Although news of large corporate websites being hacked is reported on a regular basis, many small businesses fail to realize that they too, are a possible target for online scams.
Even if you’re business is small, don’t move forward with the philosophy that online scams ‘won’t happen to us’. That was the casual attitude of a financial services company, who recently had a rude awakening. They believed that since they were ‘small fish in a big sea’ that they were basically invisible online. No scammer would bother targeting them, right? Wrong. Their website was hacked and the reason was embarrassing. Not only was their server unsecure, but all of the computer passwords at the office were “password1”. Ouch.
Be prepared in the event that online thieves come looking for your sensitive information, which may including credit card information, email IDs and passwords. Did you know that within minutes hackers can turn your little website into a spy bot, scooping up personal information without you ever realizing? Or even worse, they can hack into your website databases and manipulate or destroy important information.
Here are a few simple ways that you can discourage online scams:
1) Avoid common passwords.
Hackers try all the easiest passwords (like password1), so use strong passwords and change them often.
2) Switch to HTTPS.
Hyper Text Transfer Protocol Secure is a secure communications protocol that is used to transfer sensitive information between a website and a web server. Moving your website to HTTPS adds an encryption layer of SSL (Secure Sockets Layer) to your HTTP making your users’ and your own data extra secure from hacking attempts.
3) Hide Admin Directories.
Hackers use scripts that scan directories on your web server for obvious names like ‘admin’. They’ll enter the folder to compromise your website’s security. Many CMS’s allow you to rename the admin folders to any name of you choose. Pick an innocuous name for your admin folders and don’t let anyone – except your webmaster! – know to avoid a potential breach.
4) Keep All Software Updated.
Make sure that every piece of software you run on your website is up to date. CMS providers like WordPress regularly release patches and updates that make their software less vulnerable to attacks. Run these updates and always have the latest version supporting your site. If your site uses third party plugins, keep track of their updates too and ensure that these are updated as well.
5) Be aware of common phishing scams.
It’s in everyone’s best interest to understand the common types of phishing scams online criminals use including pharming, session hijacking and malware based phishing.
Prevention is the key to protecting your IT security and identity from online scams. No matter how small your business and online footprint, it’s important to put preventative measures into place.