, I said there would be only 4 tips! However, creating an environment in which security is taken seriously should be your ultimate aim, and is the most important part of any security strategy. As Jennifer Shiels, a member of the UK Home Office’s Cyber Aware Campaign, recently told the Telegraph, “protective behaviours should be as second nature as locking front doors”.
What this means in practice is making sure that all of your staff take internet security as seriously as you do.
Gary Stevens is an IT analyst working the DC area. He’s a part time blogger and blockchain enthusiast.