Security

Website cyber risks small businesses must be aware of in 2023

How secure is your website against hacking and cyberattacks? How long has it been since you had a website upgrade or risk audit?

The start of each year is the most dangerous time for hacking as shown in Google. In December there were 16.7 million searches on “‘How to hack a WordPress website” and 1.5 million searches on “How to clean a hacked WordPress website”.

WordPress makes up 83 per cent of all Australian websites using open-source technologies, so the risks for small businesses can be a ticking time bomb.

Cyber attacks and hacking of major organisations (Optus, Medibank and now online password manager LastPass etc) are financially motivated and often with malicious geopolitical intent.

Yet, when it comes to small-business websites, as reported in WPHackedHelp, most hackers admit they hack for the challenge and even to just have fun. 

Warning risk bells

• Your domain URL, or a page within your website is redirected to another URL. Or worse, your website homepage has been defaced.
• You are unable to log in to the dashboard. 
• Users see a red warning screen notifying them that malicious content has been added to your website
• A sudden unrealistic drop in traffic
• Your hosting provider has shut you down due to suspicious activity

Tips to protect your WordPress website

1. Monthly maintenance plan

The main reason WordPress sites stop working or get hacked is due to a lack of regular professional maintenance and updates of plugins and themes to patch vulnerabilities. 

Global reports indicate that 61 per cent of WordPress sites are infected and at risk because they are outdated. There is no value in assuming all is fine as I have seen many sites broken down and hacked due to a lack of maintenance for many years.  The impact can be catastrophic.

2. Secure username

If you created your WordPress platform or had a developer create your website and use admin as the WordPress username, change it immediately.  

3. Review and update passwords

Over eight per cent of WordPress websites are hacked due to weak passwords. You must include updating and testing your passwords in your overall cyber protection plan.

And don’t just focus on your website but consider updating your hosting and email accounts on a regular basis.

4. Ensure added security

Good hosting providers will supply and add SSL immediately. This is essential security.

However, if they don’t, the obvious sign on an unsecured website will not display an ‘https’ or the lock next to the URL in your browser.  

You need to add extra security to monitor your website for hacking. Adding 2-factor authentication will provide additional login security.

5. Review your website hosting provider

A cheap domain and hosting provider might be easy on the budget, but it can be a risk that can cause financial loss later on.

If you haven’t reviewed your hosting provider or don’t know who it is or where it’s based without asking your web developer, you may be putting your business at risk.

When reviewing your hosting provider it is essential to be clear on your requirements. Some things to consider include”

• reputation and reliability
• support
• uptime
• management
• speed and performance
• client feedback
• your own testing.

As an owned media asset, your website is a critical marketing tool. Prevention of risk is better than a cure as you want to focus on delivering what your website offers to your clients in 2023. 

The story was originally published on Inside Small Business.