With the hot topic that cybercrime has become today, you may have diligently followed our cyber security checklist and established a data backup plan, replaced outdated servers and engaged in security awareness training for employees.
But often times, an overlooked aspect of IT infrastructure is your website security. Quite often, business websites don’t reside on a local network, but instead at a third party managed hosting provider.
A common mistake is the assumption that by choosing a reliable hosting provider, your website is by extension secure.
Many modern-day websites are built using content management systems (CMS) like WordPress or Joomla.
But when it comes to software, a “set it and forget it” approach leaves your website vulnerable to security risks. Cybercriminals know that CMS installations like WordPress that make up about 37% of websites today.
Naturally, they constantly look for ways to exploit this. But regardless of what software or programming language your website utilizes, these security measures can help you enhance the security on your website. Here are nine proven ways to boost security on your website.
1) Use an SSL Certificate
The use of a SSL certificate creates a secure environment for both visitors and website owners. In technical terms, a SSL certificate is a small digital file that enables an encrypted connection. Without it, visitors run a higher risk of getting their data stolen. It’s similar to putting a letter in an envelope before mailing it.
If you want to know if your website is using an SSL certificate, just look at the URL; if you see a padlock icon in the browser bar, there is an SSL certificate installed successfully. If not, you either don’t have an SSL installed or there are unsecure elements on your page that are not referencing the secure URL.
2) Ensure Regular Backups are completed
Most web hosts include daily backups and in most cases, those backups take place on a daily basis. If you need more frequent backups, you can adopt an additional backup plan to keep your website and its content protected. If you frequently update your website, it’s a good idea to have more than one backup run on an hourly basis so you can quickly restore the website without losing your work.
3) Use Secure Usernames and Passwords
If your website is running on a CMS, one of the best ways to secure your website is by using strong usernames and passwords. Opting for a totally unique username rather than ‘admin’ can go a long way. Long and complex passwords that are changed frequently are best. This applies to your hosting account as well, but let’s not forget your domain provider.
Hackers have been known to target popular registrars like GoDaddy and once they gain access, they’ll redirect your website to another unscrupulous site without your knowledge. Many web hosts and registrars now offer multi-factor authentication for added security.
4) Delete Unnecessary Users
When a staff member is terminated, it might be easy to overlook all the areas of access they had as an employee. Your first thought might be to restrict their cloud access to important business documents, but if the employee had login access to the website (at any time), don’t forget to remove their user account.
Unscrupulous motives aside, if that staff member got in the bad habit of using the same login details over and over, this could present a huge security risk for your website. With just a little research, a hacker could compromise their email, trace it back to your business website and sell those credentials on the dark web!
This is why every business should have a process in place to remove employee access whenever a change in employment status takes place. Ideally removal of access should take place before the separation, but at the very least, access should be removed the minute the former employee walks out the door for the last time.
5) Exercise Precautions with Uploaded Files
There may be times when employees, customers and others will need to upload files to your website, but you should exercise extreme caution before allowing those uploads to go forward. Scanning potential uploads for viruses and other malware is essential, as is vetting the individuals and entities that plan to do the uploading.
It is important to have a formal plan in place that details things like who is allowed to upload files, what kinds of files can be uploaded and how those uploads can be monitored and secured.
6) Select Reputable Website Hosting
While it is possible to host your website on your own server, if you lack the capabilities for server maintenance and don’t want to outsource it, you could opt for an external web host. If you need a reliable hosting partner with an excellent reputation and robust security measures in place, contact Ontech Systems for a recommendation.
7) Install a Security Plugin
There are a variety of security solutions available on the market today that can enhance the security on your website. If your website runs on WordPress, consider installing a security plugin like Wordfence. Another option is a solution like Sucuri that offers security measures like website firewall, backups, DDoS protection, malware removal and more.
8) Keep Software and Plugins Up to Date
Installing software to protect your website and enhance security is only the first step. If you want to keep your website secure, updates should be installed as they become available. Many solutions have an auto-update option available since updates are released frequently to combat cyber threats.
9) Enable Spam Protection
Unsolicited emails containing infected links are one of the major cyber threatsthat businesses face today. All it takes is one click by a single employee to infiltrate the entire network if the proper security measures aren’t in place. Since many hacking attempts originate via unsolicited emails, solid spam protection is an absolute must.
If you want to keep your website protected, you can use strategies like Google recaptcha or plugins like Akismet for comment spam on WordPress. Securing your website can be tricky, but you don’t have to face it alone.
For over 8 years, Ontech has partnered with Net Success Marketing to provide our company and clients with a full spectrum of website design, development and digital marketing services.
Whether you need assistance migrating to a new web host or you want to enhance security on your website, we can provide you with guidance on all aspects of IT security to keep your business and website safe from cyber threats. Contact our support team today to get started.
