Website security is important for every website and every business. These days every business needs a website to promote or sell their goods and services, and to communicate with their customers.
At Web Design by Knight, we are constantly working behind the scenes, monitoring your firewalls and website security. But in addition to our security methods, there are some things you can do, to further minimize your vulnerability. Business owners need to be sure their websites are safe and protected for their customers. It doesn’t matter how big or small your company is, who you are, or what you sell. Sooner or later cyber attacks will happen. If a cyber criminal is successful, here’s what can happen:
Successful Cyber Attack Could Cause:
- The attacker could acquire the credit card information of your customers.
- They could gain sensitive information about your business and how you operate.
- Redirecting your traffic to a the attacker’s site.
- A denial of service or dead end for your customer
- An attacker could actually make changes to the content and materials on your website
- The attacker could take control or shut down your website altogether.
A more subtle attack may happen when a criminal quietly redirects the user to a compromised server, for the purpose of gaining sensitive information. Once the hacker gains access, any information will be at risk for modification or exposure. In the corporate world a hacker could even comandeere the website infrastructure and use it as a platform to launch other attacks against other systems.
The biggest problem with any successful cyber attack is that ultimately, it compromises confidentiality and undermines the trust of your customer relationships. And while a website can be rebuilt in a matter of days or even hours, damage to your business reputation and the faith of your customers cannot.
Our Website Security Checklist
There are many layers of security between the clients of Web Design by Knight clients and any security threat. We are constantly updating firewalls, plug-ins (code), security measures…etc. Our clients don’t see it, but we are working around the clock to protect your website and ultimately your business reputation.
Limiting Exposure
It is worth noting that no checklist is a guarantee, nor can any company or program provide complete immunity to an attack. What we can do, is the same thing we do as humans. We make our systems strong and safe on the inside, while limiting exposure on the outside. We also monitor websites for activity and get reports immediately when any of our clients websites go down. We also backup client websites so we can restore when a site is compromsed.
Here’s a short list of some of the ongoing tasks we perform as we manage your website security:
- Protect your assets with multiple layers of defense and encryption.
- Search for and disable inactive or unnecessary accounts.
- Perform periodic and routine backups.
- Create a disaster recovery scenario and review it regularly, to make sure it works.
- Catalog your assets and their locations.
- Watch for data that does not need to be on the Web server and remove it from public access.
- Secure passwords are always used.
- Monitor alerts and bulletins for security patch notifications and new vulnerabilities.
- We regularly update your software. Outdated software is one of the mostly commonly used access point for a hacker.
The above is just a short list of the tasks we perform on a regular basis. But there are also some things you can do on the front end, to ensure your website is secure. Generally speaking, limiting access to your site’s administration functionality is always a good idea. In the same way you limit the number of door keys you would share with employees, you should also limit the number of users who have access to your website.
Carefully Defined User Roles Increases Security
Having carefully defined user roles and access rules will eliminate lots of potential problems. This aspect of management is sometimes overlooked. What we see more commonly is several person sharing one user account. If an unwanted change is made, there is no way to be sure who made it.
With employees, use the least level of permission needed. Not everybody needs the keys to the kingdom. And if there is a security issue, it will make the “fix” much easier. Employees need the appropriate permission to perform their jobs. If an escalated permission is needed temporarily, make sure it is adjusted when the task is finished.
Create Strong Passwords and Change Them Frequently.
This is now imperative for safeguarding your website. Please be aware that the passwords you use can threaten your website security. We cannot say this enough. Please be careful in the creation and protection of your passwords.
Did you know there many lists of breached passwords available to hackers online? Cyber criminals will then use these lists and combine with dictionary words to develop larger lists of possible passwords. If you use an easy password with no numbers or characters, it’s really only a matter of time before your password shows up on a hacker’s list.
Here are a few quick password rules:
Use random passwords – There are computer programs out there designed to crack passwords. They can search millions of word variations within minutes. Dictionary words alone are not considered safe passwords. They must be combined with numbers (not your birthday or house number) and characters. Replacing the letter “O” with a zero is not enough.
Create long passwords – More than 12 characters is a good rule. The longer your password is, the more difficult it will be to crack.
Do Not Reuse Passwords – Every password you create should be unique. Instead, use a password manager.
Conclusion
Website security is an ongoing task that we can never take for granted. The internet is constantly changing. We have to adjust our security measures accordingly.
If you have questions about your website security, or if you notice something unusual, please feel free to contact us. Chances are we may already be aware and working on the problem. But we always welcome your feedback.