Website Security for Small Business Owners: What You Need to Know

By Gordon Smith

Business isn't just about making money.

The safety and security of your customers, suppliers and partners is a basic necessity that is even more fundamental than profit.

But of course, if you are a small biz owner, website security is probably not high on your list of skills. You may have been so busy working on your business that security is not a topic you've considered. Or perhaps security is something you think about but aren't sure how to get started.

The personal data of your customers should be a top priority. Your website probably contains some Personally Identifiable Information (PII) even if you don't realise it. The Information Commissioner defines PII as:

  • Personal data is information that relates to an identified or identifiable individual.
  • What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors.

Keeping this data secure, away from the prying eyes of hackers, and private and confidential is a basic responsibility that small business owners must have a grip on.

The safety and security of your customers, suppliers and partners is a basic necessity that is even more fundamental than profit.

Small business owners must be many things - accountants, bookkeepers, managers, marketers and planning. Being a website security expert is not a role you probably envisaged when you started your business. But here we are - it's on your plate. Now let's look at some fundamentals before suggesting how to keep your security in good nick for the long term as your business grows.

Phishing scams

One of the most common and effective ways for cybercriminals to gain access to your data is through phishing scams. This is where they send an email that looks like it's from a legitimate source, such as your bank or even one of your customers, requesting personal information.

Sometimes these emails are very sophisticated and can be difficult to distinguish from real emails. We regularly get queries from our customers about emails they've received. The quickest way to determine a phishing email from a legitimate email is to hover your mouse over the 'From' field. The email address in the 'From' field will usually be different from the email address you know belongs to the company or person that sent the email. If they are not, the email is likely a scam.

Another hint that an email is fake is by checking for spelling mistakes or other anomalies in the email.

If you are ever unsure about an email, it is best to contact the company directly via a phone number or website address that you know is legitimate and not that which was included in the fake email.

Web security generally

The top three things you need to know about website security are:

  1. Use strong passwords.
  2. Keep your security software up to date.
  3. Be very careful about clicking on links in emails or websites, even if they look like they are from a legitimate source - as mentioned above, many hackers use phishing scams and these can be difficult to distinguish from real ones.

Strong passwords

The first thing you should do is make sure that all your passwords are strong. This means having a minimum of eight characters and combining uppercase, lowercase letters, numbers and symbols. It's also best to use different passwords for each website or service that you use - this might sound like a hassle but it makes security much stronger. If you are using the same password for multiple websites, and one of those websites is hacked, your other accounts could be compromised as well.

Security software

Another important security step is to make sure that you have security software installed on all devices that connect to the internet - this includes your computer, phone and tablet. Security software includes your PC and laptop firewalls and anti-malware software and anti-virus software.

WordPress security

WordPress is an incredibly popular website builder and if you are among the 43% of the world's website owners that use WordPress, then you need to know some basic security tips.

Basic WordPress security. Here are the most important tips for keeping WordPress secure:

- Use a strong password for your WordPress login. See above for advice on what constitutes a strong password.

- Keep your security software up to date, including your firewall and anti-malware software.

- Only install plugins from reputable sources and be careful about installing too many plugins as this can make your website more vulnerable to attack.

- Make regular backups of your website content so that if your website is destroyed (this does happen) you can restore it without losing your customers' data.

Data protection legislation

Almost all small businesses and organisations must be Data Protection Registered. This is a legal requirement in the UK and it's very important to have this registration as it proves that you are taking data security seriously.

The Data Protection Act 1998 sets out specific regulations about how personal data must be collected, processed and stored. It also gives individuals the right to know what personal data is being held about them.

Becoming Data Protection registered need not be seen as a burden. The Information Commissioner has a lot of great advice on the principles of keeping data secure. The main advice is to do the following:

Keeping customers' credit and debit card details safe

As a small business owner, you may be worried about storing the credit and debit cards of your customers. You can outsource this task entirely to specialist providers who themselves comply with the necessary legislation to keep these details secure, so you don't have to.

All online payment providers provide this basic service and they are heavily regulated and frequently inspected. The golden rule is never to handle your customers' banking details. If you do not store this information then you cannot lose it. Instead, use online payment providers such as Stripe, WorldPay, Opayo or PayPal to take your customers' card details on your website.

Keeping your site secure in the long term

Your business is likely to grow and your security requirements will increase. But along the way following the basic, simple advice given here will avoid a lot of heartache for your customers, and stress, reputational damage and financial disaster for you.

Website security is an important issue for all business owners, but small business owners have a particular responsibility to keep their customers' data safe. In this post, we've looked at some of the basic steps that you can take to make your website more secure. These include using strong passwords, installing security software and being careful about which plugins you install on your website, and keeping your software up to date at all times.

If you would Dotwise to carry out these services for you please get in touch.

Done-for-you website security for small businesses