Protecting your website: would you rather take a risk or invest in security?
Although citizens are increasingly concerned about their security online, some website owners still fail to properly secure their site. Why?
Websites are not secure enough
A recent survey conducted by CBS revealed that, in 2015, more than half the Dutch population was concerned about online security.
And as a consequence
- they have put less content online
- shared personal information more carefully
- and sometimes even cancelled online purchases.
One would normally expect website owners and webmasters to take this (reasonably) cautious approach too. Oddly enough, that is not the case at all. Many e.g. still use obsolete versions of a content management system like WordPress. Or plug-ins are not up-to-date, or, even worse, critical security updates are not installed
Many also work in an insecure environment: they e.g. log in to their dashboard to work on a site through an insecure connection, or transfer files via FTP without using an SSL connection.
And, believe it or not, but “admin” as admin login and “123456” as password are not fiction!
Why this irresponsible behaviour?
Taking risks with security: the Prospect Theory
Do these website owners and webmasters believe security is not an important issue? Or do they attach importance to it, but think their site is not interesting enough to catch the attention of hackers? Or does security require too much time and money? Do they prefer to take a risk and bet that their site will not be attacked?
A possible explanation can be found in the Prospect Theory, which states that people prefer to suffer a greater but uncertain loss over a smaller but certain loss. And webmasters and website owners who work in an insecure environment would thus prefer to take the risk of being hacked rather than having to invest in security now.
People prefer to suffer a greater but uncertain loss over a smaller but certain loss.
Weak security may cause enormous damage
This uncaring attitude can have severe consequences. A hacker attack can indeed be a dramatic experience:
- losing the trust of your customers
- having your reputation tarnished
- negative SEO
- data theft…
Updates to a CMS, for instance, are not only meant as a cosmetic procedure or a way to add extra features. Often, their purpose is to fix a security issue. The latest WordPress update e.g. fixed a dangerous cross-site scripting (XSS) vulnerability.
Paying for a secure working environment is definitely a much cheaper option.
The security of your website: it's important!
So, do not be fooled by the Prospect Theory when it comes to the security of your website. With Combell’s CMS hosting, we guide you as much as possible when you need to update your CMS and plug-ins. Thanks to the Automatic Patching service, vulnerabilities in scripts and malware issues are fixed automatically.
In our article “Secure your WordPress site: 10 ground rules”, you will find several ground rules, which do not exclusively apply to WordPress. Combell’s free e-book “How to keep hackers away” contains even more tips that you can use right away.