Website Security for Your Small Business

Website security is becoming increasingly essential in the digital world of today. Hackers are as prominent as ever before, with even large companies falling victim to scams, cyber-breaches, and extortion. For example, in 2021 alone large, multinational companies such as T-Mobile, Colonial Pipeline, and Kroger were victims of hacking scandals. Protecting your business’ webpage is often an ethical and legal requirement.

Ethically, all business owners should strive to keep information safe. Both business owner’s information and that of their clientele should be of the utmost importance at all times. However, rationales behind webpage security do not end solely with ethical arguments. Many laws dictate a necessity for security online measures for businesses. An example of a legal requirement would be Payment Card Industry (PCI) compliance. PCI compliances protect the card information of users on your webpage when making transactions. Requirements such as these function to improve webpage security, and in turn keep personal, business, and user-data unbreeched. 

Security Basics

“Don’t lock the front door, but leave the window open”

Computer with backlit keyboard

Primary methods of securing your web page begins with controlling and maintaining safe, unique, and secure log-in information. You do not want to lock your front door, but leave the window open. An example of this would be frequently-used or simple log-in information. This is a very common security mistake. Another example would be having your log-in username as simple “admin” or the name of your business. Distinguishing your passwords with variations from other personal or business passwords is essential in the battle against hackers. 

Another method of staying on top of your web page security is to frequently update your software, including but not limited to programs such as WordPress, Apache, and other CRM software. Out of date software is dangerous software! On top of updating these software, a helpful tool for your web page security is a Security Socket Layers (SSL) certificate. SSL Certificates add a layer of protection when data, both user and admin, are in transit to and from your webpage. You may be familiar with SSL Certificates and not even know it! SSL Certificates are frequently used on more secure platforms, such as bank transitions, and appear as a tiny “lock” image in the left corner of your URL bar, besides the actual URL.

Phishing Emails

Awareness and diligence to threats such as phishing are also key factors in securing your website. Thirty-two percent of all hacking occurs through phishing emails. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information. This information can include passwords or credit card numbers. Therefore, phishing emails pose a great danger to webpage security for small businesses. These emails often consist of an seemingly-realistic contact from a “trustable” source, such as a bank. Anytime you come across an email that you are unsure about it is of critical importance to ensure that these emails are from a valid source. This can be done by contacting whoever you believe is reaching out to you through other methods, such as face-to-face or a phone call for confirmation.

Another way to spot phishing emails is to check the URL and sender information–often these identifiers are similar to real email addresses, but have slight differences. For example, a phishing email posing as a bank may say it is from In reality, the bank’s true email address  would be This example is crude and simplistic, but useful. Subtle changes such as these are often clear indicators of phishing emails.

Phishing emails are one of hackers favorite methods of stealing information.

Importance of Website Security


Website security is a matter that cannot be taken lightly. Infringement upon privacy is prominent within the digital world. Hackers are people who utilize various methods to obtain unauthorized access to data. One method, phishing, was touched upon above. However, hackers employ countless methods in order to steal information and credentials. Furthermore, these methods are always adapting in order to stay “ahead of the curve”. It is important to frequently research methods of hacking for numerous reasons. Firstly, awareness will allow business owners to stay on top of the most popular methods to date. In turn, business owners can proactively combat hackers in the battle for webpage security. 

Disregard of caution and lack of awareness of hackers can lead to poor website. In turn, lack of security undermines much of a business-owner’s hard work. Awareness of these dangers, in combination with vigilance, will allow you to keep your website and business as safe as possible. Remember, in the words of Martina Navratilova:

“Security used to be an inconvenience sometimes, but now it’s a necessity all the time”

Reach out to your local PASBDC with any further questions regarding securing your business’ webpage!


Written by Brian Kennerly, Pennsylvania SBDC Lead Office Marketing Team

Brian Kennerly is currently a Graduate Assistant at Kutztown University of Pennsylvania while pursuing his Master’s in Business Administration. His hometown is Upper Darby, PA, and he attended the University of Virginia for his undergraduate career.