Over the next few weeks we will be sharing a some perspectives on the current state of the Internet and specifically the 7 Forces of the Web that deserve the attention of companies large and small. The topics will vary from technology and complexity to legal and regulatory matters that should change the way you do business online. With all of these discussions, we ultimately point back to your customer’s experience with your website and how it’s affecting them. So, let’s get going with Force #1 – Security.
Perhaps one of the most critical of the 7 Forces is web security. In today’s modern world, web security cannot be an afterthought. Data breaches, hacks, hijackings, and more can seriously impact your company’s viability – and lead to loss of consumer trust, legal actions, and more.
Let’s take a deeper look at the state of security on the web, and discuss how this can affect your business and brand now.
More Websites Than Ever Are Vulnerable
It’s been estimated by Acunetix that websites with high-severity web vulnerabilities increased by 9% between 2015 and 2016, and that number continues to grow as new exploits are discovered and shared. In 2017 Cross-site scripting (XSS) jumped 17% and TLS/SSL vulnerabilities jumped 10% with only marginal improvements in other areas.
Not only that, at least 55% of all websites have at least one or more high-severity vulnerabilities – the highest number ever recorded.
WordPress Websites Are At Risk
WordPress has quickly become the leading platform for online ecommerce websites, blogs, and more – currently running over 25% of websites on the Internet. Due to its low expense, ease-of-use, and a massive library of customization options, it continues to be the leading CMS on the market.
But this popularity is a double-edged sword. Because WordPress is so popular, many hackers and other malicious agents purposefully attempt to develop exploits, code injections, and other hacks that target WordPress-based platforms.
This has lead to over 4000 known WordPress security exploits, according to WPScan.org. Because many WordPress sites are out of date due to neglect, and are not administered regularly, the risk of attack on a WordPress installation is very high.
These are not just small businesses either, there are quite a few large enterprises who use WordPress-based websites – NFL, the Wall Street Journal, New York Times, BBC America, and TechCrunch, just to name a few.
The Results Of A Hack – How Vulnerabilities Put You At Risk
Depending on the specifics of an attack, your website can suffer from a multitude of issues including:
Defacement – Defacement occurs when a hacker or bot repurposes your website to link to their hacking group – it’s the “digital graffiti” of the hacking world.
Spam/Malware Injection – Hackers can inject malicious code into your website – without changing the way it looks or feels. This can lead to a huge variety of problems for your users, and decrease the trust in your site.
SEO Results Poisoning And Clickjacking– Hackers use your SEO strategies against you, placing links to ads and malware on your website to take advantage of your high placement in popular search engines.
SEO Blacklisting – Google can tell when websites have been hacked. If your business is hacked, your site could be blacklisted, and users will be presented with a warning from Google, telling them that your site could be compromised.
While some of these issues are less severe than others, each one can tarnish your brand’s reputation – decreasing the effectiveness of your marketing strategies, and putting your image at risk.
What Can Be Done About Website Security?
This is a broad topic and there is no way to be 100% safe against hackers. They’re constantly innovating, and finding new exploits.
However, there are ways to keep yourself safe, and reduce your risk of being hacked. Here are few suggestions.
Be Proactive – If your company depends on it’s web presence, it’s critical to keep all relevant web platforms, plugins, and tools updated. Many common vulnerabilities are regularly “patched out”, and by simply installing these updates, you can make yourself a much less appealing target.
Pay Attention – Hackers are subtle. Sometimes, your website may be compromised – and you may not even know it. Pay attention to your website. Does it look normal? Has anything changed recently? Are you getting traffic from strange sources? This is all it takes to catch a breach early – and save yourself time, money, and headaches.
Additional Layers Of Security – Using additional layers of security on the machines hosting your website is a good idea. If you can build up firewalls and intrusion detection systems on host machines, you can prevent common cyberattacks – and be informed if someone does try to compromise your systems.
Some of these can be difficult for internal teams – so you might consider using a web experience agency like ours to secure, manage, monitor, report and remediate. (shameless plug)
So don’t ignore the security of your website and don’t assume because you checked one thing with one tool that all is well. Data breaches, hacks, and web hijacking can be extremely expensive and time-consuming to deal with, and can deal a serious blow to your company’s online image. Follow these tips, understand the risks, and start taking steps to a more secure website today!
Your company depends on its website? Request our Free Website Analysis Today.