{{propApi.title}}
{{propApi.text}} {{region}} Change location{{propApi.title}}
{{propApi.successMessage}} {{region}} Change location {{propApi.title}}
{{propApi.text}} {{region}} Change location{{propApi.title}}
{{propApi.successMessage}} {{region}} Change locationHow safe is your website?
How safe is your website?
Member and guest login
Enter your email and password to access secured content, members only resources and discount prices.
Did you become a member online? If not, you will need to activate your account to login.
If you are having problems logging in, please call HIA helpdesk on 1300 650 620 during business hours.
Forgotten password
Need some help?
If you are having problems logging in, please call HIA helpdesk on 1300 650 620 during business hours.
If the email address you have entered is registered, you will receive an email with further instructions.
Become part of the HIA community
Enables quick and easy registration for future events or learning and grants access to expert advice and valuable resources.
Create a guest account
Enter your details below and create a login
Anne-Maree Brown
General Manager of Content
If you have a website, even the most basic, here are some anacronyms for you: 2FA, DDoS, DNS, SSL. If you need to look up any of these, maybe website security should move up your business to-do list.
Your business website isn’t just about you. It’s also about your team and, more importantly, your customers. The security of your website or your ‘network security’ is not about the risk of cyber-attacks. While cybersecurity deals with safeguarding your information and security technologies from potential external cyber threats, the primary concern of network security is to safeguard your IT infrastructure from the inside.
‘Cyber activity in 2022 provides us with a decent opportunity to think about what is likely to come in 2023,’ says Steve Nelson of Switch and its web building arm, Mattaki. ‘From a cybersecurity perspective, there have been plenty of instances that have impacted businesses of all sizes and even countries.
It would be a mistake to paint a broad brush over cybersecurity and take a single focal point to ensure proper coverage for your business. Cybersecurity is an increasing and ever-expanding risk that needs to be a priority for all businesses. Understanding the risk posed to your business and customers alike is important in ensuring you have frameworks in place for protection.
Despite the common fear of cyber threats, Steve acknowledges that a website is often the greatest risk. ‘It is your ever-present point of representation, to serve existing and potential customers, which also makes it a big old target for hackers. They are motivated to compromise those things you rely on most – your current and potential business relationships.’
What’s the difference between cyber and website security?
Cybersecurity is a general term used to describe activities relating to your IT touchpoints. Website security relates specifically to your digital presence and would arguably cover:
- SSL (secure sockets layer)
- Data integrity
- Content integrity
- DNS (domain name system)
- Domains
- Cloud infrastructure
- Cloud protection
Commonly, there’s an expectation that website security is inherent in the services from your website provider. ‘At Mattaki, we often see this is a directional relationship,’ Steve says.
‘You need to verify that these protections for your website, customers and businesses exist. This makes it difficult to stay ahead of hackers, as it is an ever-changing landscape. It isn’t practical to expect you to know of these challenges.’
What are the biggest risks for businesses?
The risks for small businesses are significant. In recent times, this has increased exponentially. Steve says there are some practical reasons for this and lists the following factors as major contributors:
- The increased dependence on software increases the access points for hackers looking to expose a growing range of vulnerabilities
- Businesses of all sizes are being targeted through automated means, with hackers scanning for holes in not only your cybersecurity but also through the software you use
- More sophisticated phishing efforts makes it difficult for customers and businesses alike to discern what is legitimate
- Hackers are changing the way they compromise systems, not necessarily being obvious, and in some instances, it takes days, weeks or even months to initiate their objective
- Targets now go from large enterprises down to small businesses, therefore no-one is immune.
What are the potential outcomes of an attack?
‘Attacks are designed to wreak havoc on your business and the experience of your customers,’ Steve explains. ‘We’ve seen instances where ransomware attacks have compromised small businesses, so they are not able to email, access bank accounts or pay wages. The attackers do not relent on releasing these business-critical activities unless significant payments are made.’
Steve adds that wide-scale DDoS (distributed denial-of-service) attacks are undertaken to send large amounts of data or traffic to your business-critical system, essentially taking them down and making them inaccessible to a real customer. ‘Dissemination of incorrect information into the market, either through their website content or phishing campaigns via email, is another type of breach while attackers will also try to compromise domain and DNS records, crippling businesses in a matter of minutes.’
How can a small business review their website security?
Businesses need to be practical about the risks they face and consider fundamental things to ensure they’re doing as much as they can to protect their business and customers. Steve offers four areas to get started on today:
- Create an audit of your business-critical systems and establish the quality of their security.
- Create a framework based on critical systems in your business – who has access to them, how are they protected and importantly, who has the credentials (usernames, passwords, etc) to administer them.
- The framework should be checked on a regular basis, with credentials updated routinely and in all possible instances using additional security such as two-factor authentication.
- Ensure the proper configuration and protections are in place to avoid hackers using your credentials for phishing attacks.
How do you ensure your security is maintained?
Steve also provides these points to get business owners thinking about their network security:
- Be confident that your website partners can be relied upon to deliver security to your business and customers as part of their service to you.
- If you’re not confident they even know what website security is, you are potentially in a precarious situation.
- Be practical about what you see and hear across different industries and consider if you feel you’re covered.
- Speak with your website provider and ask them what levels of security exists for your organisation.
- Be confident you have and control credentials to critical systems and information.
- Implement and use 2FA (two-factor authentication) across your organisation.
- Create a relationship with your website partner. They need to drive updates to you, showing how to protect your organisation.
‘Cybersecurity and website security can be an afterthought, but by then, it’s too late,’ Steve says. ‘Once your systems are compromised, you have few options and the ones you do have are not ideal. This creates additional urgency to resolve whatever may be compromised within your organisation. This is exactly what hackers are trying to achieve. The consequences can be wide-ranging, from financial impacts to compromised customer data (and therefore relationships).’
So don’t leave yourself vulnerable. Once you learn how to minimise risk, you’ll feel more secure as a small business owner.
The information in this story is supplied by a third party. It is important that all readers understand that third-party information is not provided or endorsed by us. Please be aware that we have not necessarily checked third party content.
First published on 15 March 2023