Don’t let a hacked website compromise your business. In today’s article, we’ll give you our top 5 tips for preventing malware infection.
A hacked website is a serious issue for any business. You can:
- Lose revenue while the website is down
- Be punished by Google in the search engine rankings
- Lose credibility in the eyes of your customers
- Have your (or your client’s) data stolen
So here are our 5 top tips for keeping your website clean, safe and running smoothly.
1. Monitor Site Health
Keeping your website up and running is largely a question of following sound security protocols.
A good place to start is simply to do a Google search for “site:your_site” (replacing “your_site” with the address of your website*). Have a quick look to see if someone has sneaked any pages onto your website.
Searching for your business name will also show if Google has noticed anything insecure about your site. If so, they will display a warning:
- Next to search results for your website
- As a pop-up in your browser just before you land on the site
You should also check the Search Console dashboard for your website. Google will let you know here if they’ve detected malware. A useful trick is to make sure that Search Console messages are automatically forwarded to your email account.
* So we would search for: site:keybusinessmarketing.co.uk
2. Choose (And Maintain) Strong Passwords
The Google page about passwords is very thorough, so we’ll just summarise their advice here.
A strong password is the first step to keeping you personal information safe and preventing hackers from getting into your website. It should:
- Be long rather than short
- Contain lots of numbers, punctuation marks and symbols (not just letters)
- Avoid having obvious words like “password” in it
- Not have any “dates” as numbers (especially birth dates)
- Not be able to be guessed from looking at your social media (no pets’ names!)
- Be different from all of your other passwords
If you’re finding that it’s hard to remember all your different passwords, consider using a dedicated password manager like KeePass. this will keep all your passwords together in one place and is “encrypted using the most secure encryption algorithms in the world (AES-256, ChaCha20 and Twofish)”.
3. Be Careful Of Third Party Services
A lot of the time, malware is sneaked in “through the back door” via third-party content. This can include:
- Applications (apps)
- Ad networks
It’s extremely important to do your due diligence before you add anything to your website. Initial checks could be:
- Is it from a reputable source (lots of positive reviews)?
- Do they have a website with support?
- Have other webmasters or web builders used the product?
Your hosting company can be helpful here. See if they have a list of approved apps. Or maybe there is a chat function where you can ask if a particular app or widget is suitable and safe.
4. Get SSL/HTTPS Compliant
SSL (Secure Sockets Layer) is a way for computers to share information without being vulnerable to hackers. It’s become the standard, best-practice protocol for the modern web.
Using SSL will go some way to preventing a hacked website. It will certainly help keep your data safe. And if you are an e-commerce site (or require a large amount of customer data) it’s imperative to be SSL compliant.
As an added bonus, you’ll be able to use the HTTPS prefix to your website. You’ll see that the full address for this page is: https://www.keybusiness…
This tells Google (and your visitors) that their data is safe. It’s great for SEO and great for your reputation. In fact, websites using the old HTTP prefix are now frequently displayed along with a warning message.
We wrote a whole article on this subject if you’d like to go a bit deeper – Do I Need An SSL Certificate?
5. Human Factors
Cyber security isn’t just a matter of apps, widgets and firewalls. A sloppy employee (or even a vengeful ex-employee) can compromise your website just as easily as a weak password.
The most important step is to only allow staff access to the bare minimum on the website. If your writers upload their own blogs, but aren’t responsible for settings or account management, restrict their access to the CMS.
Make sure employees don’t allow viruses to get onto your system by accessing dubious websites. Consider a service which automatically blocks access to any sites with adult or spammy content.
Above all, make sure you and all your team understand the basics of proper cyber security.
If you’d like to learn more about our services, including our website maintenance packages, please get in touch.