While there are some aspects to having a business that might be a ‘one and done’ element, your website is not one of them. Would you get tired of hearing the same commercial jingle for a product? Of course, you would! Conversely, if you never do anything to change the look and or functionality of your website you will likely fall behind your competitors in that space. But how do you know it is time for a website redesign?
According to the 2019 Cybercrime Magazine study, website hacking will cost the world $5 trillion by 2021 -this is up by $3 trillion since 2015. Furthermore, cybercrime attacks are the fastest growing crimes in the U.S. Worse, the hackers are becoming more skilled and sophisticated than ever before. To put this in perspective, consider this: There are 111 billion lines of new software code written each year – meaning a significant amount of coding that can be exploited by hackers and more risks to your website’s security.
Find it hard to fathom? Consider these additional facts regarding cybersecurity:
- In the first 6 months of 2019, data breaches exposed 4.1 billion records.
- 52% of breaches featured hacking, 28% involved malware and 32–33% included phishing or social engineering, respectively.
- The top malicious email attachment types are .doc and .dot which make up 37%, the next highest is .exe at 19.5%.
- On average, only 5% of companies’ folders are properly protected.
- In 2018, 62% of businesses experienced phishing and social engineering attacks.
So, what can you to do as a business owner to make your website as secure as possible? Thankfully, there is a long list of actions you can take to prevent your website from being hacked.
13 Tips for Preventing Hackers from Attacking Your Website
Know the Risks
To truly protect your website from hackers, you must first identify any areas – internal and external- that make it more susceptible. Some of the most prominent areas are –
- Weak passwords – Your passwords need to be a minimum of 16 characters and include a mix of numbers, letters and special characters. In addition, you need a different password for each login. To help you keep up with the variety of passwords, you will want to use a password manager or a single sign-on program such as LastPass.
- Malware attacks – A malware attack is a result of an infected USB drive, or an app that is designed to capture keystrokes, passwords, and data. To prevent this form of hacking, install a malware detection tool such as the Norton Toolbar.
- Social engineering – A form of identity theft in which a hacker pretends to be you in order to reset your passwords. Minimize this risk by being careful not to share financial information, requesting password rests via the phone, and by conducting a security audit.
- Ransomware – Do not click on links that seem odd or questionable. This can result in hackers accessing your computer, website or data and holding it hostage until you pay their fee. Prevent this from happening with tools like Trend Micro lock screen ransomware tool or the Avast anti-ransomware tool.
Making this acronym by Marc Goodman a part of your procedures can help keep hackers away from your business’ website.
- Update often – Take advantage of auto-updates so that you always have the latest patches for apps, software, and operating systems.
- Passwords – Change them periodically and don’t reuse them.
- Download responsibly- Only download from sources that can be trusted. Look for any bundled elements and remove them.
- Administrator is NOT your default setting – Do not log into your pc as admin on a daily basis as this can make it easier for hackers to access your information.
- Turn it off – Don’t leave your computer on when not in use. Turn it off or disconnect the WIFI when you are not using it.
- Encrypt your content – From your files to your emails or any other important material on your computer protect them with an encryption program. When online, check that websites (your business site included) have a little padlock symbol next to the URL or an address that starts with https.
Look out for SQL Injection Manipulation!
SQL injection attacks are the result of a hacker using a URL parameter or web form field to access your database. To protect your business website from this type of hacking, you will need to use parameterized queries.
None of us like to see error messages come up on our website – but they do occur from time to time. So, when they do, be sure your error message keeps details succinct so that content is not inadvertently leaked. Provide just the information your guests need, with the details being stored in your server logs.
Never settle for single end validation! Rather, you need to require validation on both the server side and the browser side. Why? Because hackers can bypass some fields by leaving them empty or by using text in a “numbers only” field. Requiring validation on both the server and the browser keeps unwanted interactions at bay.
Say No to Uploads
Never allow site guests to upload files to your website as this opens your site up to any number of risks. Sadly, that innocent looking image or word document can contain a script that can destroy your site or mine information you thought was secured.
If you have a site where uploads are necessary or allowed, protect yourself by using limiting the access users have, through file type verification, limiting file size, keeping the uploaded folder outside of the webroot, and by preventing the users from executing any of the files uploaded. Other precautionary steps are to rename the files on upload to ensure it has the right file extension, having a firewall set up (most web hosts do this for you, but if you are using a personal server then this is a must), changing the file permissions, and -the most recommended solution- by preventing direct access to uploaded files.
Take time on a regular basis to run a back-up of your website and computer. Whether it is done daily, weekly or monthly you need to have this information at your fingertips (i.e. stored to an external hard drive or USB stick). If you do nothing else on this list, at least take time to back-up your site content and records. Often, host providers offer an automatic back-up option for a nominal cost – a cost you will be happy to have paid should your site ever be compromised.
Use a VPN
A VPN (Virtual Private Network) is designed to save all your data. It typically works like a server. The VPN connection works through acting as a tunnel that helps create a mask of your IP address so that you have more security for your website.
Only Use Secure Web Hosts
Don’t choose the cheapest web host provider out there! Just because it appears to be budget-friendly that doesn’t mean it is in the long run. When you opt for an inexpensive web host it is likely to be a shared server that is ‘home’ to millions of other websites. This means a much greater risk of being affected by a virus or a hacker having access to your website.
We have all been asked to type a series of numbers and letters or to validate that ‘we aren’t robots. These simple tasks are great for protecting your site from malicious bots as only a person is capable of accomplishing these tasks. Using Captcha forms is an easy step that can protect you from hackers.
No matter what type of CMS (content management system) you use to build your website there are plugins available to protect you against hackers. For WordPress sites, consider security plugins such as iThemes Security, Bulletproof Security, Wordfence, Securi or fail2Ban. These plugins are designed to identify any weaknesses in your website and then add extra protection for them.
Phishing is defined as ‘the fraudulent practice of sending emails claiming to be from a reputable company to encourage a person to reveal personal information.” This practice can cost you hundreds, if not thousands of dollars. To protect yourself and your company from being the victim of this type of scam, install an anti-phishing toolbar – good news, they are free! The toolbar will run checks on sites you visit and compare them to lists of known phishing sites. Should you inadvertently visit a phishing site, you will be notified immediately.
Keep in mind that just because you have an anti-phishing toolbar installed, this doesn’t mean that a site is safe. New phishing sites are created daily. Always look for the https or closed lock symbol near the address. Furthermore, never download files from a suspicious site or email.
Many companies use pop-up advertising for a good cause – to promote their services and wares. However, there are numerous unscrupulous companies out there that are using pop-up advertising as phishing scams. In the rare event that one slips through, click the small “x” in the corner and NOT the cancel button, as the button will generally take you to a phishing site.
Now What? Testing Your Security Measures
If you feel like you have done all you can to minimize the risks of being hacked, then now is the time to put your actions to the test. There are a variety of tools designed for testing your website’s security. These tools are known as penetration testing or pen testing. While there are pen tests you can buy, there are several reputable ones available for free.
- Netsparker – Ideal for testing SQL injection and XSS.
- OpenVAS – A rather advanced tool that identifies vulnerabilities. However, it can be a bit challenging to set up and you must have an OpenVAS server.
- SecurityHeader.io – This free tool loads quickly and denotes which security headers are enabled and configured correctly.
- Xenotix XSS Exploit Framework – Created by Open Web Application Security Project, Xenotix has a significant selection of XSS attack examples that you can run in order to ascertain whether your site’s inputs are vulnerable in Chrome, Firefox and Internet Explorer.
There is no single approach to protecting your website and information from hackers. Nor is it a one and done task. To protect your website, you need to implement safety features, use protocols that minimize risk, and periodically run security tests. If you make it a point to frequently check out the security of your website then you can keep the risks low and reduce the chance of becoming one the ‘hacked websites’ statistics.
If you are uncertain as to the safety of your website or would like to discuss the security of your website, contact the Page Progressive team. We can assess your site and let you know of any precautions that should be taken to improve your existing security. Give us a call today.
You have decided to take the plunge and become a business owner.
You are excited…and perhaps a bit scared, but most of all, eager to get your brainchild off the ground and moving forward.
However, there are just a few obstacles to doing this – especially in regards to crafting a web presence that does all you need it to do. These actions may range slightly from business to business; which is why meeting with a consultant who is knowledgeable about the web (and all its many little quirks and perks) is crucial to the growth and success of any new business.
Why You Should Hire a Consultant BEFORE Launching a New Business Online
“Now what?” you might ask. Or more specifically, “What do I need to know in order to successfully launch my new business? And, do I really need a consultant?”
To answer in reverse: Yes, you need a business consultant who can guide you through the many facets of building and boosting your business. Why? Because there are many decisions and actions that need to be addressed before you can anticipate your company’s website appearing on page 1 of the search results.
So why should you work with a business consultant? Consider these advantages:
- You get an outside perspective. This allows you to work out the issues before going public.
- It gives you someone to bounce ideas off of (someone who also isn’t afraid to be completely transparent with you)
- They will help you find resources to make your business more efficient.
- They offer the skills and knowledge you may not possess.
- They can work with employees to help them (and you) reach goals.
- They help position you to better handle (and embrace) change.
Depending on your type of business, the “approach” and “necessary actions” might vary. Not only will speaking with a consultant help you to flesh this out, but they will ultimately save you both time and money. Here are just a few elements a consultant might help with.
Branding Your Business
When building your company, you must create a consistent brand. This is more than a logo or slogan…but rather, how you present yourself and/or your product to the world. Yes, it includes things like your logo, slogan and colors used, but it is much more! Here are the elements to focus on in branding your business:
Logo– Your logo needs to be easily identified and representative of what you offer. It is wise to work with a professional graphic designer, as they will create your logo in such a way that it will fashion itself nicely with everything you email, produce, etc.
USP – A business acronym for Unique Selling Proposition, the USP reflects how you engage with your audience on your website, social media platforms, and review sites. It will also factor in how you present your products so that you differentiate yourself from any competition.
Branding Guide – This refers to your website and marketing materials. By working with a graphic designer and website development team, you can be sure that aspects such as the color palette, typography, theme, etc. will all tell the story you want to be heard by your targeted audience.
Story? Yes, your brand will have a story. Think about companies such as Apple, Ford, Coke and other well-known businesses. Part of what makes them stand out is that their story allows people to connect to them. The founders of these companies were visionaries who were not afraid to take risks. As you talk to a consultant about your new venture, they can help you develop your company’s brand, story, why you started your business and what it means to you. Be sure to share this with your graphic designer, as this knowledge will help them help you on your journey of success.
Building a Website
If you watch TV or web ads, the implication is anybody can build their own successful website and easily be in the top search results for their field or industry. The reality – while anyone can use a tool such as Wix or WordPress, this doesn’t mean they can merely press a few keys, add a bit of verbiage and images, and voila! A successful website! No. A successful website is much more than that. Here are some website building factors to keep in mind:
Choose a domain name that is:
- As short as possible, easy to spell and to remember
- Free of hyphens or numbers
- Using the proper extension (.com, .net, .org, etc.)
- Registered trademark free and not similar to another existing site
- A SEO-friendly URL
- Select a scalable website host known for having dependable tech support. There are several hosting options available, so be sure to talk to a website developer and learn what they recommend for your needs!
- Introduce yourself quickly. Do this with a homepage banner (AKA “hero image”) and any other banners that visually represent who you are and what you do (you will want text with this info as well). Also, be certain that you have an easy-to-find About Us tab in both your main and footer navigation menus.
- Choose a CMS (Content Management System) that will work for your needs. Some of these include WordPress, Squarespace, Wix, Drupal, and Joomla.
- Do you intend to sell things? If so, then you will need an e-commerce platform such as WooCommerce, Shopify or one of the others.
- To ensure that your company will leave a positive impression on guests, you will want to create interesting and engaging content to prove your expertise, authority, and trustworthiness.SEO – Referring to Search Engine Optimization: This is done through determining keywords for your website, social media use, marketing campaigns and any other content you produce (NOTE: Incorporate them whenever possible – but not to excess!). However, SEO is more than just keywords. It also includes the following:
- Optimal website code
- Fast page-loading speeds
- An SSL certificate (this lets guests know your site is safe and secure)
- Implementing a mobile-friendly website
- High-quality back links (both internal and external)
- Lots of positive reviews on sites like Yelp, Facebook, Google, etc.
- Using Social Media to link to your site
- Making frequent updates to your site in the form of blogs, video content, pics, etc. so that search engines know your website is active.
- Your business consultant may not know all the ins and outs of building a website, but it’s a safe bet that they know someone who does.
How to Get Reviews
As referenced above, positive reviews are an important part of building a successful business. Your consultant is sure to agree that reviews are a must. But how can you get those reviews? Here are a few suggestions:
- Set up accounts on several platforms. Yelp and Google are some of the most well-known; but also look for any industry-specific locations where reviews can be given. Don’t forget sites like Angie’s List, Houzz, and the BBB.
- Create customer incentives (free products, downloads, etc.) for leaving a review.
- Ask open-ended questions.
- Respond to every review – especially the negative ones!
- Share positive customer feedback you have already received.
- Personally ask your customer if they would mind leaving a review.
- Send review request emails, i.e. after the customer has made the purchase or received the item.
How to Set up a Google My Business Page
Google My Business is a free tool for businesses that allow you to manage your online presence. It works in conjunction with Google maps and search, enabling you to be found by search queries. When set up, you can post images, links to your website, contact info and an assortment of other information.
Though not an extremely difficult process, setting up Google My Business is often best done by a website developer who understands the nuances of Google My Business. To feed your curiosity, here is a quick breakdown of the basics:
- Go to Google My Business and click Sign In.
- Sign in to your Google account (or create one), then click Next.
- Enter your business address. You can also indicate if you want your business location to appear on Google Maps.
- Search for and select a business category. Click Next.
- Enter a phone number or website URL, then click Finish.
- Select a verification option.
- Review your business information.
Marketing your business is a crucial part of building your company; but sometimes knowing the best marketing approach can be tough. Enter your business consultant. They will be able to look at the crucial elements – talent (writers, artists, developers, etc.), processes (workflow, budgeting, campaign creation) and, technology – with a new set of eyes and point out ways to help you get your message out to the masses.
How Can I leverage Social Media Marketing or Google Ads?
Having a consultant who understands how to leverage social media and Google Ads is vital. We all know that social media is a critical part of the “big company” approach to getting the word out about a product. But as a small to mid-size business, navigating the Web and social platforms or Google Ads can often be a challenging task.
If you are considering using any of these options, a consultant can help you determine which social media platforms will best reach your target audience, as well as help you to construct a well written (and designed) ad campaign. They can also help you decide what keywords and phrases will best promote your company if there are other businesses or organizations that you could partner with; help connect you with sponsorships or community outreach endeavors; or perhaps help you determine discounts, sales or promotions. Once the ads are running, they can help you identify which ones are working the best through a process of A/B testing.
Email marking is an essential tool for business; but some companies’ emails are certainly better than others. In fact, a well-designed email marketing campaign can have an ROI as much as 122 percent! So what is it that separates the good email marketing campaigns from the rest? Some key components (though there are many) would involve having a creative design (layout, images, colors), personalizing the emails to your target market, timing, the written copy, and the incentive.
This can be an overwhelming process, especially if you have never before crafted an email marketing letter or managed an email marketing campaign. Hence, talking to your business consultant can help you make the most of the time and effort involved with producing an effective email marketing campaign.
Benefits of Blogging
By now, we are all familiar with blogging. But do you realize how important it really is? A study found that businesses have a 434% higher chance of being ranked highly on search engines if they just blog. In addition, companies that blog have as much as 97% more inbound links. All of this ultimately proves that you can be more successful…just by taking time to write. How successful? Studies have found that websites with active blogs receive 67% more leads (which means a greater likelihood of sales!).
Other advantages of blogging are as follows:
- Blogging grows your influence.
- Blogging offers free publicity. A great way to increase your influence is by guest blogging on another person’s website. Just be sure to have a link back to your website!
- Blogging attracts your ideal audience and helps others to find you online.
- Chances are, your competition is blogging. Don’t get beaten just because you don’t like to write. If you don’t like writing, hire a copywriter and give them the topics you would like written about. Set up a schedule and before you know it – you have new blog content on a regular basis.
- Blogs are known to build community as it encourages people to engage, thus showing more activity on your website.
Working with a business consultant doesn’t mean that they will know absolutely everything there is to know about building a website, marketing, or social media. But there are those who understand the value of a positive brand, a usable website, and a strong marketing approach. This type of business consultant will be a boon to any business, and it would certainly be well worth cultivating a relationship with them.
When you choose a business consultant, be sure you choose one who is knowledgeable and has a great reputation. After all, you are talking about your future as a business owner.
The Page Progressive team understands the importance of making good business decisions and knows how they can affect your future. Talk to us to learn more about what you need to build a successful web presence and ultimately successful business.
You have likely spent time and money on building and optimizing your website. It may have pictures, a blog, perhaps a shopping cart feature, and an assortment of other plugins and elements that are designed to improve your web search ranking. But, in spite of all you have done, it is still not gaining as much search traffic as you would like.
This can be frustrating, and even a bit depressing. After all, your goal is to be on page one of search results. So, what are you to do?
In a word – E-A-T.
No, we don’t mean that you should grab a carton of ice cream or a plate of pasta and eat away your web troubles. Rather, E-A-T is an acronym that has to do with improving your Google search ranking.
As web developers for over 15 years, the Page Progressive team has worked on many websites from custom-coded themes, to other sites that use WordPress templates. As a result, we have had the opportunity to learn a great deal about how to get the most from various WordPress themes and plugins. Consequently, we have formed an opinion on WordPress themes. Today, we will share why we find the Divi theme to be a great choice for so many website situations.
Have you tried using Google Ads for your small business? Perhaps you have seen the ads when doing a Google search, but have never considered how having one of your own could benefit your business. These ads, sometimes referred to as Pay Per Click (PPC), can be an effective way to drive traffic to your website. An Google Ads campaign is designed by carefully choosing keywords for your business and crafting an ad that will grab the attention of those see it.
Recently Authorize.net has made changes to their product line offerings to consolidate several offerings. This means that if you are using Authorize.net on your WooCommerce website, the plugin that you are using will be obsolete soon. WooCommerce has responded by releasing a new Authorize.net plugin which will replace the several other plugins that there used to be (AIM, CIM, DPM, and SIM). If you host with us, we will be switching you over to the new plugin so you should not experience any problems with your WooCommerce store.
You can read more about the new plugin here.
Your business needs are growing and you know you need to build (or upgrade) your website. You know there are options available for creating websites, but it can be confusing how to decide which platform is the best fit for you? With Wix and WordPress being two of the most well-known platforms, we are going to compare the two from the perspective of a developer who works a lot with small business owners. And just full-disclosure, we do develop with WordPress, although we have helped a few clients with their DIY type sites on Wix, Weebly and Squarespace over the years.