Imagine leaving your car parked in a crime-ridden neighborhood. Would you leave your windows down and doors unlocked? Unfortunately, the internet is very much a crime-ridden neighborhood and too many of us are not even taking basic security steps to keep our websites protected.
The goal of this article is to give you some general best practices that can help you keep your website secure from many common cyber threats. Think of this as advice on “How to roll up your windows” and “How to lock your doors” – very straightforward but important steps. While a determined hacker may still be able to break into your vehicle, following these steps will substantially decrease your chances of becoming a victim of a cyber-based attack.
Keep all software updated, always
This applies not only to your website, but to every piece of software you have installed on your workstations. Hackers regularly find vulnerabilities and security flaws in software. Software vendors, on the other hand, are regularly providing software fixes to patch up vulnerabilities that are found or exploited. If you don’t update your software when updates become available, you could be leaving a wide-open door for hackers to exploit.
You need to keep all software updated on your workstations because an infected workstation could give access to other systems, including your website. If your website is powered by a content management system, such as WordPress, you will need to keep the content management software updated at all times, including any plugins you may have installed. Because content management systems, like WordPress, are so widely used, any security holes that are found can also be exploited widely.
Keep backups of your website, local and offsite
When your website has been hacked and injected with malware, the most secure way to fix the issue is to restore your website from the most recent backup prior to the hack. Make sure the sever your site is hosted on is being backed up daily, and make sure your webmaster is retaining copies of your site locally (securely, of course) as an extra precaution.
Use a reputable hosting provider
Not all hosting providers are alike. Many discount web hosting companies do not make adequate investments into security. Ask your provider how they keep your websites protected. Be sure they make regular software updates to the server operating system and other installed software. Ask if they proactively scan and address security issues. Business-focused providers, like Newtek, have invested millions into system and network security, and have adequate staff to manage and monitor systems around the clock.
Manage User Access
It is import to limit who has access to your important systems and website. This is not because you shouldn’t trust your employees – it’s because the more staff you have with access to systems, the higher the probability of someone from your business becoming victim to a cyber scam or hack, which could then lead to unauthorized access.
If you have multiple people from your business that needs access to your website, be sure they only have permission to the areas they need. For example, the content management system WordPress allows you to assign different access levels to different people.
Use an SSL Certificate
An SSL Certificate is used to establish a secure, encrypted connection between your website and a visitor’s web browser. If your website utilizes logins, processes payments, or stores personal information, an SSL certificate is not only required from most compliance standpoints, it will also give assurances to your visitors that you take their privacy and security seriously.