Whether you have a personal blogging website or you’re running an eCommerce business, security should be the lynchpin to its operations. Security breaches and data leaks occur on even the biggest websites, so it’s crucial not to become complacent with security checks. So what should you be looking out for as a bare minimum to ensure your website is protected?
- As a website owner you probably use an FTP (File Transfer Protocol) where you upload your files to be hosted and then published on your site. But for added security it’s best to opt for a secure file transfer protocol, (SFTP) especially if you work with a website that uses this for a large number of sensitive files and images. This will provide your files with an additional layer of protection and make them less vulnerable to interception or modification by third party sources.
- If you run or are planning to start an e-commerce website then SSL is a necessity. SSL (Secure Sockets Layer) provides an encrypted path between the browser and web server and will protect customer information such as personal details and credit card numbers from being intercepted.
- Coupled with this, is compliance with the PCI Data Security Standard (PCI DSS), which is vital for all merchants who accept credit cards online to make sure that customer’s payment data is protected. The size of your business will determine the specific compliance requirements that must be met.
- Select your web hosting provider with security at the forefront of your mind. Robust security should be as important to the hosting company as it is to you. Check to see if your web hosting providers have their servers in a secure environment and use high standards of equipment. Make a list of your top security worries and risks and see if they can respond to your requirements.
- Is your data backed up? Backups should be performed regularly in order to protect your site in case of a problem. A good hosting provider should provide a full, regular backup of your account, or at the very least, provide you with a method that allows you to back up your own site. Your data is one of the most crucial parts of your business and disasters regularly occur. Make sure you check to see how often your host backs up its servers and how they do this.
- Your web host should make sure its servers are maintained to limit the risk of security attacks. Check to see if the host has a published security protocol which is a positive, although not fully guaranteed indication that they are as security conscious as you. Also ask them about their hardware. Are they using the latest (and the best) equipment such as Cisco switches and routers?
- If you use a WordPress site and have themes or plugins installed that you don’t use, be sure to keep them up to date and delete any you don’t use. Just because you are not using them, doesn’t mean they are free from risk. An out of date plug-in is one of the quickest things for a hacker to pick up on and updates will often fix reported security issues.
- Weak passwords are still one of the easiest ways for a hacker to access a website. They are savvy to our weakness to remember difficult passwords, so be sure to follow the basic rules of password selection. Make sure they are at least 15 characters long with a variety of upper and lowercase letters, symbols and numbers. Common passwords make life easy for hackers, especially if you do the cardinal sin and use the same password for multiple sites.
It’s crucial that you review your website security at least twice annually to ensure you are never vulnerable to new security risks and threats.