EITS Tech Tips & Tech News

7 website security tips

Written by Mike Tungate | Jan 9, 2018 10:03:38 PM

Taking steps to ensure that your website is secure is not something that you should take lightly. You don't want to leave your site vulnerable to potential cyber attacks, after all. A cyber attack could crash your website or even result in the exposure of sensitive

 data, including not just company information but also personal customer information. The following are 7 website security tips that every business with an online presence should follow:

 

1. Keep your CMS updated - Don't ignore CMS (content management system) updates. While it may seem a little inconvenient to have to update it regularly, updates are typically made available to fix specific security issues. This means that if you don't update your CMS, it will leave you vulnerable to hackers who have figured out how to exploit those security issues.


2. Remove outdated access permissions - If an employee or contractor with access to your server or CMS leaves your company, make sure that you delete their permissions. You won't want anyone outside of the company to continue having access to your server or CMS as this will leave you vulnerable.


3. Make sure you implement the HTTPS protocol - Websites with "HTTPS" in their URL have an SSL certificate, which means that any website data that transfers between their web server and their users (and vice versa) is encrypted. Websites that do not have an SSL certificate only have the letters "HTTP" in the beginning of their URL. They are less safe to use since user data is not encrypted. If you don't have an SSL certificate, sensitive data, such as email addresses or credit card information, will be more vulnerable to theft.

 

See Also: Why Wordpress websites get hacked

 

4. Implement a WAF - WAFs (web application firewalls) add a layer of protection to your website by helping to protect against a variety of potential cyber attacks, including cross-site scripting, SQL injections and intrusion attempts. Some WAFs can even mitigate DDOS attacks. There are several different WAFs that you can implement, although many cloud service providers and website hosts often have WAF offerings as well.


5. Monitor your server for malware - Businesses that don't monitor their website for potential malware attacks often don't realize when their website has become unsafe as a result of malware. In such cases, they may not realize until a customer notifies them. This is problematic since, at this point, the malware has already done its damage. Additionally, by not taking immediate action to remove the malware and strengthen website security, it can affect the reputation of the company as well. Implement a malware monitoring service that will scan your website and detect the presence of malware periodically. Some of these services will even remove detected malware from your site.


6. Use SFTP to upload files - When you use an FTP (file transfer protocol) in order to upload files onto your web server, make sure that you use a secure version, such as SFTP (secure file transfer protocol). SFTP will encrypt and protect your login credentials while you are uploading files from your computer to your web server.


7. Make daily backups - Although some web hosting services automatically back up website files on a daily basis, not all of them do. You should look for a host that does. This way, if anything does happen to your website as a result of a cyber attack, you won't have as many issues restoring your site back to how it was.

 

Be sure to implement these seven website security tips to help protect your site against potential cyber attacks. For more information on how you can strengthen your website security, be sure to contact us at EnvisionIT Solutions today.