Hackers are increasingly targeting small businesses. These 10 cybersecurity tips for small businesses can be implemented to improve security, prevent successful cyber attacks, and avoid costly data breaches.

Many small business owners misguidedly think that their company is too small to be a target for hackers but cyber attacks on small businesses are common and they are increasing. A successful attack on a Fortune 500 company is likely to be far more profitable for the hacker, but also much harder. Small businesses are relatively easy targets and attacks can be highly profitable.

Small business owners cannot afford to take cybersecurity lightly. A successful cyber attack could prove catastrophic. With this in mind, we have compiled 10 cybersecurity tips for small businesses that can easily be implemented to improve security.

Top Cybersecurity Tips for Small Businesses
Implement a Robust Firewall
A firewall is a cybersecurity solution that sits between a small business network and the outside world and prevents unauthorized individuals from gaining access to the network and stored data. Not all firewalls are created equal. Extra investment in a next generation firewall is money well spent. Don’t forget to also protect remote workers. Ensure that they are also protected by a firewall.

Create and Enforce Password Policies
You should implement password policies that require all users to set strong, secure passwords. A strong, unique password should be used for all systems. Passwords should include capitals, lower-case letters, a number, and a special character, and should be at least 10 digits long. Teach employees how to create secure passwords and enforce your password policies. Consider using a password manager so passwords do not need to be remembered. Consult NIST for the latest password guidance.

Security Awareness Training
Make sure you provide the workforce with regular security awareness training. This is the only way that you can create a culture of cybersecurity. Be sure to cover the security basics, safe Internet use, how to handle sensitive data, creation of passwords, and mobile device security. You should provide training to help employees avoid phishing attacks and consider phishing simulation exercises to test the effectiveness of your training program.

Multi-Factor Authentication
Multi-factor authentication involves the use of a password and at least one other method of authentication. If login credentials are compromised, an additional factor is required to gain access to an account or the network such as an SMS message to a user’s smartphone.

Backups
It is essential to have a good backup policy. In the event of disaster, such as a ransomware attack, you need to be able to recover critical data. Backups must also be tested to make sure files can be recovered. Don’t wait until disaster strikes to test whether data can be recovered. A good strategy is the 3-2-1 approach. Three backup copies, on two different types of media, with one copy stored securely offsite.

Software and Firmware Updates
Vulnerabilities are regularly found in computer software. Patches are released to correct those vulnerabilities, including those that are being actively exploited. Make sure patches are applied promptly, software is kept 100% up to date, and the most up to date firmware has been installed. Implement automatic updates where possible and create a schedule for updates if they need to be performed manually.

Network Segmentation
It is a standard best practice to segment networks and split them into subnetworks. Not only will this improve security it can also improve performance. By preventing access between segments, if one part of the network is compromised, an attacker will not have access to all systems and data. Also make sure you limit access to sensitive data and restrict the use of admin credentials. Apply the rule of least privilege. Do not give employees access to data, networks, and software that they do not need for day to day work duties.

Implement a Spam Filter
Arguably the biggest cyber threat that small businesses face is phishing. A single phishing email could allow an attacker to bypass your perimeter defenses and obtain login credentials or install malware. An advanced spam filter will allow you to improve productivity by blocking non-malicious spam emails and prevent phishing emails from being delivered to inboxes.

Secure Wi-Fi Networks
If you have a wireless network in your workplace it needs to be protected. Ensure that it is secured, data are encrypted, and that it is hidden and does not broadcast its SSID. Use WPA2 for encryption (or WPA3 if possible). Change default passwords and ensure your wireless router cannot be accessed from outside the network.

Consider Implementing a Web Filter
A web filter provides protection against web-based attacks by preventing employees from visiting phishing websites and sites that host malware. A DNS-based web filter can protect wired and wireless networks and even remote workers. It will block malware downloads and prevent users from accessing dangerous websites and those that serve no work purpose thus improving productivity.

Should you require any help with your business to keep it well protected, please don’t hesitate to contact Justified to help you out.

It’s been almost four years since Google first told everyone they should make the switch to HTTPS. In their passionate plea to website owners to create a more secure internet, they used a rallying cry that would surely go straight to the heart of everyone: HTTPS would become a ranking signal.

MOST WEBSITES STILL DON’T USE HTTPS

Not surprisingly, the world did not make a mass switch to HTTPS overnight. In fact, almost four years later, the majority of websites still aren’t using HTTPS. According to NetTrack usage data, only about 29% of websites are using HTTPS. This is a huge increase from the roughly 7% of websites that were using HTTPS back in 2014 when Google started the push for a more secure web, but it’s still a far cry from what Google wants.

It’s important to note that while the majority of websites still don’t use HTTPS, over half of all web traffic is encrypted. This is because most of the top websites have already made the switch.

WHY HAVEN’T MOST WEBSITES MADE THE SWITCH?

There’s still a lot of misinformation and half-truths about HTTPS and SSL out there, including:

• It’s expensive
• It can hurt your rankings
• It’s hard to implement
• It’s not necessary

Now that we’re into 2018 and Google has promised that its July 2018 release of Chrome will flag all non-HTTPS sites as not secure, the answer has most definitely changed. The new answer: Everyone needs to make the switch to HTTPS. If you have a website and you want to generate leads, make sales, or just tell people about your business, you have to get an SSL certificate.

WHAT ARE HTTPS AND SSL?

If acronyms drive you crazy, then here’s a handy cheat sheet:

HTTPS – Hypertext Transfer Protocol Secure. What it means to you: communication is encrypted so data or information sent to and from your website is secure.

SSL – Secure Socket Layer. What it means to you: it’s the standard technology used to make your website HTTPS.

In other words, if you want to encrypt data on your website and get in line with Google’s recommendations, you need to buy an SSL certificate. But there’s a lot more to it than making Google happy.

WHY EVERY BUSINESS NEEDS SSL

If you sell things on your website, there’s not even a debate. An SSL certificate is not optional. Since most payment gateways don’t even work properly without an SSL, we don’t need to convince the ecommerce folks out there to get one. So this is mostly for you lead generation folks.

Remember back when a lot of businesses said they didn’t need a website? And then they all said they didn’t need a mobile-friendly website? Well, any business that’s worth a grain of anything has a website now, and the ones who aren’t mobile friendly are trailing far behind. The same thing is going to happen very soon with HTTPS. The websites that don’t have it will fall behind the competition. Search engines, users, and even browsers will soon heavily favor secure websites. It all comes down to security and trust. Customers won’t buy from you if they don’t trust you, and your website must be secure for your users to trust you.

DO IT FOR THE SEARCH ENGINES

Google isn’t going to stop pushing HTTPS. Since making the original announcement in 2014, Google has pushed HTTPS harder and harder. It is now a legitimate ranking factor (albeit one of hundreds). Originally used only as a tie-breaker when all other things were equal, it’s now widely believed that SSL means more. In the search results below for “minneapolis web design,” the first six results are all HTTPS. Could that company down in position seven move up with an SSL certificate? That’s certainly a possibility, and it’s definitely a logical step in their SEO efforts.

No, it’s not a guaranteed magic bullet to move you up in the search results. But it is best practice for SEO. More importantly, it’s best practice for your customers.

DO IT FOR YOUR USERS

Doing things for search is nice, but search engines don’t help you pay the bills. Your customers do. Everything you do should ultimately be for the benefit of your customers. How does HTTPS help your customers? It tells them that your website is secure and that any information they share with you on that website will be secure.

In other words, having an SSL certificate builds trust. Unsurprising fact of the day: when your customers trust you, they’re far more likely to buy from you or use your services.

DO IT FOR THE BROWSERS

Chrome, the most popular browser in the world, now tells your customers when your site is HTTPS or just plain old HTTP. At the moment, this doesn’t mean all that much since the “warning” is fairly innocuous. But later this year, Chrome is going to warn all users when a website is not using HTTPS with this scary message:

That’s right. If your website isn’t HTTPS, Chrome will immediately call attention to the fact that your site isn’t secure. Over half your website visitors are going to see this message. What impact do you think this is going to have on your customers? Hint: it’s going to cost you a lot of sales.

SO WHEN DO YOU REALLY NEED AN SSL CERTIFICATE?

If you’re doubting whether or not you actually need an SSL for your business website, consider whether or not your website allows customers to do any of these things:

• Make a purchase or submit credit card information
• Create an account
• Submit a contact form
• Sign up for a newsletter
• Search for something on your website

Now we’re updating our recommendation to this:

• If you have a website

There are no more excuses now. If you have a website and you want people to trust it, you have to be secure.

REASON #432 TO SWITCH: SSL IS CHEAP NOW

You don’t need to be a mega corporation to afford an SSL certificate. This is a small investment for any legitimate business. Properly implementing and maintaining an SSL will cost you a couple hundred bucks a year. For most businesses, it pays for itself after one sale. Given how many sales you’re going to lose when Chrome starts flagging your website as unsafe, this is a very small price to pay.

BUT WON’T I LOSE RANKINGS WHEN I SWITCH?

You may have heard some horror stories about companies switching to SSL and dropping to page 500 of Google search results. There’s a simple explanation for this: they did something terribly wrong when they made the switch. It wasn’t the switch itself that caused the problem. Remember, HTTPS gives you a boost in the rankings. A properly implemented SSL certificate cannot hurt your search rankings.

As you may notice, the site you’re currently visiting uses an SSL. We aren’t an ecommerce site. So why did we make the switch? Well, as a web design and marketing company, it’s kind of important to follow best practice. Did we notice any drop in performance when we did it? Nope. Our rankings either stayed the same or went up. Our traffic continues to go up. Our leads continue to go up. While we can’t definitively say that HTTPS helped us, we can definitively say that we’re in a better position today than we were before we had it.

DON’T TRY THIS YOURSELF

Implementing SSL is pretty easy if you’ve done it before. Most business owners haven’t. There are a lot of things you need to worry about when making the switch, including mixed content, duplicate content, redirects, broken links, and much more. Fortunately, this is all standard stuff for a qualified developer.

Instead of spending days trying to make the switch only to find you’ve tanked your website because you did something wrong, you’d be much better off contacting a professional web development and hosting provider. They can quickly get you running on HTTPS without any short- or long-term negative effects to your performance in search results or anywhere else.

No matter who implements SSL for you, the time to make the switch is now. Don’t let an unsecured website be your downfall. If you’re ready to make your website more secure and create a better experience for your users, contact us today.

GET THE PROCESS STARTED, SIGN UP FOR AN SSL THROUGH JUSTIFIED!

Click here and fill out the application form, opt if you need assistance with your SSL to be setup or not.

If you have a website I’m willing to bet money you could get a better deal on your hosting fees. In fact, you could be paying a lot less for your web hosting but you probably don’t realise it (because if you did you would’ve switched right?).

Anyhoo, I’ll cut to the chase: this is my attempt to spread the word and make sure businesses at least know they have options. So what’s on offer in the world of website hosting? Is low-cost hosting a myth or a scam? Why is there a huge variation in hosting costs? How difficult is it to switch hosts?

Cheap hosting works just the same

First of all, let’s just talk about cheap hosting for a minute. I mean it seems crazy right? How could you get something for $13 a month that you could easily be paying $1,500 a month for? I’m not making these numbers up by the way, I had recently worked with a client who was paying this to a Perth based web design company. So what gives? Is the cheap hosting you get with Justified for $159/year worse than what you’ll get elsewhere? I’ve already covered the myths of cheap hosting so I won’t repeat myself but basically the answer is no. In fact, you might actually be getting less. The client I mentioned before was paying $1,500 per month just for their website!

What’s on offer? Why the huge variation in hosting costs?

So what’s available in the world of hosting? Well just about any web design company will provide hosting and it pays to ask what their hosting fees are because it can quickly add up. In the example above, over the period of just one year the difference is almost $18k. I doubt there’s a business out there that would turn down the opportunity to save that sort of money, especially in a down economy. Some companies do their own hosting and that gives them control over the web servers but it also increases the costs since they have to buy and maintain the computer hardware itself. The other option is a web company will purchase hosting from a provider, either based here in Australia or, more commonly, in the U.S. This is what Justified does, and it’s a far more convenient and scalable option. It allows hosting to be bought on a ‘as needed’ basis and because it’s provided by large, dedicated hosting companies they are generally a faster with more reliable service.

So why the variation in pricing?

This is still a mystery to me but we can make some educated guesses. In some ways it’s just Economics 101 – a supplier’s price point is balanced between what customers are willing to pay with making the maximum amount of profit for the business. I’m not saying that anyone’s been crooked here but after all web design companies are there to make money and hosting is a nice ‘set and forget’ revenue stream for them. Not many people know about low-cost hosting so they just carry on paying their hosting bill, not realising they could be saving big dollars. So if you know anyone in that situation, do them a favour and let them know they have options. And to be fair, if you know why web design companies charge what they do for hosting, share your comments with us. And this leads us to our next question: Is it easy to change hosts?

How easy is it to switch web hosts?

There are two considerations here – (1) Your current hosting agreement: You may be locked into a contract with your current host that requires a certain notice period and (2) Moving your website files: The first step is getting a backup of your current website (a tip here is to ask how you can download it as there are often big fees for getting it on a CD). Unfortunately with proprietary website setups (like Wix) you can’t actually take the website framework so you’re left with the unenviable task of manually copying and pasting all the content (good for them, bad for you!). This is one of the great things about Justified websites. Since they’re built on a completely open framework, you can pick them up and take them to another host without any problem (and no exit fees!). We have moved several websites to Justified web hosting and in most cases it takes no more than two hours, which we will do for free!

So are you paying too much for web hosting? If you are then at least you know now you can do something about it!

One unfortunate side effect of quick and easy access to information in our world today is that our attention spans have gotten shorter, our concentration is more likely to be divided, and we’re just a bit less patient.

Perhaps even just while you were reading that sentence, you got distracted by something or skimmed ahead hoping I would get to the point (it’s coming, I promise).

Navigating and browsing websites is no different. I think it’s safe to say that if a website takes longer than a few seconds to load, you can count on most people getting impatient and possibly closing the window without ever landing on the page.

Not only can this result in a poor bounce rate and potential reporting discrepancies for your website analytics, but page load time has an influence on your SEO rankings. Google is more likely to give rank to websites that deliver positive user experiences, and a shorter load time definitely adds to this overall experience.

What are the factors that influence page speed?

There are many, but some of the main ones are:

• Limited use of render-blocking JavaScript and CSS in above-the-fold content
• Formatted and compressed images
• Avoiding redirects
• Minified CSS and JavaScript
• Reduced server response time
• Using a content delivery network
• Cached static content

What tools can I use to check my page speed?

There are many tools out there, but here are some of the most common free ones.

Google PageSpeed Insights

There is a lot of contention among developers about Google PageSpeed Insights, the most commonly-used page speed tool. So many poor developers have ripped their hair out trying to get the score to 100, sometimes sacrificing site usability, functionality and visual aesthetics.

In reality, PageSpeed Insights doesn’t actually measure the site’s loading speed at all. What it does is simply categorize the site according to a series of performance best practices and produce a score based on how many boxes you’ve ticked.

We ran a few big brands’ websites through the tool just to see what would happen.

According to PageSpeed Insights, our friends Qantas, Woolworth’s and The West Australian got dinged pretty badly, even though you’d expect big names like these would be able to afford to build an optimised website. Yet when I go to all of these sites I don’t experience a noticeable lag time. What gives?

WebPagetest

Though WebPagetest is not as “pretty,” it provides richer data because it checks your page speed from different locations and browsers at real user connection speeds. You’re given A-F gradings for different categories such as first time to byte (how fast your web server response time is), if keep-alive is enabled (the connection is kept open for multiple page requests) and more.

Using The West Australian as an example, WebPagetest has a much more kind result, except for static file browser caching. However, for a news site with changing content every few minutes, much of the content isn’t static so it makes sense that many files aren’t cached locally on a user’s browser.

Test My Site

WebPagetest actually powers a different Google tool called Test My Site, which helps you understand how your site speed compares to those of your industry peers.

Here The West Australian see that their load time is considered good and is actually one of the top performers compared to other news sites.

Moral of the story: There are many page speed tools out there, but with any of them it’s recommended to take the results with a grain of salt. They should be viewed as a guide, not the be-all and end-all. Use your best judgement in what you decide to optimise on your website, and don’t worry too much about striving for that perfect 100. The last thing you want to do is optimise it so much that it removes from your website’s overall design and aesthetic appeal, turning off potential customers from the very start.