Protect your website

We regularly get reports of websites that have been compromised due to business owners skipping a few simple steps. As with many cyber security issues, taking some basic measures will keep your website a whole lot safer.

Secure the data across your website

Your customers trust you to keep their information, and the communication you have with them, safe. An easy way to give your website added security and privacy is to enable HTTPS. HTTPS keeps the information transferred between you and your customers confidential by encrypting it. Encryption means that only the person using your website can see the information that’s being shared, and no one else along the way. This stops attackers from getting the login details or credit card information customers submit on your site.

To protect your customers’ information, HTTPS should be enabled across your entire website, including on:

  • content pages
  • the content management system (CMS) where you update your website
  • the control panel (where you login)
  • forms, particularly those collecting customers’ personal information. 

Google Chrome adds ‘not secure’ at the top of the browser on any page that is not using HTTPS.

Benefits of using HTTPS across your website

Update software and devices

Running a business is hectic. There’s so much to remember and keep track of – from payroll to sales and purchase transactions and stock control. Give yourself one less thing to think about by automating as many tasks as you can, including updates.

Updates not only add new features, they fix issues or vulnerabilities that allow attackers to get your information. Most software companies work hard to make sure security holes are fixed in each software update.

As the business owner, it’s your responsibility to make sure your website’s software is updated and any security patches are applied. This includes things like plugins on your content management system and your web server. 

Keep up with your updates

Get PCI DSS compliant

Whether you’ve had a website for a while and would now like to accept payments online, or you’re starting out with a new e-commerce site, there are important security requirements to consider.

The Payment Card Industry Data Security Standard (PCI DSS) helps ensure online transactions on your website are safe and secure, and that your customers’ card data is protected from attackers. This standard enforces security best practices that you can also apply to the rest of your business. By being PCI DSS compliant you’re well-placed to avoid a security breach that can result loss of revenue, customer trust and reputation.

Most banks require PCI DSS compliance when accepting online payments, so talk to yours about what’s involved. 

Renew your domain

If your domain were to expire it would be possible for an attacker to claim it and set up their own scam website selling fake goods or serving malware using your business’ name.

Ask your domain provider about auto-renewing your domain.

Use a strong and unique login password 

Logins are a particular point of vulnerability for any website. Create a long and strong login password for your website that is different from any used for other services. We recommend a passphrase of four or more words that are not based on any personal information.

Creating good passwords

Turn on two-factor authentication

Any systems you can login to over the internet are susceptible to attack. We strongly recommend adding two-factor authentication (2FA) to your website. That way, an attacker would need your 2FA code  as well as your password  to access your site.

Implementing 2FA

Back your website up regularly

Even with the best laid plans, things can go wrong. Having a recent backup means you can restore your data quickly and easily if it’s lost, leaked or stolen, and get back up and running again.

You’ll thank yourself for having a recent back up should any of these scenarios occur:

  • your web server gets hit with ransomware and stops responding
  • your website’s compromised by another sort of online attack
  • you accidentally delete a section.

Backups are most useful if they’re recent and cover both the pages themselves and any data your website holds, like customer databases. Ensure you or your provider set your backups to take place automatically. It’s preferable to make a couple of copies and store them in different, secure (but easily accessible) places. That way, if one backup is compromised, you have a spare.

Backing up your website

Review your website regularly

It seems pretty obvious, but one of the best ways to keep your website safe is to keep an eye on it. The more familiar you are with your website, the more likely you are to spot something that’s out of place. Look out for such things as:

  • the appearance of unfamiliar or unusual content – it might mean someone else has access to your site and is using it to host bad content
  • an unexpected drop off in online sales – it could mean someone has gained access and modified your website to make payments go to their account.
Visit CERT NZ for more information. 
Visit ACSC for more information.