When we speak to small business owners, they tell us lots of reasons why website security isn’t top of mind for them.
“Our site is small….We’re not a high profile target….We’re not doing e-commerce…”
And often, “Why worry about a cyberattack that will probably never happen?”
We don’t want to be prophets of doom. But we think it’s important to get the facts out about website security and to debunk some common misconceptions about the topic.
Consider the following Myths and Realities about website security:
Myth #1: Cyber attacks mainly happen to websites of large, prominent brands
Reality: As large companies invest money and staff time to protect their digital assets, cyber criminals look for opportunities among small or medium businesses that may be less well protected.
Additionally, automated “bots” that scout for website vulnerabilities will find security holes, regardless of the size of the company. In fact, one study reported that The average small business website is attacked 44 times per day”
Myth #2: My customers won’t know if my website is secure or not; security is all “behind the scenes”.
Reality: Cybersecurity has become such a big issue that customers now look for signs of a secure website. For example, they will note whether your URL is displayed with the familiar “https” designation with a small padlock symbol next to that, indicating a secure site. If your site lacks those elements, customers will take note.
Additionally, some web browsers explicitly warn customers about unsecured websites. The Chrome browser, for example, displays a red “Not secure” warning next to the URL of any unsecured website. Once your customers realize that your site is not secure, they are unlikely to hang around very long.
Myth #3: Search engine rankings are based on my website’s content, not on its security.
Reality: Google and other search engines continuously update the algorithms that determine where different websites rank in search results and the security status of a website has become an important contributing factor to these formulas.
Further, if a website has been hacked it may be “black listed” by one or more search engines, effectively rendering the site “invisible” until the damage has been repaired and the site is removed from the black list. When it comes to search engine rankings, content is critical and security is an important factor as well.
Myth #4: If my website gets hacked, it will only be a temporary inconvenience.
Reality: As noted above, a website security breach can have long-lasting effects. You will likely have to spend a significant amount of time and money fixing whatever damage has been done
In addition to having your website black-listed, you may also suffer reputational damage and loss of revenue when your customers see that your site is down and learn that there has been an online security breach. It could take significant time and effort to restore your customers’ confidence and trust in your online presence.
Myth #5: If my website gets hacked, it won’t affect any of my other IT systems.
Reality: Cyber criminals know how to use a foothold into one system to invade other sytems as well. For example, if your email system is tied to your website domain name then a breach to your website could evolve into a breach to your email system as well. The same holds true for any of your other critical systems (such as inventory, payment processing, etc.) that may be tied to your website. A hacker may use your website as the “front door” of your IT infrastructure and continue on to breach other critical “back end” systems in your organization.
We hope these examples have convinced you that security is essential for all websites, no matter how simple or complex, or how large or small. When you commission a new site or refresh your existing one, make sure that security is on your list of requirements, right along with design, branding and messaging.
Website security is an investment that pays great dividends in terms of protection for your site, your reputation, your customers’ trust and, of course, your revenue.
We would be happy to answer any questions you have about website security. And let us know if you would like to schedule a complimentary security assessment of your current website.