Website security doesn’t tend to be a popular topic among small business owners. Sure, everyone knows it’s important, but it seems to be more of an abstract threat than, say, someone breaking into their car. So the cars get locked every day, but the website… well, it’s often left more vulnerable.
The truth is, website security threats are a more serious issue with each passing month. Simply put, more people are going online than ever before—including those with nefarious intentions. According to Internet network giant, Cisco, last year’s 6.6 million cyber attacks will grow to 8.4 million this year, and more than doubling to 17.4 million by 2020.
And don’t be fooled thinking that hackers are only aiming for big fish. Most cyber attacks crawl websites looking for weak links, and they tend to find them in smaller businesses with fewer resources dedicated to proper website security.
So how secure is your site? Do you think it could withstand potential attempts at hacking its code? Let’s review some of the best practices for enhancing your security (and restoring your peace of mind):
SSL (Secure Sockets Layer) certificates ensure that any data transferred between your website and your server is properly encrypted. It keeps any private data submitted by visitors to your site (i.e. contact information, payment information, etc) encoded during its transfer to avoid becoming compromised.
Having a valid SSL certificate for your website is the primary layer of security you should be offering visitors, and as of this year, has nearly become mandatory. That’s because, at the end of 2017, Google began warning visitors to any website without a valid SSL certificate that they are visiting a website that is “not secure” via its Chrome browser. And if getting your website flagged as a “not secure” isn’t bad enough, being without an SSL certificate also means your site is ranked lower in Google’s search results.
Not sure if your website has a valid certificate or not? Simply type in your URL and check if your web address begins with “https://” or “http://.” If you have an “s” it means you do indeed have a valid SSL certificate in place for your website. Depending on your browser, you may also see a lock icon or the word “secure” beside your URL as further indication of your valid SSL certificate in place.
If your website doesn’t have one, you can contact your host provider or domain registrar to purchase a valid certificate. If you have a webmaster who handles your website, simply ask him or her to purchase the right kind of SSL certificate for your needs. When we build websites for our clients, we automatically include a valid SSL certificate on their website, as it’s that important. It’s just one part of our definition of a modern website.
Choose a Secure Host
Your website’s data is stored by your hosting provider, which manages large numbers of servers that store data for countless websites. Because they house so much data, servers are prime targets for hackers. It’s wise to take the time to research your hosting options for your website and scrutinize the security claims made by various hosting companies.
Many different types of hosting options exist and, in general, the greater the security offered, the more expensive hosting becomes. Ultimately, having a dedicated server (which houses your website only) is the most secure option when it comes to hosting. This is also the most expensive option and is commonly used for very large or sensitive organizations.
Sharing servers with other websites is the most common arrangement, as it’s much more cost-effective. But shared hosting comes with the risk that the server itself will be vulnerable if any one of the websites it houses gets hacked. If this happens, your website would likely be down for a certain period of time while the host reorganized its data and patched its vulnerability.
We prefer cloud hosting for our clients, and recommend it for other small business owners as well. For the level of reliability, scalability, and security it provides, it’s the most cost-effective option. Our proprietary cloud hosting solution also ensures that our client’s websites are always lightning fast. We go into more detail about choosing the best host for your needs here.
Back it Up
When a website is attacked by malware (aka malicious software) or other invasive code, the result can be subtle or obvious. There’s a reason these programs are often referred to as “viruses” or “bugs,” as they operate similarly.
Malware can be latent, like a symptomless infection, operating in the background while silently recording sensitive information from you and your visitors. Or, it can reveal it’s presence instantly by affecting your content—leaving it scrambled, inaccessible, or completely wiped out. Ultimately, it can be a serious threat to your business and your peace of mind.
Considering that experts warn us that new malware code is released every 4.2 seconds, there’s no denying the need to not only secure your website from malware penetration, but also from losing all of your website’s content if your system were to get infected. Backing up your content is essential as a website owner, and most hosting platforms offer this service.
By directly hosting the website’s we build for our clients, we’re able to offer full website back-ups as well—and we do them every day. We take website security seriously, and if anything were to ever happen, we know we always have the most up-to-date version of a client’s site ready to be reloaded in an instant. Getting your website backed-up daily is definitely worth looking into if you want the best protection from the damage a website attack can create.
If your website uses any third party plugins, extensions, or apps, keeping them updated to their latest versions is a must. Developers of third-party software are constantly improving and updating their code to enhance features, and especially to remain fortified against hackers. It’s an ongoing game as hackers find new ways to manipulate weak code and developers respond by upgrading/changing it.
When this happens, the software updates include what are called “patches.” And that’s precisely what they do: they cover any gaping “holes” in the security of the software’s code. Since these programs are working within your website, their level of security directly affects the amount of protection your website has in general.
In addition to these external applications, you also want to be sure that your website platform is always the newest version as well. For instance, if your website is hosted on WordPress, you can easily and quickly check to see if any new updates are available for the WordPress platform. Keeping your software fully up-to-date is a quick (and essential) way to fortify your resistance to any potential invaders.
This might seem obvious, but a surprising number of people fail to select strong passwords for even their most sensitive accounts. A strong password contains a mix of letters, numbers, symbols, and capitalization. Ideally, it doesn’t even spell out a recognizable word.
These days, many of us are juggling several dozen passwords online. From the small copy order you placed online to the flight you arranged for an upcoming trip, you likely needed to create an account on both websites to complete your order. And having an account means having a password.
The simplest way to ensure that you have strong passwords across your various accounts is to use a password manager. While it may seem daunting to have a software application hold the keys to your digital life, it’s by and large one of the most popular pieces of advice from security experts. Instead of reusing passwords across accounts, as many of us do, a password manager generates long and complex passwords for all of your digital needs. You, then, only need to remember one master password to access this vault of keys.
Many people wonder which password manager they can trust, and the general consensus among security experts is to simply choose one of the most popular companies currently available (there are four: 1Password, Dashlane, KeePass, or LastPass) and go from there. The best part? Most of these companies offer basic password management for free.
You’ve put plenty of time, energy, and money into creating your website. It’s your storefront in the virtual world and, as record numbers of people continue to go online, will only play an increasingly important role in your business. Use these important tips for securing your website and don’t hesitate to contact us if you’d like professional help with your business’s online presence.