Top 5 Website Security Myths to Leave Behind in 2018

Feb 06, 2018

Top 5 Website Security Myths to Leave Behind in 2018

So you think you have heard it all before? Before you mention the words “it will never happen to me” it probably will!

2018 has a lot of changes happening in the World Wide Web, however businesses large or small sometimes don’t consider the impact of security or at least updates that are required to keep the wheels of industry turning and your clients happy.

In 2017 a number of major security breaches made the headlines, the ones you didn’t hear about may not have made an impact on your business but someone somewhere felt the blows of mismanaged or poor cyber security.

Cat & Mouse
When i was a kid (and still I do this sometimes) I loved watching Tom & Gerry (in fact my brother was nearly called Gerry that would have been fun) cyber security is kinda like that, you know the mouse (Gerry) sneaking up on the cat (Tom) and causing all sort of havoc when you least expect it.

Staying Safe in 2108
So how do you do it? We have a list of website security myths that need to be left behind and keep you and your business online.

Top 5 Website Security Myths to Leave Behind in 2018

5.) Small Business Owners Are at Less of a Risk of Being Hacked

No. While you can certainly filter some evidence to say that statistically a small business has a lower chance of being hacked than a major corporation, that’s misleading. Small businesses are at an even greater risk when it comes to hacking. That comes down to resources.

But let’s start from a numbers standpoint, more than half – 62% – of all cyber attacks launched are aimed at SMBs per IBM. Per Symantec, while 90% of major corporations have been targeted. 74% of SMBs have too. And then there’s this damning statistic from the National Cyber Security Alliance, 60% or 3 out of every 5 small businesses that suffer a cyber attack end up shuttering within six months of the incident.

From first hand experience working with clients that have had their website hacked (and came to us to fix the issues) we found that this plays havoc with their business from all sorts of view points.

Everyone is online now and if you visit a business via the search engines and discover a website with all sorts of strange images, garbled text and messages (you as the visitor will go elsewhere) the business that owns the website will lose the business and be none the wiser until it’s spotted.

Key Takeaway: Invest in updating and managing your website.

4.) Your Employees Can’t Impact Your Network or Website Security

Employees are a huge threat (there I said it)

Not that your employees mean it (some will if things do go right for them) most of the time it is just carelessness. Business can sometimes appear to have security all under control, however if an email has got through a firewall and spam filters plus it’s came from a colleague so it’s deemed safe, bingo the network has an issue.

By assuming employees have all the knowledge they need re your security is not a great move and this needs to be revisited, especially with so many devices available and the regular updates you may miss.

Key Takeaway : Employees need to be aware of your security controls and training in what to look for in emails that could be issues is key.

Top 5 Website Security Myths to Leave Behind in 2018

3.) A Firewall and Antivirus Software is Enough

Sadly, those days are over. We’re entering an era of comprehensive web security as a service. You’re already seeing a number of major players like Venafi and Comodo move into that space and it’s hard to argue with the new technology’s benefits.

For starters, the cost of staffing an effective in-house security team, for companies of all sizes, is staggering. We’re talking purchasing hardware, hiring and training staff and then maintaining everything on your own.
SaaS products are helping companies and organizations avoid those costs by essentially out-sourcing everything.

That’s because nowadays you need more than just a simple firewall and some antivirus software. You need 24/7 monitoring, malware detection and removal, it’s probably smart to have a good CDN for better security and performance, plus you’ll need to have a Systems Incident and Events Management team for any major crises.

Key Takeaway: Invest in Security-As-A-Service, outsource your security to a reliable company for a third of the price you would pay if you have this in house. Firewall and Antivirus software is not enough.

2.) Your Password is Strong And Safe Enough

Passwords are the bain of everyone’s life, i mean from the people who write them down in a notebook (why?) and choose passwords that are named after their dog (it’s quite easy to figure them out check Facebook) or even worse save them on their device (lost or stolen device means in the wrong hands an identity theft).

Avoid words all together
A random string of letters and numbers is harder to break even from a brute force attack and stops you using all the same passwords (can you imagine if one of your passwords is guessed correctly?) I know you are saying how can you remember all these crazy passwords?

If you use tools such as LastPass the system will store all your passwords, random generate passwords for you (letters and numbers) and automatically log you in.

Key Takeaway: Use letters, numbers and symbols for a password and store them safely.

Top 5 Website Security Myths to Leave Behind in 2018

1.) If you don’t store customers’ credit card info, you don’t need an SSL/TLS Certificate

This is now a very hot topic as you will know as Google wants to create a more secure web environment and the impending rules and regulations of GDPR.

It is true that SSL was only for credit card info etc but now all that has changed.
SSL is good hygene for your website, if you don’t know what SSL is and how it could affect you see here.

In the main SSL enforces a secure connection between connections on your web server by placing a piece of software and when configured correctly ensures that your website and your data is more secure.

Google & Mozilla
Leading browser providers Google & Mozilla have now improved security and require all websites to be encrypted ensuring a safer web but what does that mean for you?

In March or April this year (2018) both browser providers will begin to mark websites that are not secure by placing a warning triangle (in red) in your browser bar.

There is nothing worse and more damaging than showing a warning indicator on your business website saying ‘your website is not secure’
So regardless you will need HTTPS / TLS and a SSL Certificate to move forward in 2018.

Key Takeaway: Act now and prepare your website for SSL / HTTPS before its too late.

Top 5 Website Security Myths to Leave Behind in 2018

The web is changing and is a normal everyday thing that we all use, however the user experience is key and by looking at the suggestions listed you may find you can save yourself a lot of time, effort and money.

What’s My SEO Score?

Enter the URL of any landing page or blog article and see how optimized it is for one keyword or phrase.