10 steps to good website security

In our 12 years of operating in the Website Design and Hosting industry we’ve had the pleasure of working with many clients including self-employed, partnerships, limited companies and larger multi-national organisations.

Interestingly, the one thing that almost all our clients have in common is that when we first started working with them, they did not understand the importance of good website security. 

Risk and Consequence

Lack of awareness in terms of risk and consequence generally means that someone who is either having a go at building their own website or who has commissioned a designer, such as Knavesmire Creative Ltd, doesn’t feel that they need to ensure their website is fully protected.

Quite often we hear the phrase “we are too small for anyone to bother having a go at our site”, although sadly this couldn’t be further from the truth.

It doesn’t matter who you are, big or small, if you have a website then chances are at some point “someone” or “something” will have a go at compromising your site. It is for this very reason that everyone should at least ensure the very minimum of precautions are taken to ensure good website security.

Your website is your digital shopfront

It is quite often the first point of contact between you and your prospective customer, and it plays a vital role in delivering and building your brand identity.

It is therefore important that your sites visitors are able to have trust in the digital pages that they are navigating.

If your site is not safe and secure then it can have damaging consequences for a business, regardless of age or size. 

Not only could a website compromise be damaging to a business’ reputation, it may also put your business at risk in terms of its legal obligations.

GDPR

Many countries and regions now have strict laws and regulations in place that come with serious consequences should a data breach occur, such as the UK’s recent introduction of new privacy laws – the GDPR. 

Consumers have become more aware of their own personal security online and the risks that they expose themselves to when browsing the web, and therefore take more care than ever before when online. A secure website builds trust with your visitors and ensures that you meet your legal obligations. 

Based on this information, there are a number of things that you can do to ensure a secure and trustworthy website, many of which are free or low-cost, meaning that even the smallest of operators can afford the same level of protection as larger organisations. 

10 Simple Steps

  1. Create a site security plan and share it with everyone that will be involved with your website. It’s all well and good having a plan, but if it’s not being followed by everyone then it’s not worth the paper it’s written on. 
  2. Manage your passwords extremely carefully, especially those related to website access. Ensure each user has their own password, and wherever possible enforce strong password usage.
  3. Keep all digital devices clean and up-to-date in terms of operating systems and software. Quite often a device can be infected by malware and then used to launch a website attack directly from the very device that is being used to legitimately access the site. 
  4. Choose a reliable web hosting company that has a good infrastructure. The web host should have precautions in place to assist you with spotting potential compromises before they can become a real issue. 
  5. Ensure your domain name has an SSL Certificate. This means that data between the visitor and the server is encrypted, so the visitor can be confident that they are only dealing with your website. It’s especially important if your site processes sensitive data such as personally identifiable information like names, email addresses and credit card information. An e-commerce-based website is a good example of this, although using SSL on even the most basic of websites is a very good idea. Plans are now extremely cost-effective, and many web hosts now offer assisted installation of certificates. 
  6. Take site-specific precautions, which if you are using frameworks such as WordPress can be automated by using trusted and proven plugins like iThemes Security and Wordfence to name but a few. 
  7. Keep your site framework up-to-date, and the same goes for any 3rd party plugins that you decide to use. 
  8. Restrict access to server-side files such as your configuration and htaccess files. If you are using ready-built frameworks make sure you delete install files and readme files once your installation is complete. 
  9. Regularly review your site and files for suspicious activity. Quite often you’ll be able to detect a potential issue just by noticing that a new file has appeared that wasn’t there previously, or that your site is running a little slower than normal. 
  10. Always keep a full site file and database backup. That way should the worst happen you will have a clean copy of your site to re-install. It will allow you to then take further precautions based on the nature of the compromise.

Be proactive, not reactive

Website security is so much easier and far more effective when it is built in from the start. Be proactive not reactive. If it takes a compromise to make you think then chances are it will already be too late. 

Our new website is here

We’ve had a little freshen up of our very own website, and we are pleased to finally be able to launch our refreshed and redesigned pages. We’ve simplified our page structure, reduced the “blurb”, focusing on simple and concise information, and have made it much easier to contact us with your queries.

We’ve also introduced our latest news/design blog feature, where we’ll be keeping you up-to-date with things happening here at Knavesmire Creative Ltd as well as sharing design news, hints, tips and tricks… for free! There’s also an email newsletter for you to subscribe to… take a look in the footer where you can add your email address and name and we’ll sort the rest.

So, make a cuppa, sit back and have a little browse around, and don’t forget to get in touch if you’d like to talk to us about any of our products or services.

Terry Anne Hypnotherapist

We’ve looked after domain name renewals and website hosting for Terry Anne Hypnotherapist for a number of years, and this year have re-designed her website. We’ve retained her logo and colour schemes but have updated her page structures, general content, added media such as social media and YouTube videos, and have also introduced an events calendar.

Peartree Languages

We were approached by Nicky at Peartree Languages to re-design the language school’s website after a serious hack destroyed the original site, and at the same time took over the hosting of the website. As well as the design and build of the site we ensured that the website was as well protected as possible from future hacking attempts, and so far continues to fight off continuous automated attempts with great strength.

We also ensure that if the worst does happen that there are regular full site and database backups that will allow the site to be easily restored to minimise business disruption. We also assist with staff training, and when a new team member joins them we deliver virtual training sessions on site administration and security over the phone and via screen share.

York Triathlon Club

We’ve been working with York Triathlon Club to design a range of recruitment materials including letterheads, business and membership cards, flyers, posters, document holders and exhibition equipment such as pop-up banners. Branding and print product/exhibition equipment was provided and created by other companies.

From concept and design through to proofing and delivering a full range of digital filetypes we have worked closely with the club to ensure that they were pleased with the finished results. We also continue to work with them on ad-hoc design projects.

Lucie Lee Dance Company

The Lucie Lee Dance Company is a new emerging professional Dance Theatre Company, which embrace the use of digital technologies in their works. The company produces experimental dance theatre, dance digital and site specific works.

We’ve been working with LLDC for a very long time now having designed and built their two previous websites, maintained their sites on a day-to-day basis, and looked after their domain name and website hosting.

Spectrum 80’s Band

Spectrum are a York based 80’s party band who play gigs across the region, entertaining hundreds of people every year with their brilliant take on classic 80’s music.

Our designs feature on their marketing materials including stationary and can be found hanging on drum kits and keyboards. Their logo was produced by another company and we help with their bespoke design requests.

Ben Brown Photography

Ben, a local professional photographer, was looking for a website to display a selection of his work, and wanted something that really helped his work to stand out from the crowd.

We set to work developing a site that achieved just that, and we also help Ben with his domain name and web hosting services too.

Custom Party Invitations

Here at Knavesmire Creative we don’t just work with businesses. We can help with all of your graphic design needs, regardless of what they are. Here’s a little project we did for Jacky, who wanted to send her birthday party guests the perfect custom party invitations to her 80’s disco themed party.

We produced artwork for the invited and provided print-ready files for her to send direct to her printer. The results were great and the invites went down a treat, and we hear that the party was a night to remember.

Villa Mombaldone

Villa Mombaldone can be found basking in the Italian sunshine, welcoming guests all year round.

We’ve had the pleasure of looking after the owners domain name and hosting for a number of years, and have designed and built the previous two versions of their website, the latest including booking features.