Stop Hackers: How to Maintain a Secure Tour Website
Your tour or activity website is your time to shine — it’s where you get to show the world what’s fun and unique about the experiences you offer — and you’ve probably spent a lot of time optimizing it for user experience, SEO, and conversions.
Of course, your site isn’t just about promoting your incredible experiences. It’s also an opportunity to establish your reputation and build trust in your business. That’s why it’s essential to keep your website secure from incidents like cyber attacks and hacking.
If you haven’t put much thought into cybersecurity, you’re not alone. It’s certainly not as exciting as promoting a new activity or showing off a glowing 5-star review, but it is a critically important part of maintaining your online presence. According to a University of Maryland study:
A hack occurs every 39 seconds in the U.S.
It goes without saying, you don’t want your business to be at the receiving end of a cyber attack.
Fortunately, there are a few easy ways to keep your site secure – and chances are, your web hosting provider has already implemented various methods to keep your business safe. Let’s break down what cybersecurity actually entails and how you can secure your business.
What Happens When a Website Gets Hacked?
We’ve all heard the word “hacking,” but what exactly does it mean for your website? Essentially, when a website is hacked, it means that someone has gained access to the backend of the site, or the website files, with malicious intent. There are several things the hacker might do:
- Steal personal data like customer information and credit card details.
- Add links to their own website to increase traffic to the website (oftentimes a “sketchy” or “dodgy” site).
- Add malware that could attack your customers’ computers.
- Create pages filled with links to stores selling fake merchandise.
- Send spam/phishing emails to your customers.
- Threaten to withhold access to your site or publish sensitive data until you pay them a ransom sum.
Usually, the hack will be fairly obvious to you, especially if you’re familiar with the ins and outs of your website. It’s important to remember that a cyber attack doesn’t only affect you and your business – it can harm your customers as well since their private data can be exposed.
It’s natural to feel worried about the security of your website, but now that you have an idea of what a hack could look like, you can follow these tips to stop one from happening in the first place.
One of the first items to verify on your website is an SSL, or Secure Sockets Layer, certificate. When you see the lock symbol and “https” in the address bar when you browse the web, this means the website has an SSL certificate.
SSL encrypts data passing between your site and visitors to protect things like credit card numbers and personal information. The average web user expects to see SSL on your website, and Google has even started flagging websites without it as “potentially not secure.”
Getting an SSL certificate is quite simple, and we cover all the benefits and how to get one in our SSL guide.
Backup Your Website
A website backup is essentially a copy of your website data, including media, content, and files, and having one acts as a safety net in case you lose access to your site. This way, you have a recent version of your website stored and ready to be relaunched. With a backup handy, you can get your site up and running fast and avoid missing out on bookings.
There are multiple ways to backup your website, and if you haven’t done this yet, we strongly recommend it. After all, you’d hate to lose all the amazing content you’ve worked so hard to create.
- WordPress users can use a plugin like VaultPress to manage their own backup preferences. You can download backups, fix vulnerabilities, and monitor your site in real time.
- Talk to your hosting provider about backups. Many hosting providers include backups in their plans or can add this service for you. It’s important to keep in mind that they may have limited storage, so depending on the size of your site, you might need additional backup services.
- Use a backup service like Backblaze or IDrive. Most services offer features like multiple device backup, online file sync, and activity reports. They can also include malware security, which scans your site regularly to provide alerts and automatic malware removal.
When in doubt, your web developer or hosting provider are good first points of contact for getting started with website backups.
Use Strong Passwords
The password requirements you encounter on various websites may seem annoying (do I really need so many numbers and symbols?) – but those requirements are in place for a reason. Strong passwords, especially when it comes to your backend login, keep hackers out, while passwords like “qwerty,” “123456,” and “password” aren’t doing you any favors.
Password pro tips:
- Don’t use phrases that are easy to guess. Instead, combine three random, unrelated phrases.
- Make your password long – ideally 16 or more characters.
- Don’t reuse passwords.
- Never use personal information like your name in your password.
- Use a password manager to keep track of your passwords and to generate a random sequence of characters for strong passwords.
Keep Your Website Up to Date
Your website is at its strongest when it uses up-to-date software. It’s important to regularly run updates for your core software, as well as any plugins you’ve installed on your website. If you let these items go out of date, your website can become more vulnerable to glitches, bugs, and of course, hackers.
Most website builders handle software updates and security issues for you, but it’s always a good idea to check with them to make sure you stay on top of things. If you’re on a FareHarbor site, rest assured the software is up to date. If you’re on a self-hosted website or a platform like WordPress, it may be up to you to run updates when necessary.
Be One Step Ahead of Hackers
In other words, don’t make things too easy for potential hackers.
- Be on the lookout for phishing scams. Phishing scams usually take the form of emails that may look like they’re from a company you trust. Oftentimes they tell a story to trick you into opening an attachment or clicking a link, for example, saying that they’ve noticed suspicious activity or login attempts or want you to click on a link to make a payment. If you receive a suspicious email, don’t click on any links or open attachments. Instead, delete the email and navigate to the company’s real website from your browser, where you can make further inquiries.
Pro tip: Check the sender email address if you’re suspicious. Verify that it’s from the company it claims to be in the body of the email. Google is getting better and better at identifying phishing attempts, and will mark the message as spam, like in the below example.
- Don’t work on your website in a public place, such as an airport or coffee shop, on a public or open internet connection. These connections aren’t safe.
Pro tip: If you must work in a public place, make sure that you are on a virtual private network, or VPN. VPNs allow you to create a secure connection to another network over the internet and protect you from prying eyes on public Wi-Fi. NordVPN and ExpressVPN are two great options.
- Make sure that your website admins are people you trust who are security-conscious. Similarly, if you need some work done on your website, make sure you’ve employed a verified professional.
Similarly, contact information establishes trust between customers and your business. In fact, 44% of users will leave a company’s website if there’s no contact information (Inc.com). Potential customers want to know that the business they’re booking a tour or activity with is legitimate. Provide your physical address, phone number, meeting location(s), and even staff profiles in the footer of the website and on a dedicated contact page.
Good website security fosters trust in your business and makes potential customers more likely to do business with you. It starts with choosing a reliable website builder or hosting provider and taking small steps to educate yourself about how to run your site, make passwords secure, and be wary of phishing scams. These security factors will help you protect your business – and your customers!