02 Jan A Safe Start to the Year: Company Website Safety

There is no time like the present to improve your company website safety. Improve your practices and train your team to protect your company’s web platforms by default. Smart security works best when you weave it into your culture. Better understanding and a few reasonable rules will remove many headaches. They will also protect against disruptions to your website, your email and the good reputation of your business.

Untrained employees are the biggest gap in the online safety for your company. You can educate them about the risks. Help them to see the company from the perspective of the bad guys. Certainly financial service companies, insurance companies, brick and mortar and online retailers may be obvious targets for attack. But even small companies and nonprofit organizations risk hacking. If your employees think they are safe, because you are not one of these likely targets, you need to show them the dangers.

Why Would Someone Hack Us?

You don’t have to be a high-profile target. Just because your company is there, is reason or motivation enough for hackers to target you.  If you take payments or donations online, the credit card and transaction data is the juiciest target for hackers. They may take the data then hold it for a while or sell it to other hackers before you see any attempts to actually use your patrons’ credit cards illegally.

Hackers may also target your client lists and email addresses. Also, consider your own employees’ contact information. A competitor could use this information to approach your hard-earned customers with CRM data that you developed over the years as you cultivated those relationships. The contact information for your own employees could also be used to take advantage of your employees.

Any data that the bad guys can get can be used to go deeper, exploring and discovering more vulnerabilities to your online presence. It pays to stay vigilant even when you don’t perceive a threat.

Train Your Company To Protect Itself

Telling your employees how and why your company could become a target. This article from Entrepreneur illustrates how and what damage has been done to other companies.

Many employees understand and protect against the obvious dangers of their business interactions. It is like locking up at night. What they may not realize, is that their personal lives can also be used against their business presence. The story in the above article tells how a bank teller was threatened, not with a gun, but with the idea that her husband had been kidnapped and was in danger. The information found on her personal social accounts was used against her.

The Main Threats

Here is a quick summary of the main avenues for attack and some common sense improvements you and your employees can do to better protect your company’s web platforms.

Email

Encourage your employees to only use their company emails addresses for legitimate business use. A corporate email address is worth protecting, one person clicking on a link or an attachment with malware can infect many people inside the company. If the email address is not spread around, it will receive fewer attempts just by anonymity.

Encourage or require that your employees regularly change their passwords and make them secure. This article also lists many technical steps you can take that will help protect your company’s communication.

Your Website or Blog

For years Mac users felt safe from viruses since they were the minority of PC users. Windows-based systems were easier to exploit because the systems were far more common. As Macs gained market-share that argument weakens. Anyone can get a virus.

That problem from the past is similar to the vulnerabilities you have if your company’s website or blog is using WordPress. Almost 60% of blogs and websites that use a Content Management System, or CMS, use WordPress. When you use the most common solution, you will also be open to the majority of threats.

Learn the strategies to improve the security of your WordPress site. Similar strategies hold true for other CMS users, like Joomla and Drupal. Make sure you are not using outdated themes or plugins. Always use secure passwords and modify default variables like the “admin” username.

Don’t forget, another aspect of a secure website is having the data regularly backed-up. Experienced IT personnel don’t speak of “if” you get hacked. They work to be well prepared for “when” they will be attacked.

Social Media

Coach your employees to keep their personal social media accounts separate from the company that employs them. Have them leave the employer field on all but the most critical of platforms.

If your team shares ownership of the company’s social presence, require that they regularly update their passwords. If there is a “recipe” that you use to create a password, make sure you change that regularly too. A disgruntled former–or even current–employee that knows the pattern can cause a lot of damage and work for your PR team.

Since social media changes so quickly, select which platforms you will maintain or allow access to during business hours. Then lock down access to other platforms until they have a reason to become part of your business plan.

Many new platforms have poor security or definite non-business uses. For instance, there are social media platforms, like the less mainstream dating sites, that could become embarrassing if an employee was exposed publicly for using them.

Build a Culture of Safety

By training everyone to understand the dangers and requiring that they practice a reasonable amount of vigilance, you will protect your company’s web platforms and presence. This will free your team up to serve your customers better by concentrating on what you do best!

PHOTO: Gerd Altmann / CC0 Public Domain