7 Steps to Keep Your Company Website Secure

How to keep your company website secure

Subscribe to get the most up-to-date Internet Marketing tips and research straight to your inbox.

I well remember the day I received an email from a friend saying that it appeared my website had been hacked. A quick trip over to the home page confirmed his surmise. Someone had taken over the site and posted some unseemly content.

Immediately, I placed a call to my web host provider to inquire how this could happen and was told the hacker must have gotten my login information. The hosting company changed the information, and I was able to restore my site. Needless to say, it was a lesson learned.

***

Website hack attempts occur more often that you realize. Research estimates that, every day, more than 30,000 websites are infected with some type of malware.

A recent survey reported that 90% of all businesses suffered some sort of computer hack over the past 12 months, and 77% of these felt they were successfully attacked several times over the same period.

Number of website security breaches

I’m not trying to scare you (well, maybe a little). Instead, I want to arm you with information that will help you keep your website secure.

Bizzuka customers, before you grab the phone to call Lonnie, let me assure you that we take the issue of website security very seriously, which is why we host all our sites with Rackspace, a company that upholds the highest security standards. (Download this PDF, which contains more detailed information on website security.)

***

James Lyne, Global Head of Security Research for Sophos, one of the worlds largest security companies, is someone who also takes website security very seriously. In an article at Forbes, he outlined several steps companies can take to protect themselves.

1. Use good code

Lyne says to make sure your website was built following good secure coding principles. Proper coding is foundational to website security.

2. Keep software updated

Check that your web server software and any other software you use such as a CMS is patched and up to date.

If you are using a managed hosting solution like Bizzuka then you don’t need to worry as much about applying security updates for the operating system. The hosting company should take care of this.

3. Use SSL (Secure Socket Layer) for information transfer

Check that when you transfer personal information, credit card or other sensitive data you encrypt the web traffic using SSL.

4. Perform a regular scan or check on your website

Lyne advises conducting scans in order to spot unexpected changes or malicious content. Several companies offer this service including SiteLock, Acunetix, and Webroot.

5. Back up your website

Insure you have frequent backups of your website (particularly if you host a database with dynamic content or user information) as you may be forced to restore it in the event of an attack, says Lyne.

A good rule of thumb is everything required to get the site running exactly as it was at the time of the backup should be included.

6. Use strong passwords

According to one source, it only takes 10 minutes to crack a lowercase password that is six characters long. Add two extra letters and a few uppercase letters and that number jumps to three years. Add just one more character, some numbers and symbols, and it will take 44,530 years to crack. Therefore, the more difficult the password you can configure, the better off you will be.

Microsoft provides a tool that tests the strength of your password, and provides the following tips for creating a strong one:

  • Use eight characters or more whenever possible.
  • Don’t use the same password for everything.
  • Change your passwords often.
  • The greater the variety of characters in your password, the better.
  • Use the entire keyboard, not just the letters and characters you use or see most often.

7. Become a Bizzuka customer

We don’t play around with the issue of site security. Our content management system is a managed solution hosted by a leading provider. We monitor our sites to detect malicious attempts and take steps to prevent such from happening in the first place.

Rest assured that, to the greatest extent possible, we will keep your site secured. Keep in mind that website security is a partnership so you will need to do your part. Following the tips provided in this post is a good way to start.

Additional website security tip information source: Syracuse University