10 steps to good website security

In our 12 years of operating in the Website Design and Hosting industry we’ve had the pleasure of working with many clients including self-employed, partnerships, limited companies and larger multi-national organisations.

Interestingly, the one thing that almost all our clients have in common is that when we first started working with them, they did not understand the importance of good website security. 

Risk and Consequence

Lack of awareness in terms of risk and consequence generally means that someone who is either having a go at building their own website or who has commissioned a designer, such as Knavesmire Creative Ltd, doesn’t feel that they need to ensure their website is fully protected.

Quite often we hear the phrase “we are too small for anyone to bother having a go at our site”, although sadly this couldn’t be further from the truth.

It doesn’t matter who you are, big or small, if you have a website then chances are at some point “someone” or “something” will have a go at compromising your site. It is for this very reason that everyone should at least ensure the very minimum of precautions are taken to ensure good website security.

Your website is your digital shopfront

It is quite often the first point of contact between you and your prospective customer, and it plays a vital role in delivering and building your brand identity.

It is therefore important that your sites visitors are able to have trust in the digital pages that they are navigating.

If your site is not safe and secure then it can have damaging consequences for a business, regardless of age or size. 

Not only could a website compromise be damaging to a business’ reputation, it may also put your business at risk in terms of its legal obligations.

GDPR

Many countries and regions now have strict laws and regulations in place that come with serious consequences should a data breach occur, such as the UK’s recent introduction of new privacy laws – the GDPR. 

Consumers have become more aware of their own personal security online and the risks that they expose themselves to when browsing the web, and therefore take more care than ever before when online. A secure website builds trust with your visitors and ensures that you meet your legal obligations. 

Based on this information, there are a number of things that you can do to ensure a secure and trustworthy website, many of which are free or low-cost, meaning that even the smallest of operators can afford the same level of protection as larger organisations. 

10 Simple Steps

  1. Create a site security plan and share it with everyone that will be involved with your website. It’s all well and good having a plan, but if it’s not being followed by everyone then it’s not worth the paper it’s written on. 
  2. Manage your passwords extremely carefully, especially those related to website access. Ensure each user has their own password, and wherever possible enforce strong password usage.
  3. Keep all digital devices clean and up-to-date in terms of operating systems and software. Quite often a device can be infected by malware and then used to launch a website attack directly from the very device that is being used to legitimately access the site. 
  4. Choose a reliable web hosting company that has a good infrastructure. The web host should have precautions in place to assist you with spotting potential compromises before they can become a real issue. 
  5. Ensure your domain name has an SSL Certificate. This means that data between the visitor and the server is encrypted, so the visitor can be confident that they are only dealing with your website. It’s especially important if your site processes sensitive data such as personally identifiable information like names, email addresses and credit card information. An e-commerce-based website is a good example of this, although using SSL on even the most basic of websites is a very good idea. Plans are now extremely cost-effective, and many web hosts now offer assisted installation of certificates. 
  6. Take site-specific precautions, which if you are using frameworks such as WordPress can be automated by using trusted and proven plugins like iThemes Security and Wordfence to name but a few. 
  7. Keep your site framework up-to-date, and the same goes for any 3rd party plugins that you decide to use. 
  8. Restrict access to server-side files such as your configuration and htaccess files. If you are using ready-built frameworks make sure you delete install files and readme files once your installation is complete. 
  9. Regularly review your site and files for suspicious activity. Quite often you’ll be able to detect a potential issue just by noticing that a new file has appeared that wasn’t there previously, or that your site is running a little slower than normal. 
  10. Always keep a full site file and database backup. That way should the worst happen you will have a clean copy of your site to re-install. It will allow you to then take further precautions based on the nature of the compromise.

Be proactive, not reactive

Website security is so much easier and far more effective when it is built in from the start. Be proactive not reactive. If it takes a compromise to make you think then chances are it will already be too late. 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *