Why Web Security is Important
We sat down to talk with Neill Feather, President of Sitelock, about the importance of web security in today’s digital landscape. Even if you don’t run a business online, you can still glean some insight from the discussion.
Here’s our conversation:
1. What is the #1 reason most people don't lock up their website?
Lack of awareness of the risks and consequences, and the belief especially
amongst small business owners that they're too small to be noticed by
hackers. They're not aware that most hackers use automated tools to find
vulnerable sites. Most small business owners are too busy to think about
security in any depth. While they're often aware generally of security
issues, they often don't connect those threats with their own business. So
they don't set aside the time and resources need to make sure even the most
basic website security precautions are followed.
2. Why is website security so important?
Your website is your brand, your storefront, and often your first contact
with customers. If it's not safe and secure, those critical business
relationships can be compromised. The threats can come in many forms -
infecting a website with malware in order to spread that malware to site
visitors, stealing customer information, like names and email addresses,
stealing credit card and other transaction information, adding the website
to a botnet of infected sites, and even hijacking or crashing the site.
A single security breach could be a death-knell for a small business. Most
states now have strict data breach laws, and many come with stiff fines,
penalties, and other costs. Even if a security breach at a small business
website doesn't trigger a data breach, it can still have a huge impact on
customer trust if customers find out about it.
An unprotected website is a security risk to customers, other businesses,
and public/government sites. It allows for the spread and escalation of
malware, attacks on other websites, and even attacks against national
targets and infrastructure. In many of these attacks, hackers will try to
harness the combined power of thousands of computers and sites to launch
this attacks, and the attacks rarely lead directly back to the hackers.
3. Some people may think of web security as a way to build trust with
customers. They may think that it's simply a way to prevent malicious
attacks. While prevention is important, how does web security build trust
Consumers are nervous about the security risks of the internet. For example,
identity theft has been the number one consumer complaint to the Federal
Trade Commission every year for the last thirteen years. Consumers seem to
sense, because it's common sense, that most small businesses can't afford
the best security and are therefore it's more likely their website presents
a higher risk - whether it's purchasing or just browsing.
The more a small business can do to build trust in their website, the more
likely customers are to visit, stay, buy, return, and recommend. That's why
security seals are important. Not only do they provide reassurance to
customers that the website is secure and the business is aware of the risks,
but customers are also so used to seeing these seals on websites, they tend
to notice when a site has none.
4. What industries need to be particularly careful about securing their
No industry is immune. Hacking is not just about stealing data. Hackers want
to create watering holes where they can hide malware as a way to spread the
malware to any visitors to that site. They also want to enlist those
compromised sites in Distributed Denial of Service attacks on other sites.
Any site can serve that function. When it comes to data theft, financial
services, healthcare, and retail seem to be especially popular.
5. Does the FCC provide any info to help small businesses?
In 2011, the FCC created and launched the Small Business Cyber Planner, a
free online tool to help small businesses develop their own cybersecurity
plan. The security team that helped develop that tool included Symantec,
Visa, and Neal O'Farrell, an advisor to SiteLock.
6. October is National CyberSecurity Awareness month. Why October?
(Does it have anything to do with the holidays approaching?)
Not sure but probably picked October because the holidays are one of the
busiest seasons for hackers and cybercrooks and a good time to raise
awareness. SiteLock has joined other leading security and technology
companies to champion this cause because awareness is a critical first step
in securing business and personal assets
7. What's the most important step that business owners should do today to
protect their website?
It's tough to pick just one. Some easy steps are to create a security plan,
even a simple one, share it with everyone involved, and stick to it. Manage
your passwords carefully, especially website access. And keep all computers
and mobile devices free from malware so they're not used as a launchpad for
a website attack. Of course, it would be smart to enroll in a service like
the one we offer at SiteLock. It's affordable to even the smallest business
yet provides the same types of website security that even the biggest
8. Does choosing the right hosting provider make a difference for web
Of course, the hosting company is a key to website security. The host
provides the infrastructure upon which the site will be built. Just like
building a house, you need a strong foundation in order to be safe. It also
matters how you go about building the house, which is an important piece
that website owners sometimes don't fully understand. While the host
provides the infrastructure, the site needs to be secure as well. In fact,
websites are now a much more popular entry point than servers or networks,
accounting for up to 80% according to a recent report from Verizon. We
often use the analogy of an apartment complex. The host provides the
security for the building, so if the front door hangs open and there is no
buzzer system, that is the host's responsibility. If you leave your
apartment door open, though, it is still your responsibility. This is the
same way with a web host and website owner.
9. How does a Content Delivery Network provide a better experience to users?
Content Delivery Networks, or CDN's help accelerate a website's performance.
Faster sites are much more pleasant to interact with for customers, so they
are more likely to stay longer and come back or buy something if they can
interact with the site quickly and easily. Maybe more importantly, faster
sites rank higher on search engines, so more users will see the site and can
get there. SiteLock offers every iPage customer access to our TrueSpeed CDN,
which has the additional benefit of providing protection for the site owner
through our TrueShield web application firewall, which blocks malicious
traffic to the site.
10. Anything else business owners should know about web security?
Be proactive. It is much easier to build in security right from the start
than it is to clean up after a compromise. All too often, we work with
website owners who did not think about security until it is too late. The
resulting downtime, reputation damage, and clean-up are much more difficult
and can be much more expensive than starting with security in mind. This is
definitely a case where an ounce of prevention is worth a pound of cure.