8 Website Security Mistakes to Avoid for Small Businesses

8 Website Security Mistakes to Avoid for Small Businesses

22 Sep 2020


Renji Yonjan

It’s been estimated that over one-third of small businesses do not have a website. Though not having a website is considered a major disadvantage for any business, it’s easy to see why some don’t embrace technology.

Technology can be difficult to figure out, not to mention expensive. Many business owners don’t make websites because they don’t know how to manage a website.

There’s also the issues of security. Hackers and viruses are improving all the time, so protecting yourself can feel impossible if you’re not skilled with the internet. The good news is that we’re here to help.

We’ll discuss potential website security mistakes and how to avoid them in this article.

1. Indifference

Many small businesses don’t bother with website security, often because they’re a small company and would not be a lucrative target. However, there’s another side to this coin that people often ignore.

Not having much money means not being able to invest as much in cybersecurity as larger corporations. It also means you won’t get as much attention as larger corporations.

If Amazon were hacked, for instance, we’d hear about it in the news the next day. Meanwhile, hacking a smaller business is much easier, and won’t attract as much attention.

Many hackers choose to attack small businesses because it’s easier to get away with. In fact, over 40% of cyber attacks hit small businesses. Even worse is the fact that most small businesses who are the victims of cyber attacks fail within the year.

You have to take precautions, and those precautions start with building your website. You shouldn’t use a generic website builder, because they’re designed to make things fast and easy, so they cut a lot of corners.

One of the worst sites, in particular, is Wordpress. This site alone is the target of more cyber attacks than any other website builder.

You’re better off hiring a professional website designer. These people are trained to build websites and build them well. They’ll handle potential issues that Wordpress and other sites didn’t bother to address, including certain aspects of security.

You aren’t immune. Hackers will go after anyone they can. Also, don’t expect mercy because you’re a small business who’s never done any of the things larger companies are so often accused of.

Hackers don’t care if you’re a good person. They don’t care about your livelihood or your family. They care about themselves and they care about money.

2. Passwords

It’s a fact that most online security breaches occur because of a compromised password. There are several different ways that this can happen. 

One of the biggest risks is password weakness. Password weakness means having a very simplistic password that can be relatively easy to guess. For instance, somebody’s name is probably not a good password. 

When signing up for other websites, you may have noticed that they encourage you to have a longer password that combines letters, numbers, and symbols. This makes your password harder to guess, which prevents some cyber-attacks. If you’re hiring a website builder for your  small business, this may be a feature to ask about.

Some people don’t even bother to change the password from its default settings, which makes it unbelievably easy to hack them. There’s also the issue of changing the password only slightly from the default. One tiny change doesn’t stop people from hacking it.

Among the cyber attacks that are stopped by having a strong password is a brute force attack. A brute force attack occurs when a hacker installs a program on their computer that keeps other computers from locking them out. They then keep entering password attempts until they guess it or give up.

One of the biggest problems you may deal with in cybersecurity is a stolen password. Hackers may try many different methods to get your passwords. 

Many of them will send you emails or other messages tricking you to enter your information. These are often known as phishing scams. Don’t do this unless you know the website is legitimate.

Also, don’t open any email you don’t trust. It could be a keylogger, which is a program that installs itself onto your computer, tracks your passwords, and then sends them back to the hacker.

The good news is that a lot of email services are built to monitor for suspicious emails and immediately send them to the ‘spam’ folder. Still, there’s no guarantee your computer will catch everything.

One of the biggest website security mistakes you can make is to do any business or log into anything while using public wifi. Hackers will take advantage of this and use programs to monitor what others are doing on that network.

Many companies still offer public wifi because it attracts more customers and improves their experience. However, you can also get a more private network that only you and select members of staff can access. This will allow you to do business without being hacked.

3. Not Updating

To attract customers, a website needs to stand out, and look appealing. One way to do this is to keep the website modern-looking and updated.

Keeping your computer updated also helps with security. All computers are built with flaws. This isn’t necessarily the fault of any computer company. It happens simply because technology advances quickly, and exploits now exist that didn’t exist when the computer was released.

Thus, computer companies need to keep updating their existing computers to help keep the public safe from cyber attacks. Failing to download these updates can leave your computer vulnerable.

A common excuse for not installing updates is that they cost money. While it’s true that many of them do cost money, it’s still worth it to protect your business. Not only that, but you can use it as a tax write-off.

Computer software can be written off taxes as a business expense if it’s used for business purposes. It’s not hard to see why keeping your company’s website from getting hacked would count as a business expense.

4. Failing to Backup Files

Cyber attacks can do more than just steal information. They can also destroy it. This is often the result of ransomware attacks. 

Ransomware is a type of program that infiltrates a victim’s computer and prevents them from opening their own files. Instead, those files are now encrypted by the hacker, and can only be accessed by them.

The hacker then charges some amount of money to go away and allow the victim access to their program again. However, it’s often the case that a hacker will refuse to give you back program access even after you’ve paid the money.

However, there are a few different types of ransomware, and all of them can do serious  damage. For instance, there’s RaaS, which stands for Ransomware as a Service.

This occurs when experienced hackers work as consultants for other hackers. They help coordinate and pull off a ransomware attack in exchange for a portion of the money. 

There’s also scareware, which is designed to look like a security program. These programs will claim to have found security threats on your computer and will attempt to  charge you money to resolve them.

While several security programs charge money for additional services that solve all of your issues, they don’t make you buy those services. Scareware does. It will often keep you from using your computer until you pay.

Another type of ransomware attack is Doxware. Doxware is a program that locks you out of files containing personal information and threatens to publish that information if you don’t pay.

If you’re a private person or store important things on your computer, this is definitely an attack you’ll want to avoid.

The best defense against a ransomware attack is to backup files. That way, even if your files are permanently destroyed, you have other copies to draw from. There are even services out there that will help you store backup files.

It’s also a good idea to not keep anything on your computer that you wouldn’t want the public to see.

5. Too Much Privilege

Don’t be fooled by the phrase ‘too much privilege.’ It doesn’t mean that you’re treating your employees too well. It means that you’re giving them access to things they don’t need to have access to.

Many business owners have a tendency to think of their employees as a family, but that isn’t always true. Most of them probably are trustworthy, but there’s no guarantee that all of them are.

Sometimes, it isn’t an issue of trustworthiness at all, but of knowledge. A person may be honest, but they’re still going to make mistakes if they’ve never been trained on the program in question.

The best way to prevent hacks or other issues caused by privilege is to limit it. If accessing certain files isn’t necessary for their job, don’t give them access.

Also, don’t give access to anybody you didn’t hire on a permanent basis. Temporary employees will only be staying for a short amount of time, and contractors only stay until their job is finished. Since neither of these people will be in your employ for very long, they have no reason not to rob you, especially once their time is up.

It may go without saying, but you shouldn’t tolerate any nosey employees. If someone is bothering you for more privileges, be firm, and say no. If they keep  trying anyway, it may be best to fire them.

Keep in mind that nosey employees can often be mistaken for ambitious employees and vice versa. You may want to  pay attention to their behavior to see whether they’re actually a problem, or legitimately think they’re under-utilized.

6. Making the IT Person do it

Before we delve too far into this issue, we should probably say that there’s probably nothing dishonest or troubling about your IT person. The issue is that they’re trained to understand how computers run and to keep them running. They may have some knowledge of security, but it’s probably not their specialty.

It’s in your best interest to hire a security expert who’s in the business of preventing cyber attacks. They don’t necessarily need to take up a full-time position, either, because you’re not going to be attacked all the time.

Having a consultant you can call when you think there’s an issue may be a better solution.

Even the security expert shouldn’t have to handle all of the security. There are little things that everyone can do to keep themselves and their fellow employees safe from cyber attacks.

7. Cutting Costs

One of the things you can do, as a business owner, is to make security a priority. This isn’t a place to cut costs. If an experienced website developer charges a little more, be prepared to pay it. If the most qualified security expert charges more, be willing to pay it. 

Also, don’t assume your business is safe just because you have antivirus software or anti-malware software. You’ll need them both. Anti-malware software exists because antivirus programs don’t pick up malware and vice versa. 

It’s also important to have your security tested every few months. This requires security experts who are going to charge for their services. Security can be costly, but it’s worth it in the long run.

8. Risky Websites

Certain sites should not be visited while at work, and no, we’re not just talking about those kinds of sites. We’re talking about anything with pop-up ads, links to unknown sites, messages from people you don’t know, and similar things.

We could say more about what a risky website looks like, but instinct is usually a good resource here. If something looks sketchy, it probably is. If an offer seems too good to be true, it is.

Stay away from everything you don’t trust, and don’t visit websites if they don’t seem professional.

Website Security Mistakes Your Small Business Should Avoid

Many small businesses are hacked every year due to website security mistakes. We’ve provided some advice about how to avoid them in this article, but it’s always better safe than sorry. You may want to do more research to make sure you’ve prepared for everything.

For more on website and app design please read our blog. We can help your business thrive by discussing market research.


Renji is always striving for the best at any given moment, both in and outside of work. Her constantly inspires and motivates her teams so that they grow and improve both professionally and personally.

Read more Articles by this Author
Contact us Today

Beautiful Websites For Better Business

  • star
  • star
  • star
  • star
  • star

“During the entire project, what I witnessed was an unwavering determination to keep forging ahead and readily adapting to every new challenge that came our way. The performance was outstanding, and we owe our success to you. Without your contributions, this wouldn’t have been possible. Great job!”

Alison Brandon MondialVGL
Alison Brandon

— Marketing Manager at Mondial VGL