7 website security steps for your business

3-minute read

With the increasing number of entrepreneurs using digital assets like websites and social media profiles to grow their businesses, security is a growing concern at every level. Your business is important to you and so are your customers so it’s imperative you take the necessary steps to ensure you’re protected.

Below are seven basic steps to protect your website. Some of these steps can also be applied to protect your social media and email profiles. If you’re not comfortable with technology, share this article with your webmaster, IT manager or IT/web partner and have them ensure that the necessary steps are taken to keep your business protected.

1. Schedule regular back-ups

The first question that most people ask when it comes to back-ups is how frequently should I back-up my website? The quick answer is a question: How frequently do you update your website? If it’s every day, then you should most likely back-up your site every day and keep a copy of at least the previous 30 days.

For advanced website configurations, you will likely need to have an IT professional do this for you (i.e., if you have multiple servers that host separate functions then each will require a separate back-up schedule).

It’s important to be conscientious about this to avoid interruptions to your website, especially if you are using a shared website host. If you use open source technologies like WordPress, Drupal, Joomla, nopCommerce, ExpressionEngine, Magento, Zen Cart, PrestaShop or AspDotNetStorefront, to name just a few, you’re at risk of getting hacked. A regular back-up schedule is your fail-safe to get you back up and running quickly (depending on the complexity of your website).

2. Avoid weak user names and passwords

Believe it or not, weak user names and passwords are prevalent and it’s a sure-fire way to get your website flagged by the scanners that hackers use to identify these types of security vulnerabilities. Ensure you use a user name that is not obvious. When it comes to passwords avoid words from the dictionary, your name or your pet’s name. Use a combination of letters (upper/lower case), numbers, special characters, and make sure it’s at least eight characters long. Use tools like KeePass or LastPass that allow you to generate complex passwords and save them so you can have a single user name and password to simplify remembering multiple complex passwords.

NOTE—It’s a bad practice to use the same password across multiple services. If a security breach takes place you leave all of your digital assets vulnerable to hackers.

3. Use CAPTCHA and spam filter plug-ins

If your website is built on an open source platform, you have likely received weird spam and comments from strange sources that have nothing to do with your website. To reduce this, enable CAPTCHA on forms to ensure humans are filling out the necessary information. Also, most open source content management systems have plug-ins that can filter spam from coming through your forms. This won’t get rid of 100% of spam, but it’s a step in the right direction.

4. Set up a firewall and enable platform specific security measures

There are countless methods to keep data safe, and security experts have created specialized tools that can help prevent breaches. The first step is to ensure that Google Webmaster Tools is enabled on your website. Since Google crawls your website to update its search index, it will flag your website if it detects any abnormal activity, and it’s free. Additionally, there are a number of firewall plug-ins for each open source platform that can be installed and configured to add an additional layer of protection. If you want even more protection and don’t have IT staff to help you, specialized service providers such as sucuri.net can step in and address/fix some of the most commonly occurring hacks.

5. Regularly update your CMS/e-commerce system and plug-ins

Open source software has benefits and draw-backs. It’s important to understand both sides of the equation. Most open source platforms rely on a developer community to continue to enhance and update the source code. So as security vulnerabilities become known, they are published in open source technology blogs and forums across the web. This also means that malicious hackers have access to this information. If your website’s content management system or e-commerce management system is not updated in a timely manner (within a month and, ideally, within two weeks or less) you could risk having your website hacked.

Even if your website content management or e-commerce management system is updated, it still does not guarantee you won’t get hacked if you’re using third-party plug-ins. This is why it’s important that whoever develops your website selects plug-ins carefully.

It is important to have a regularly scheduled (ideally—monthly) review of your website and all of the installed plug-ins to ensure nothing malfunctions when a plug-in is updated or when the website content management system is updated and then rolled out to the live website.

6. Follow two-step authentication

To enable two-step authentication, you’re required to not only enter your password but also an additional authentication method, such as a text sent to your phone, in order to verify your account. This way, even if there is a breach, there is an additional layer of protection.

7. Enable HTTPS with an SSL Certificate across your entire website

It’s important to encrypt your website and the data that is transmitted through your site by getting your webmaster or IT partner to install an SSL certificate. This is another layer of protection both for your business and the visitors/customers using your website. Google likes it too.

It’s important to protect your business’s digital assets and the seven steps outlined above will get you started. But the road to protection doesn’t stop there. I have included additional resources below that outline some security best practices related to a few of the most popular open source platforms.

Additional Resources

Have you ever been hacked? Did it disrupt your business? We’d love a comment.