Imagine your customer picks up your business card and decides to go see what you are all about.  Their first impression is a glaring red warning from their web browser.  What could be worse for destroying your reputation!

I just met with a new client who fell victim to this very problem. Fortunately for them, they reserved their domain months ago, but had yet to do anything with it. For small businesses that do business online, the effects could be chilling.

The client likely experienced this problem because of a keystroke logging piece of malware on one of their laptops. This problem is less rare than you think; there are millions of computers infected.  In a recent paper entitled Do Strong Web Passwords Accomplish Anything? researchers point out that phishing and key-logging schemes are the most likely culprits today. So by all means continue to use strong passwords, but this is useless if you allow malware onto computers that you use to update your website.

Many other businesses use FTP to update their website without knowing that the password they use to login is being sent across Internet in clear text for anyone to find. As Slashdot reports in a post R.I.P. FTP many attacks come from improper use of FTP to update sites. Instead, you should be using SFTP or FTP over SSH. If your hoster does not offer this service, find one that does.