CHC TALKS | RISK

What is your exposure?  Should you pay for your website’s security?

So far throughout our series we have talked about how wonderful it is to have a strong, smartly designed website and how you should embrace the digital world and invest in all kinds of digital opportunities. Just like everything else, the sun cannot always shine. So what risks are we undertaking with our online presence? What problems can we encounter? And how can people take advantage of our honest endeavours?

 

GDPR

The biggest risk to any SME currently is GDPR. At the moment it remains an understated regulation, with little to no claims being brought to fruition. If this status-quo remains – tremendous! There is little to worry about. However, this is not the approach to business that the regulators have been touting. With a fine of 4% of global turnover or £20 million (whichever is higher), it’s eye watering!

So what’s the deal? Put simply, you need to tell people what data you’re using and storing, ask for permission to use it, promise not to do anything naughty with it, keep it secure and, if they ask for it, give it to them or even delete it. If you do that, the world will remain a happy place.

Specifically, what this means is that you must have a cookie/privacy policy explaining what you use people’s data for. You must get express permission to use data, usually via a check box at the point of submission. You must do everything in your power to keep the user’s data safe (think encryption and firewalls). Lastly, you must be able to locate all the data you have on a user, provide it at request and delete it if they ask you to.

 

MALWARE

Just like your computer, a website can be infected with something like a virus. Amongst a myriad of options, hackers are prone to taking advantage of old versions of CMS applications like WordPress, Joomla and Magento. If you have one of these and it is outdated, scan your website as soon as possible!

Most of these hacks come in three forms:

Phishing (pronounced “fishing”) is most commonly associated to spam emails. The attacker will set up a page to take payments. Specifically with websites, this can be masked to look like your own checkout page or like a third party checkout page. Essentially the hacker is trying to take payments on the back of your reputation.

Viruses and malicious code attacks come in all shapes and sizes. Some will quietly sit there stealing user data and sending it back to the hacker. Others will be more obvious. Most notably, they can replace your site with their own “you’ve been hacked” page.

UI redress is very sneaky approach to hacking, the attack involves the hacker rebuilding the links in your site to go to another domain. Your site will look the same, but clicking a link will take you to the hackers intended destination.

 

PROTECTION

As frustrating as it is to have to implement and pay for these measures, there are layers of protection that you can put in place to protect your business online.

 

SSL
An SSL certificate will ensure you encrypt the transfer of data back and forth from your website hosting to the visitors computer. This will secure data that is entered on the site – such as payment details on your website’s checkout page. With GDPR putting emphasis on protecting customer data and with browsers like Google Chrome exposing unsecure sites, this will become more and more important in the near future.

 

Firewalls & CDN
A firewall is a fairly well known concept, but put simply, it is a layer of security that will allow good safe traffic to your site, and will not allow bad or automated traffic to get through. Without this, the risk is a DDOS (Distributed Denial of Service) attack. This means someone has set up a bot or script to rapidly and repeatedly load your website. The server which hosts your website, is very much like any other computer you have used. If there are too many applications running or too many actions, it will freeze or crash. The repeated requests to load your website cause the server to fail and shut down. This is a very quick and easy way to cause problems with people’s sites – and because of this, it happens quite frequently.

A CDN – or Content Delivery Network – does some handy things as well. First and foremost, it makes your website faster. Its original purpose is to reduce latency in transferring data across very large distances. We talked about this in the need for speed section of an earlier post. To remind you, it localises your website across the world – meaning Bruce in Brisbane, Australia doesn’t have to wait while your website data is transmitted from Georgia in the USA. The side effect of this, is that it becomes very difficult to find the original version of your site – and hacking something you can’t find is pretty much impossible.

 

Backups
Say you have taken all these actions, there are still some people out there that may look at your site as a challenge. If that happens and they destroy your site, the safest bet is to have a back up. If nothing else, this is cost effective, quick to implement and gives you piece of mind. Our backups occur daily, so the worst case scenario is that you lose a days work.