Making your website live is like unlocking the door to your premises with your office and safe open: Most of the people who visit your physical building will never even know that all of your data is there to discover just by walking in. Occasionally you will find someone with malicious intent who will walk in and steal your data. That is why you have locks on doors and safes.

Your website is just the same, except that you will never see anyone come in unless you have protection systems in place. Electronic thieves are invisible and fast., searching for your website for details of customers’ accounts, especially for their credit card information. You have a legal obligation to protect this data from theft and to report security breaches that occur.

Related: A Seven-Step Guide to Protecting Customer Privacy

Theft is not the only thing on the mind of a hacker: Sheer destruction is a major motivator. Hackers may want to destroy all your records, put a sick message on your customers’ screens or just destroy your reputation.

You can never undo the damage done by a hacker, you can take steps to prevent it. Even the most basic protection will discourage many hackers enough to make them go looking for easier pickings elsewhere. Thieves are likelier to steal from people who leave their doors unlocked.

1. Stay updated.

2. Toughen up access control.

3. Update everything.

Updates cost software companies money. They only do it when necessary, yet many people who use the software do not install updates immediately. If the reason behind the update is a security vulnerability, delaying an update exposes you to attack in the interim period. Hackers can scan thousands of websites an hour looking for vulnerabilities that will allow them to break in. They network like crazy, so if one hacker knows how to get into a program then hundreds of hackers will know as well.

Related: 5 No-Brainer Tips to Avoid Getting Hacked

4. Tighten network security.

• Logins expire after a short period of inactivity.
• Passwords are changed frequently.
• Passwords are strong and NEVER written down.
• All devices plugged into the network are scanned for malware each time they are attached.

Ever since I founded my hosting company, we’ve had to watch our network security on a minute-by-minute basis not to be hacked.

5. Install a web application firewall.

A web application firewall (WAF) can be software or hardware based. It sets between your website server and the data connection and reads every bit of data passing through it.

Most of the modern WAFs are cloud based and provided as a plug-and-play service, for a modest monthly subscription fee. Basically, the cloud service is deployed in front of your server, where it serves as a gateway for all incoming traffic. Once installed, web application firewall provides complete peace of mind, by blocking all hacking attempts and also filtering out other types of unwanted traffic, like spammers and malicious bots. This is a great way to avoid getting hacked like Craigslist.

Related: Google Unveils Project Zero, an Elite Cybersecurity Squad to Fight Hackers

6. Install security applications.

7. Hide admin pages.

8. Limit file uploads.

9. Use SSL.

10. Remove form auto-fill.

When you leave auto-fill enabled for forms on your website, you leave it vulnerable to attack from any user’s computer or phone that has been stolen. You should never expose your website to attacks that utilize the laziness of a legitimate user.

11. Back-up frequently.

Just in case the worst happens anyway, keep everything backed-up. Back up on-site, back up off-site, back up everything multiple times a day. Every time a user saves a file it should automatically back up in multiple locations. Backing up once a day means that you lose that day’s data when your hard drive fails. Remember every hard drive will fail.

12. You can’t hide your code.

You can buy software that says it will hide the code on your webpages. It doesn’t work. Browsers need access to your code in order to render your website pages, so there are simple ways to get around web-page “encryption.”

Disabling “right-click” as a way to view your website code is annoying to users because it also disables every other “right-click” function, and there are simple workarounds that every hacker knows anyway. If you have been told that it is possible then read this article on HTMLgoodies.com to get in-depth explanations of why you can never hide your code.

Your Experience: Has your website been hacked? How did the criminals get in? Please use the comments facility below to share your story including the changes you made after the attack

Related: How to Protect Your Small Business Against a Cyber Attack