Here’s what small and midsize businesses should consider when they decide it’s time to up their website security.
SMB Websites- Too often small and midsize business (SMBs) run websites that aren’t secure or even have the basics, such as SSL encryption technology or a Web application firewall.
It’s understandable: SMB owners are typically very busy and wear many hats. Few have an IT person on staff, let alone a professional security person. Yet few can do security on their own.
What’s an SMB to do? Turning to the site’s Web hosting provider to find out what security features it offers is a good start. Getting recommendations for and then interviewing at least two or three other specialty security providers would be the next steps for an SMB to determine whether a security specialist makes sense.
Working with a provider for basic website security doesn’t have to break the bank, says Monique Becenti, a product and channel marketing specialist at SiteLock. Depending on the site and how much e-commerce traffic the business runs, it’s possible to have a strong level of security for roughly $1,000 a year.
Pricing will vary based on how many features are required and how much real business is done on the site. The advice on the following seven slides provides an excellent game plan for when SMBs decide it’s time to up their website security.
Evaluate Risk Posture
SMBs should be aware of their risk posture, SiteLock’s Becenti advises. This means evaluating their environments and taking an inventory of the programs and plug-ins their sites require to operate. Are they running WordPress? Joomla? Drupal? Do they plan on accepting credit cards and doing e-commerce transactions? Are they handling sensitive medical information? The answers to these questions will dictate how security needs are evaluated.
“The main thing is to take a step back and decide if you’ll need things like SSL certificates and a third-party payment system,” Becenti says.
Ask for SSL Certificates
Many SMBs believe that once they install SSL certificates, they are fully secure. But SSL certificates are only the beginning of the security journey. SSL certificates encrypt the data in transport from a site visitor to your site, SiteLock’s Becenti explains. So, for example, on a blog site the SSL certificate will encrypt comments that a reader makes, but it won’t encrypt the data once it arrives at the site. Same for a registration form. The SSL certificate will encrypt the data the site visitor enters to fill out a form, but the data itself does not get encrypted. And, yes, SSL certificates are important because Google and the other search engines will downgrade a site if it doesn’t have the secure “lock” in the lefthand corner of the URL address command line.
SMBs also should consider having a third-party provider encrypt the data before it enters the merchant’s environment, advises Ruston Miles, founder and chief strategy officer at Bluefin Payment Systems. If the data gets encrypted from the start, SSL will encrypt the transport and the data will be fully encrypted and secure once it enters the site. SMBs looking to do e-commerce or handle sensitive medical data need to consider this extra layer, Miles says.