Why Website Security Matters
Businesses, large or small, depend on a website to operate successfully in our digital age. The website is the face of the business. It’s where customers come to learn about the products and services on offer, make enquiries, and conduct transactions.
Your business website can also be your “Achilles heel” if it is not properly protected with robust security features and practices in the face of a whole host of threats, that could severely damage the business and associated individuals. There are bad guys out there just waiting to get their foot in the door to get confidential information about you, your customers and anyone else associated with your business. They could steal information, data and disrupt or damage systems.
Some of the most common website security threats are:
- Phishing
- Ransomware
- Structured Query Language (SQL) injection
- Cross-site scripting (XSS)
- Distributed Denial-of-Service (DDos) attacks
- Viruses
- Worms
- Spyware
Hopefully as a business owner with an active and productive website that is helping to bring in the bacon you will never have to delve too deeply into what those noxious-sounding threats are all about.
If your website was professionally built by experienced, competent and qualified designers and developers, you should have all the security measures you need in place to repel any attacks.
If you are in doubt about the safety of your site and access to it, here’s some of the essentials that you can check on:
SSL (Secure Sockets Layer) Certificate
An SSL certificate is a digital file that verifies a website’s identity and encrypts the connection between a web browser and a web server. You’ll know if a site has one because it will be designated as HTTPS rather than plain HTTP, and a padlock icon will appear next to the URL in the address bar.
SSL keeps internet connections secure and prevents cyber criminals from seeing or interfering with online transactions, keeping customer information private. SSL certificates are issued on request by a Certificate Authority (CA), usually with the assistance of your hosting provider.
Web Application Firewall (WAF)
Any business website that collects personal information or payment details, or if it is self-hosted, will definitely need a WAF. A WAF can protect your website by monitoring and filtering HTTP/HTTPS traffic, blocking malicious requests and mitigating application-specific vulnerabilities. WAFS are available as a network or cloud service.
Two-factor Authentication (2FA)
Your website’s log in credentials are valuable and you can’t risk them getting into the wrong hands. Weak passwords are a common entry point for hackers. Enforce strong password policies to significantly reduce the risk of unauthorised access. If website users or staff are going to be utilising the log in details make sure passwords are complex and frequently changed. You could consider implementing two-factor authentication (2FA) for added security (quick and easy to install on a WordPress website as a plugin). This system requires users to provide not just a username and password but also a security key, token, smartphone app, or biometric characteristic to verify identity.
PC Anti-Virus Software
While it may not be directly related to your website, your PC or whatever device you use to log in to your website may well be a weak point when it comes to security. Malware, such as key loggers to record your password, could be planted by hackers intent on exploiting your website. To counter this make sure your PC has efficient antivirus software. Often this comes pre-installed, and it isn’t needed for iOS devices, but its worth checking that you have up-to-date, active antivirus protection running on your computer.
Data Backup
There are all sorts of potential disasters that can destroy or delete your business website’s files and database. Such a loss can have a big impact on your business operations, destroy your customer’s trust and confidence, and result in a lot of downtime while you try to recover.
Prevention is better than cure, so its best to make sure you’re never left in such a parlous position. Create regular backups of your website to avoid having to go back to building everything up from scratch if your website is destroyed by hackers, by accident, by an update gone wrong, or by a server failure.
If your website is frequently changed, back it up daily.
There are a few ways to back up your website – the easiest is with a WordPress site where you can use a plugin like UpdraftPlus or BackWPup to back up your files and database to the cloud, with an easy one-click restore. Alternatively, you can manually back up by transferring files from your site to your computer, or see if your hosting provider offers backups as part of their service.
Schedule a Security Audit
If you have any doubts at all about your website security – or even just for safety’s sake – it’s worth arranging a professional security audit of your site with regular updates. Let the experts scan, analyse, test, review, assess and verify your website’s integrity with a combination of AI tools and human expertise. You can have specialists help you put in place a comprehensive incident response plan so that if the worst should ever happen, recovery will be less costly, damaging and time consuming.
Call Us
Here at Dentons Digital we can’t stress enough how important website security is – we make it a priority in every website build we undertake for our clients. We believe security should not be an “add on” or an afterthought – it’s a fundamental part of good website design. Call us on 01373 482774 to chat to us about your business website security.