5 Tips to Ensure Your Website is Secure
Security is a currently huge hot button issue with all of our clients. It used to be that if you weren’t “selling” anything on your website you didn’t really have to worry about website security. But those days are long gone!
As recent news reports have shown us, no system is 100% secure. We have seen Fortune 500 companies that spend millions on security breached. So what can a small business owner do to protect themselves?
1. Ensure your site has an secure socket layer (SSL) certificate installed
I’m sure you have see the little lock icon next to the web address in your browser, but do you know what it means? The lock icon means that all the data sent to and from your computer (laptop, smartphone, tablet, whatever…) is encrypted. Therefore, if a “hacker” is able to look at your data stream, it would be gibberish.
This is not only important to protect your user’s data, as it is sent to your website, but most websites have an “admin” or “management” portal that is accessed using a username and password. Having an SSL protected site will protect others from gaining access to your website.
The cost of an SSL certificate can vary from $0 – $800 per year. Most hosting plans will provide you a basic SSL certificate at no cost.
2. Use a web application firewall (WAF)
How many movies have you seen where somebody yells out: “they’ve breached the firewall!” Do you really know what a firewall is? Basically, a firewall is a piece of code that looks at network traffic and stops “bad” traffic and allows “good” traffic. A web application firewall (WAF) is specific kind of firewall that looks at visitors to your website and stops visitors from doing bad things. They may be accessing your website through a legitimate means, but what they are doing on your site isn’t.
The cost of a WAF is around $20 per month, but normally WAF providers will also include other services (like a CDN) for no additional charge.
3. Back-up your site daily
Knowing your website is backed up is like a “warm blanket” that removes stress! If your site is compromised, you can restore from your last back and be back up and running in no time. Let’s be honest, if your site is down, the only question you want answered is – “when will it be back up again?!?!”
The cost of daily back-ups vary from $0 – $5 / month. I would first check with your hosting company on how often your site is backed up. How many back-ups are kept? (If you don’t notice the error for a couple days and you only keep one day of back-up… You are out of luck!) Cost and timeline to restore a back-up. If your host doesn’t have a clear and quick method for you to see your back-ups and restore them; I would recommend getting an off-site back-up service. An extra $5 / month is well worth the peace of mind!
4. Update your content management system (CMS) monthly
Almost every modern website is built using a content management system (CMS). The most common are WordPress and Joomla, but you may know it just as the “admin” or “management” portal. If your website has login where you can edit the content of your website, then you have a CMS.
A majority of security breaches occur because your CMS was compromised. Either through a bug in the CMS code or through the “hacker” gaining knowledge of your login credentials. In the SSL section I covered how your CMS credentials could be compromised, so we won’t review that issue. The second potential problem is a security hole (or “bug”) in the CMS code. If you are using a current CMS then the code will get updated monthly, and you should update your server’s version of the CMS when new updates are released.
There are paid tools that can help you track and update your CMS, but generally you simply have to login and click “update.” Of course, do a back-up before you do any updates!
5. Monitor your site daily
This seems like a “no brainer” but check on your website daily. A simple and easy way to avoid your clients seeing a compromised website is to check it daily and revert to back-up quickly. This will also ensure you site never lands on a “blacklist” – because once your site is on a blacklist it can take weeks or months to get it removed.
There are 3rd party tools that will “ping” or check your site for you, but you can easily make it part of your daily or weekly processes.
There is no guarantee that your site won’t get “hacked” but there are simple steps you can take to avoid a compromised site or to be back up and running quickly after a compromise.
If you are a client of ours and have our “customer care” plan, these are all things we automatically do for you.