July 8, 2014

Proactively Keeping Your Website Secure in 5 Easy Steps

Written by

web-security-tipsAs a business owner, keeping your website investment and online data safe is a top priority. However, this can sometimes prove to be a difficult task. One does not have to look too far in order to see examples of devastating security breaches (eg. the Heartbleed bug, Target credit card data leak). In fact, according to the online security firm Sophos Labs1, approximately 30,000 new websites per day are identified as distributing spam or malicious code. Most of these are small business websites that have been hacked and turned into malware distribution zombies. But fear not as there are some basic steps all website owners can take in order to keep their site and online data safe and help prevent becoming a hacking statistic.

1. Website Hosting

Choosing the right company to host and protect your website and online data is extremely important and not all website hosting companies are equal. While your needs may vary as to the platform requirements (eg. LAMP stack, ColdFusion, .ASP) here are some things to keep in mind when searching for a good website hosting company:

  • Independent reviews consistently give the company high marks
  • Review their uptime service reports, not just their “guaranteed uptime” statement
  • Don’t shop on price alone, as “you get what you pay for” applies here too
  • Multiple channels of support like phone, chat and forums should be available
  • Find out what versions of server-side software packages they are running as this can give you a sense of how often they upgrade for security and feature purposes
  • Ask another business owner with a similar-sized or purposed website who they use

2. Up-to-date Software

If your website uses any type of content management system (eg. WordPress, Joomla, Drupal, phpBB) or special software to manage a shopping cart, send newsletters or accept donations online it is important to have a maintenance strategy in place. A successful maintenance strategy should accommodate for both regularly scheduled updates (eg. every 3 months) as well as critical updates that are more urgent to address. Keeping your website up-to-date will help protect your investment against hackers and easily preventable security breaches.

3. Strong Passwords

It seems like this recommendation makes every blog post, news article and top 10 list on web security but for a good reason. Arguably having a strong and unique password for all of your online accounts is the simplest thing you can do in order to protect your website and online data. This means a unique password for your website hosting control panel, FTP account(s), website admin account and all front end user accounts. Opinions will vary on what defines a strong password but a minimum of 10 characters with a combination of both upper and lowercase letters, numbers and symbols should do the trick. There are online and downloadable password generators that can help you complete this task. Once you have your passwords set, simply write them down or enter them in a spreadsheet so you don’t lose them.

4. Regular Security Scans

Scan your website files on a regular basis to help discover any unexpected file changes or newly introduced malware. There are a number of scanning services that can assist in this task. Also, check with your website hosting company as some offer this service for a small monthly fee. If an issue is discovered you can take proactive steps to address it before your domain gets black listed or worse.

5. Backups, Backups, Backups

Having a current backup of your website and database files is paramount. Don’t just trust your web hosting company server backup procedures. If your website does get hacked it can take some web hosting companies up to 5 days to restore a backup image of your website. It is much better to have your own off-server backup of all files and databases that can be restored in a matter of minutes or hours, not days. If you do get hacked you can use a backup copy of your site to assist in the discovery of the vulnerable file(s) and/ or entry point of the hack.

While this is no means an exhaustive list, following these 5 recommendations will help keep and maintain the security of your website and online data. Ask your website design company if they have an active security monitoring program in place to help keep your website investment and online data safe and secure.

1 www.sophos.com/medialibrary/PDFs/other/SophosSecurityThreatReport2012.pdf

Ross McClenahan

Ross McClenahan is co-owner and Lead Developer at Tree Top Web Design, a Santa Cruz Web Design firm.

plus.google.com/+RossMcClenahan |