How To Protect Your SMB Website


By Ed Giaquinto, CIO, Sectigo

How often do you think about the security of your website? Your organization is small enough that hackers won’t take aim. …right? Wrong! Lack of attention to web security is the quickest path to become a hacker’s next victim.

Danger Ahead: Widespread Web Security Negligence

Nearly half (48%) of SMB leaders think that their organization is too small or unimportant for hackers to notice. The harsh reality is that any website or cloud-based system can be a target.

The consequences of a website attack can be severe. SMBs are at risk of losing revenue, customers, productivity, search engine rankings, intellectual property, and reputation. Sixty percent of SMB website attacks resulted in site outages, and more than a third incurred revenue loss.

So, What Should You Do?

1. Keep Your Security Tech Updated

When choosing a tech stack for your SMB website, it is imperative that it gets proactively updated and patched to expose and ward off vulnerabilities before they can be exploited by cybercriminals. It is critical to keep the core site version and any plugins updated with the latest revision in real time. Pay extra attention to areas on your site that request user input, such as registration forms, where many attacks occur.

2. Proactively Detect Malware and Vulnerabilities

It is surprisingly common for website owners to have malicious code working silently in the background without the owner’s knowledge or causing any visible malfunction. Utilizing an automated vulnerability scanner that will continuously scan for vulnerabilities on your website is an essential security measure these days. Vulnerability scanners will scan web applications for security problems such as cross-site scripting (XSS), SQL injection, and cross-site request forgery (CSRF). More advanced scanners deliver more robust techniques that delve further into the web application and can then automatically and safely remove malicious code from legitimate files without compromising their functionality.

3. Tool Up to Remove Discovered Threats

You or your website manager found a vulnerability in your MySQL database, website files, or another core component of the site. Now remove it.

Your website admins rely on remediation software that can immediately remove active vulnerabilities without disruption. Make sure you choose a tool that prioritizes business continuity in the event of needing to remove a discovered threat.

4. Consistently Perform Backups

If your website succumbs to a cyberattack, your site backups are your insurance policy and the key to your recovery plan. Version control software is widely available, and many hosting services have plans that periodically perform database backups and snapshots. Effective backup and restore tools are critical to any connected business to reconstruct lost information quickly.

5. Show Visitors That Your Site Is Secure

Your website visitors need to be confident that they are on your secure website. Digital certificates (visible as a padlock in many browsers) help visitors know that the personal information they enter is being shared with a verified site.

The rise of security automation has made it considerably easier to issue, renew, and maintain TLS/SSL certificates, meaning that small businesses can enjoy the benefits of identity security with minimal management. It’s wise to upgrade from a Domain Validated (DV) to an Extended Validation (EV) certificate, for web pages that collect sensitive personal data or financial information, in order to provide the highest level of trust available.

Don’t Be a Cyber Victim

It’s critical to protect your organization by keeping your tech updated, proactively detecting malware and vulnerabilities, tooling up to remove threats, performing backups, and automating TLS/SSL Certificates.

While cyberattacks may never end, there are many resources and technologies available so you can be prepared for anything. The Internet is ever-evolving, so should your organization’s website security should as well.

Ed Giaquinto is CIO at Sectigo, a global provider of digital identity management and web security solutions.


About Author

Comments are closed.