TheWebOrion surveyed 278 website managers to analyze their current website security practices. We found that although most express confidence in their current security protocols, significant, widespread vulnerabilities persist.
But is your website safe?
To help you better navigate security issues, we surveyed 278 website managers to learn about their perceptions of website security, past experience with security breaches, and the steps (or lack of steps) they take to keep their websites safe.
Our Findings
- Email phishing is the most common attack, affecting 30% of websites.
- 80% of website managers are confident in their current level of security.
- However, up to 63% admit that they do not currently use common security features.
- Although 54% believe that they haven’t experienced security liabilities, experts warn that many sophisticated attacks go undetected.
- Despite gaps in security, up to a quarter of website managers report that they do not plan to add security features, leaving websites exposed to vulnerabilities.
Email Phishing Most Common Security Risk
Everyone—from everyday website users, to small businesses, to large corporations—is vulnerable to phishing attacks. (Phishing is the practice of sending an authentic-looking email that convinces someone to share personal information or that infects a computer with a virus.)
Consider the story of Reuben Kats. When Kats received an email with a FedEx tracking number in the subject line, he didn’t think twice before clicking the attachment.
Kats works for a small company that builds websites on extremely short deadlines, helping companies drive leads by getting them listed with Google. During the holiday season, his email was flooded with information about orders related to the ecommerce websites they were building.
Nothing about the FedEx email seemed out of the ordinary.
But as soon as Kats opened the email, his computer was compromised. Within an instant, his hard drive was completely corrupted.
Our data shows that Kats is not alone when it comes to experiencing a phishing attack. Nearly one-third (30%) of website managers reported that they also have been subject to the kind of email phishing that Kats experienced.
Security Threats Exist (Even if You Think Your Site is Secure)
Security may not be the main priority, since many people believe their website is secure.
Website managers expressed confidence in their current levels of security, with 80% agreeing with the statement “My website is secure.” When the question was phrased emotionally (“I feel comfortable with the level of security on my site”), the results were nearly identical, with 82% of website managers reporting that they feel comfortable with their current level of security.
As experts warn, the prevalence of quiet, nearly undetectable security breaches suggests that this confidence may be misplaced—a problem can be traced to the earliest stages of website creation.
“I don’t think we’ve ever had a client say that they needed an extremely secure site that also sells a product,” said Ran Craycraft, a managing partner at Wildebeest. “The first priority is always to have a beautiful site that works well and does a particular function.”
No matter how unlikely a security breach might seem, committing to simple, proactive steps now can increase the likelihood of blocking an attack before one occurs.
For the 48% who have a personal website, reputational threats are just as serious. Hackers might spy on correspondence, steal sensitive information, or even send fraudulent emails or malware that appear to come from your account.
Password Protection Not Enough to Guard Against Security Breaches
When we asked what protections web builder users currently take to protect their sites, 98% of website managers reported taking some action, with password protection being the most common (74%).
However, a surprising number of website managers admitted that they do not currently take advantage of common tools. For example, 61% do not currently use two-factor authentication, while 49% admit that they do not back up their data frequently.
Among those who reported feeling “confident” or “very confident” that their website is secure, the number who regularly implement updates is not significantly higher. This means that despite widespread confidence in current security measures, there’s no guarantee that most websites have the security features in place to back those feelings up.
Steps You Can Take to Protect Yourself & Business
“Many of our clients’ expectations weren’t set up from the beginning in terms of the maintenance of those sites,” he said.
Our data supports this observation. Despite the fact that only 50% of website managers update their applications and software when prompted, only 18% plan to do so in the future.
Similarly, although 61% admitted that they do not currently use two-factor authentication, only 26% plan to implement it within the next year.
These and other gaps create opportunities for hackers and phishers to exploit your business.
When thinking through how to address security moving forward, it’s helpful to think of steps in two categories: tools that help reduce vulnerabilities and behaviors that encourage vigilance.
Tools for Increasing Website Security
1. Use TheWeborion Tools to identify vulnerability
Theweborion security tools guide you about website vulnerability along with remedies. In these tools, you will have an idea about website security, the grand benefit is free and simple.
Discover common web application vulnerabilities and server configuration issues with TheWebOrion FREE Tools.
2. Set Up Two-Factor Authentication
Two-factor authentication (also known as two-step verification) allows you to create an additional layer of security that goes beyond simple password protection by linking your account to a specific device that can be used to corroborate your identity.
For example, even if a hacker manages to guess your username and password, two-factor authentication would require a code sent only to your device before it would be possible to log on to your account.
If you notice anything that seems amiss, Security Checkup arms you with the information to investigate and shut down unwanted access if necessary.
3. Make Sure Security Plug-ins Are Up to Date
If you use plugins, it’s important to research your options carefully. (A plugin is software that adds additional features or functions to your website.)
The key to choosing a strong plugin is to look for how many active users have implemented it. Too few users means that the plugin likely hasn’t been thoroughly vetted, while plugins that have become ubiquitous may present a tempting target for hackers.
“Hackers don’t want to go after the 15 people using a plugin, they want to go after the big dogs,” said Craycraft. “There’s a risk that we take.”
3. Secure Sockets Layer (SSL)
Implement a Secure Sockets Layer (SSL), which creates an encrypted link between your server and website visitors, to prevent a hacker or third party from intercepting your traffic and serving other information to their browsers.
Tip: You can tell whether a site you visit uses SSL based on its URL. Secured sites will show up as “HTTPS” rather than “HTTP.”
5. Password Managers
If you’re a typical Internet user, your passwords probably involve the name of a pet, loved one, or important date—something that is both easy to remember and easy for hackers to guess.
Experts recommend random, unique passwords for each of your accounts, preventing hackers from using easily identifiable passwords that could allow them to infiltrate multiple accounts.
This creates a common pain point: It’s difficult to remember complex passwords, and most people have accumulated dozens—or even hundreds—of accounts.
Using a password manager is a simple way to securely store your passwords securely until you need them. These tools allow you to set long, complex passwords that will help keep all of your sites safe.
Proactive Behaviors for Increasing Website Security
1. Conduct Regular Security Audits
One strong strategy is to conduct regular security audits. The components of your audit may vary depending on the nature of your business.
2. Educate Employees About Potential Security Threats
Damoulakis of full-service digital technology agency Orases recommends that companies regularly host internal training sessions for employees.
3. Update Your Software Regularly
Put an office-wide recurring meeting on the calendar to check for system and software updates, and get in the habit of clicking “yes” when your computer prompts you to install a new operating system. The same goes for all plugins, software, and mobile devices.
4. Improve Login Security
In addition to monitoring for phishing attempts, the design of your website can impact its security.
A key question to ask: How do you sign into the back end of your website?
If you use a splash page (a simple landing page with fields for your login information), your website may be at higher risk.
5. Batten Down Your Input Fields
Finally, input fields (such as boxes for visitors to leave comments) can create vulnerabilities.
In some cases, hackers are able to inject harmful code via input fields, allowing them to access private information, such as your customers’ credit card numbers, or to delete a database, wiping pages of your site clean.
Additionally, experts recommend common sense habits to help you become adept at maintaining your website security.
Fortunately, you can achieve improved security with very little time and effort—and reap big rewards by preventing a disaster before it strikes.
Contact us and check your website vulnerability | You can write us on help@theweborion.com
