With over one billion websites on the Internet today, as an owner of one of those sites, you might be thinking that there isn’t much chance that a cybercriminal might target yours. However, before we even come to that, let’s step back for a moment and consider what your website means to you.
As an individual, you might just own a personal blog or even a tiny business online that you think is negligible. There is a value in everything and even a tiny site holds some sort of data. Perhaps a login name and password that you use across all your online accounts? If you own a small business, your website represents your brand and reputation, along with tons of more valuable information that not only belongs to your, but also your customers.
If you’ve come across articles from Forbes, The Economist or any number of Internet security companies out there today, it’s highly likely that you’re aware of the term ‘Data is the new Oil’. It has become one of the single most valuable assets available online today and just like anything, can be stolen and traded or exchanged.
Cybercriminals won’t care if your website is tiny, they use tools that run free testing every site they come across, simply collecting information. If they can’t use the information, they can always sell it to someone else who can.
Since most us do not physically own and maintain the equipment that we host our websites on, we’ll be looking at the non-physical aspects of website security. This involves two main areas; 1) securing the website itself and 2) securing the data that your customers provide to you. Keep in mind that anyone who visits your site can be considered a customer, not just those who are making purchases from you.
1. Keep your scripts and tools up to date
Make sure your site platform and any other scripts you’re running are up to date. Every software known to mankind is released with bugs and possible security loopholes. Even those that are kept updated will have these loopholes. All it takes is a single vulnerability and cybercriminals will be able to gain access. By ensuring that you perform regular updates, the chances of security loopholes being exploited are reduced.
This is especially important for those who are using website tools which are open source. By their very nature, open source tools leave themselves vulnerable to those who are looking for exploits. To combat this, there are numerous tools that you can use to help you check.
Scan My Server offers a free security testing service you can try. Just enter your site URL and it will help you to scan for security weaknesses such as cross site scripting, SQL injection and many other vulnerabilities. The first site you scan is free, but if you have more than one, then there’s a small fee involved.
Another option is Web Inspector, although this is much more limited. Web Inspector will help you scan for Malware that might be infecting your code. It’s also unfortunately limited to scanning a single page at a time. The tool is quite good though, having been developed by security company COMODO, which is a specialist in Internet security solutions.
2. Come up with secure passwords
I can’t even remember how many times this issue has come up already, but for some reason so many users come up with passwords that cybercriminals can even guess if they wanted to.
Hacking tools are so sophisticated today that the 6-digit pin number passwords of the past now seem like a joke. Come up with a password that combines uppercase and one lowercase characters, special characters and digits.
If you REALLY can’t remember your passwords, try using a password manager to help you keep track.
Be aware though that again, these are applications and as such can also be hacked into.
To start you off, try LastPass, Dashlane or KeePass. Some are free, some are not.
3. Use HTTPS and SSL
Many people are still not aware very of HTTP and SSL, but as a site owner these are important.
For those who are running online shops or performing any kind of transactions for your customers online, SSL is NOT optional. SSL certificates can be obtained from many sources but your best bet is to get one from a reputable provider such as Digicert. Alternatively, many web hosting providers such as A2Hosting also act as a third-party re-seller and can sell them to you.
If you’re just starting out, let your web hosting provider know you intend to start an eCommerce site and it’s likely that they will have a package deal that includes everything you need. Click here to see WHSR’s comprehensive list of potential website hosts.
Incidentally, even if you’re not going to run an eCommerce site, web companies today are looking out for security as well.
For example, Google is now using HTTPS as a ranking signal. By doing this, they help ensure that people who use their search engine will be directed to authentic and safe websites.
4. Backup your files
No matter how we, there’s always the chance of Murphy’s Law occurring and while that just sucks, it does help to be prepared. Keeping at least two sets of backups is ideal, one onsite and one offsite. The important thing is to keep the data constant so that there is business continuity in case of any attack or even file corruption. Keep in mind that this applies to the information in your database as well, not just your site files.
Again, many web hosting providers today offer this service. Some perform basic backups for free, but if your business reputation depends on your website, it might be a good idea to consider more comprehensive plans.
5. Keep your customer information safe
The digital century is one that comprises of great advances in technology, but that means as people digitize, more of their personal information than ever before is moved online. As a business, your responsibility is to ensure that you help them keep the information that they’ve shared with you as private and secure as possible. This not only includes payment information such as credit card numbers, but also personal information, including names, identification number and so on.
This is where what we discussed earlier about SSL partially comes in. SSL, or Secure Socket Layer is what keeps information secure during transmission from one point to another. Unfortunately, SSL only keeps the transmission safe. You still must make sure its secured once it reaches your website!
If possible, don’t store sensitive data if you don’t need to.
Since that’s practically impossible to do, this is where encryption comes in. Some platforms such as WordPress come with password encryption for user accounts and other bits of information. This is basic, but not ideal.
If you’re hosting your own website on a self-owned server, there are multiple ways you can set up encryption on your own. For those who are renting server space, this is again where you’ll have to revert to your hosting provider.
Other options to boost your site security
Even the best security plans you lay out may not keep cybercriminals at bay. If the thought of having to go through all the steps above to keep things safe is starting to give you a headache, don’t worry there are other options.
Today, there are multiple ways in which you can get help from experts at a fraction of the price it used to cost. Let’s take a look at three website security companies: Securi, Incapsula and Cloudflare.
Sucuri is a very reputable web security services provider and offers a whole range of services from as low a price as $US16.99 per month. For a monthly fee, Sucuri offers everything from website security and monitoring all the way to a disaster recovery plan. Complete peace of mind all wrapped in one nice, secure package.
|Features / Pricing
|Running on one website
|Web App Firewall
|Layer 7 DDoS Protection
|Advance DDoS Migitation
|SSL Cert. Support
Incapsula is similar to Sucuri and also offers similar solutions to both Sucuri and Cloudflare, but its pricing plans seem less structured. There are no outright tiers and pricing is based on requests for quotations. Each product Incapsula offers seems to be individual components, so those hoping for a reasonably priced ‘all-in-one’ solution might have to look elsewhere.
Cloudflare is more well known by reputation as a Content Distribution Network (CDN), which is also primarily how it has built up a solid name in securing clients sites against Distributed Denial of Service (DDoS) attacks. Again, like Incapsula, Cloudflare pricing tiers are rather more obscure.
From simple do-it-yourself security fixes all the way to dedicated web security companies, there are so many options available for site owners today that in all honesty, ignoring the problem is criminal negligence. The issue of sky-high pricing is also a thing of the past, and almost all business today should be able to afford at least the very basics in security solutions.
Above all, start from your web host, which is the basic platform for your website in the first place. Make sure that you choose the host that is capable of offering you the right tools, and not just aim for the cheapest option.
To start you off, have a look at how we recommend you evaluate a potential webhost.