Donna Warner
- Mar 1, 2021
- 6 min read
Don’t Let Your Company Website Get Hacked: 5 Easy Fixes
Today our Websites are our “Store Windows” and “Phone Book Entry’s” – the direct entry to our services, revenue and reputation. Websites are the first thing that any potential client or partner or competitor go to – to see if your business is real, worthwhile and has anything to offer. And for many of us, they are how we attract and sell to customers or array our service offerings – whether we are selling professional services or product lines or memberships.
In Australia and globally it is the face of our business or organisation and if it were corrupted or down for days, our operations and revenue would be immediately impacted.
Whether you need your site to ensure you can make sales to customers or simply as a way to communicate with clients, many businesses in Australia would be lost without an online presence.
If you're with the vast majority of businesses in Australia that would be severely impacted if you were to lose your website for just a day or two, then it's high time you started thinking about your website's security. While there are plenty of long-term fixes you can (and should) make, below are options that you can implement within the next week. So as you would not leave your store door open, nor allow your competitor to write your advertising, start to protect your website according to what it does for you and your clients, customers or members:
Installing HTTPS
Making sure that your website loads as HTTPS rather than the older HTTP is one of the easiest ways to improve the security of your site.
HTTPS makes it harder for hackers to steal information from your site and your customers, such as credit card details, which adds a level of trust. Websites that have HTTPS on their site are generally highlighted in browsers with a padlock, which makes them easily identifiable.
HTTPS can be added through your web hosting with just a few clicks. Depending on your hosting provider, this may be a free service or it could have a small annual fee attached.
Continuous website monitoring
In most cases, hackers will test a website's security before launching a full-scale attack and, if you know what to look for, these tests are easily identifiable. Once you know that people are probing your site, you can make sure that all your defences are fully optimised.
One of the quickest and easiest ways to monitor your site is with services like CloudFlare, CheckPoint, Trusted Knight, or Imperva. Each service has a host of benefits – they stop malicious bots, mitigate DDoS attacks and warn you when something is out of place.
There are different levels of protection available depending on your needs, but prices start at $20 a month – a drop in the ocean compared to what could be lost without it.
Keeping websites updated
All websites are built differently, but many have the same security flaws: outdated plugins and themes.
This is particularly true of sites built on WordPress, which is by far the most popular CMS in use today. The open source nature of WordPress means there are often vulnerabilities in the code.
These often get spotted and fixed, but unless you regularly update all aspects of your site, you'll be a sitting duck for hackers.
Financial transaction protection
While HTTPS goes a long way to protecting customers online, there are malware types that can bypass this. To truly protect your clients' financial data, you might want to go a step further and implement financial transaction protection.
One example of this is Trusted Knight's Protector Air. This does multiple things to improve upon existing HTTPS systems: all web page requests are run through Protector Air and inspected for threats, malware is neutralised, data is encrypted and malicious scripts are neutralised. Imperva also offers a similar service.
Use password managers
Many people use the same password for multiple sites. While this makes it a lot easier to remember how to log in, it does have security risks.
The most obvious is that if another site is hacked and an email address and password combo is found for someone who has access to your site, the hackers can get into your files and data with that information.
Encouraging your team to use diverse passwords – which is made a lot easier with a password manager like LastPass, Roboform, or Thycotic – makes your whole network a lot safer. To further simplify the process, most password managers will generate unique passwords for you.
Website Security Services:
Website Security services help protect your brand reputation, your data, and your customers’ data from exploitation. Being a small business doesn’t make you safe from being targeted by criminals online. Cyber criminals will take advantage of any opportunity to steal data. They exploit insecure websites to perpetrate attacks, possibly resulting in costly cleanup efforts. Website security is a way to ensure your website’s data is safe from cyber criminals.
~
Inside Small Business recently published an article on risks from cybercrime, with Terry providing insights on ways to protect yourself from cyberthreats while working remotely.
~
Whitehawk has had an exciting fourth quarter in 2020. Read about following company highlights and more in their latest report.
- WhiteHawk invoiced US$2.1M, recognising US$1.9M accrued revenue for 2020, doubling revenue for 2019. Revenue components are WhiteHawk's Cyber Risk Radar, formerly 360 Framework, accounted for US$633K, US$400K Cyber Risk Program, US$30K Lead Generation revenue and US $818K in government contracting.
- Executed on Phase 2 of current contract with U.S. Department of Homeland Security (DHS) CISA QSMO Cybersecurity Marketplace, as sub-contractor to Guidehouse (formerly PWC Federal), for US$1.5 to US$1.8M Fiscal Year 2021, starting October 2020.
- Executing on the first sole-source Prime U.S. Federal Government CISO Cyber Risk Radar contract for base year and 4 option years, not to exceed US$1.18M per year with US$580K invoiced in five months of 2020.
- Executing next phase of and scoping 2021 Cyber Risk Program US$400K contract via a Global Consulting Firm in direct support of a Global Manufacturer, including: advanced risk validation by Red-Team, prioritisation and mapping to Company risk priorities and how to best mitigate top risks in 2021 via innovative best practices and solution options from our portfolio of almost 200 best of breed solution partners.
COVID-19 Impact Update:
- No delays in product line development, execution and client delivery
- Pivoted sales focus back to Defence Industrial Base and Government Contracting
- Able to hire top talent to meet current contract requirements and work and collaborate virtually.
- Continue to experience contract scoping and completion delays of 60 to 90 days, with government and industry procurement teams.
WhiteHawk finishes 2020 with a cash position of US$2.4M and no debt.
WhiteHawk is strategically positioned for continued growth in 2021.
WhiteHawk (ASX: WHK) the first online Cybersecurity Exchange, based on a platform architecture that is Artificial Intelligence (AI)-driven, with a focus on identifying, prioritising, and mitigating cyber risks for businesses of all sizes. Whitehawk's focus is on next-generation approaches that leverage publicly available data sets, Artificial Intelligence (AI) based analytics, online risk platforms that scale to identify, prioritise and mitigate a breadth of digital age risks in near real-time. Their methods have been tested and evolved with government departments and fortune 500 companies.
Using machine learning and cyber know any business can access their online and virtual service, to help you discover, learn, receive immediate online matches to top solutions, find insights, affordable vendor products and services, or chat with smart cyber advisors in real-time, so you can own your cyber risk and success story.
Terry Roberts is former Deputy Director of US Naval Intelligence and CEO/Founder of ASX-listed cyber security firm WhiteHawk (WHK).
Terry Roberts is available for an interview. Contact Donna Warner, Barclay Pearce’s Chief Marketing Officer: donna@barclaypearce.com.au
To keep up to date with what's happening with WhiteHawk and the cybersecurity industry as a whole, subscribe to the Whitehawk Chairman’s List.
Share Link