123 Reg logo Blog

Swift 6: Ways to protect your business website from hackers

By Nick Leech - October 14, 2017

In this week’s Swift 6, I’ll be looking at an issue that’s vital for businesses to get their heads around. But it’s something so many people leave to chance. You don’t have to be an IT expert to take some basic steps to make your website more secure. In this guide, I’ll take you through six simple ways to protect your business website. As always, my script for the video is below if you’d rather read that. And then if you’ve got any questions, feel free to fire them over to @123reg on Twitter and we’ll get back to you.

Oh. And here’s that guide to getting started with SSLs and HTTPs I promise in the video.

1 – Use a long, complicated password
If someone can guess your password easily, you’re putting your whole business at risk. Passwords like “password123” just aren’t secure enough.Make your passwords at least eight characters long. The longer a password is, the harder it is for someone to guess it.

You should also use a mix of upper and lowercase letters, numbers and special characters such as exclamation marks, percentage signs and so on.

Finally, avoid using important dates or the names of your loved ones. Why? Well, this is exactly the kind of information that’s on your social networking profiles. So all it could take for someone to guess your password is a quick browse of your Facebook page.

If you’re struggling to remember long, complicated passwords, try a password storage service like Last Pass.

2 – Limit user access

No one should have access to your website if they don’t need it.

There are two problems with letting just anyone have access to your site.

The first is that anyone with full access to your website can make any changes they want. If you give someone access to your site and then fall out with them, they can make things very difficult for you.

The second problem is that the more accounts you have, the more accounts there are for hackers to hack.
To tackle these problems, make sure you only give access to people you trust fully. And then, when they don’t need access anymore, remove their access. That means either changing the password if they were just using your account, or deleting their account if they had their own.

It’s also important to avoid giving people full access to your website if they don’t need it. For example, you’ve got someone writing blogs for your site it’s best to make sure that’s the only thing they can do. This is really easy to do if your site was built using WordPress.

Finally, just be careful with your login details. Treat them like you would a PIN number. That means don’t write them down and leave them lying around!

3 – Update all your software

Another dead easy one, but one that so many people let slip.

When a security flaw is detect in a programme or an app, the software company that made it will issue an update that solves the problem.

But if you don’t install the update, then you’re still vulnerable to the security flaw.

So if you’re using third-party software such as WordPress, or an ecommerce package on your website, then update it as soon as an update has been released.

And don’t forget to keep software on your computer updated too. That way, you reduce the chances of someone discovering your website login details by hacking your computer.

4 – Use HTTPS

HTTPS has long been a must have for any websites that take payment details. But really, these days it’s a must-have for almost every kind of site.

Essentially, HTTPS encrypts data when it travels between your web server and the person accessing your website.

This makes it harder for a hacker to access sensitive data such as account details. I’ll link to details about how to get HTTPS on your site in the little blurb above this video.

5 – Don’t get phished

No one ever thinks it’ll happen to them, but with thousands of phishing attacks launched every day, it pays to remain vigilant.

No matter how strong your website security is, if you fall for a phishing attack and give your username and password away it will all have been for nothing.

There are some really easy ways to spot phishing emails. They’ll usually have very poor spelling and grammar, so look out for that.

You should also hover your mouse over any link in the email and look at the website address that appears in the grey box in the bottom left hand corner of your browser. If it doesn’t match the link in the email, then that’s a huge red flag.

Another warning sign is a request for personal information. Reputable organisation will never ask for information in this way.

Finally, never download an attachment if it’s a) from someone you don’t know or b) you weren’t expecting it.

Getting phished can be an absolute nightmare, so it pays to be extra cautious. If you’re suspicious about an email, visit the company’s website, contact them via there official email address or on the phone and ask if that email you’ve received is legit.