If you were to grab some non-technical friends together and ran a straw poll, inquiring as to how hard or easy they thought it was to run a successful website, then you may well get quite a mix of answers. Some of them may look at the plethora of content management systems available these days and think it is easy. And, in some respects, they would be right – aspiring webmasters have many aspects of their operation covered by the likes of WordPress and other CMSs.
But the design of a site isn’t all that is involved. I would imagine that most people who run a successful site would actually tell you that content creation is the greatest challenge they face and that the design and back end of their site is only their secondary concern.
But how many of your friends would highlight security as being one of the biggest challenges to running a successful internet enterprise? Not too many I would guess.
The truth, though, is that any person (or company) running a successful site these days most certainly does need to consider security. It may not need to be the primary concern (though security professionals would like it to be) but it does need to be attributed with a high level of importance.
Successful web properties need to be aware that popularity amongst users will also lead to a higher profile in hackers’ eyes too. And the bad guys like nothing more than a website that has a large number of visitors.
With the number of defacements and data breaches these days it is likely a question of when, not if, a website with any degree of readership will be targeted.
Potential attackers of your website may have a few different avenues to explore, depending upon their motives and skills. They may choose to target your site’s users, tricking them into giving up personal information which they can then use to turn a profit. Or they may go after the website itself, looking to deface it to make some sort of statement, or to steal data for monetary purposes, or to install malware with which to infect visitors with.
Whilst all of these options are pretty grim, you really should consider the security implications to your visitors first and foremost. If the people who consume your content day after day are attacked whilst on your site, or learn that a database full of their personal information has been stolen from you then their confidence in you will be shattered. Perhaps irrevocably.
Reputation and branding are everything these days and, once lost, they can be extremely difficult to build back up again. If printed media, social sites or influential bloggers hear that your site has vulnerabilities then that news will spread quickly. If those vulnerabilities affect customers then expect the news to travel further and quicker.
Don’t let your loyal visitors become victims through your lack of security controls. Protect them at all costs.
Of course thats not to say that you don’t need to think about yourself though. The integrity of your site is almost as important as the safety of your visitors because, if the back end gets compromised, the results may not be too dissimilar anyway.
If hackers compromise your server then you are still going to have a whole load of problems and the historical success of your site will suddenly become meaningless.
So, whilst you need to carry on doing whatever brought you a good readership or a large volume of sales, you also need to put your own needs behind those of the people who made your site what it is today.
Consider the security of your visitors, your server and all the data you have under your control. If you don’t, you will certainly regret it somewhere down the line.