Websites are valuable targets for cybercriminals and attacks are becoming more frequent, varied and sophisticated. And with 60% of victims going out of business within six months of an attack, keeping your website secure is essential. To help, here are some important questions you need to ask about your website’s security.
1. How strong are your login credentials?
Brute force software that uses databases of stolen login credentials is widely and cheaply available on the dark web. This makes it easy for cybercriminal gangs to get their hands on it. Highly sophisticated and, in some cases, AI-enhanced, it can crack weak usernames and passwords in seconds. The stronger your login credentials, the less chance a hacker will be able to gain access to your website and all your data. Make sure you use strong passwords and never use the same password for any two accounts. For even greater protection, use two-factor authentication.
2. Have you installed an SSL certificate?
If your website accepts online payments or collects customer data, the information people send to your website is vulnerable to interception as it travels across the internet between their browser and your server. If this happens, it can result in legal claims and damage trust in your company. By installing an SSL certificate, that data is strongly encrypted, ensuring that even if it was intercepted, no one could access the actual information. If you have an SSL certificate, browsers also label your site as secure with the padlock icon, increasing customer confidence to shop with you.
3. Do you back up your website?
If malware, ransomware or a hacking attack resulted in a loss of your website software, content and data, how quickly or easily could you restore it and get your business up and running again? Starting from scratch is, for most companies, the chief reason why suffering an attack puts them out of business.
At WHUK, many of our plans now come with free daily backups of your website included. For those that need more frequent backups to ensure business continuity, our Website and Server Backup Plans back up at the frequency you need, encrypt backups for you and test them for integrity so that you’ll know they will work if you need them.
4. How secure is your hosting?
Not all web hosts provide the same level of security for their customers, so it’s worth checking what security features your current hosting plans have. At WHUK, for example, your server is protected round the clock by firewalls that scan your site, detecting and eliminating malware, hacking and DDoS attacks. We also make it easy for you to restrict access to and password-protect your directories.
For the additional security of CMS sites, like WordPress, we also offer the Patchman Website Security tool that automatically installs security patches and quarantines infections.
5. How often do you update software, plugins and themes?
Its common for security holes to be found in all types of software, which is why developers are constantly updating them to remove the vulnerabilities. Hackers use sophisticated bots to scan the internet, looking for websites with these weaknesses. Once found, they target them for attack. The sooner you update software, plugins and themes once a new version is released, the safer your website is. One of the main reasons websites get attacked is because their owners haven’t got around to updating. Unless your website relies on an older (legacy) software version to run, there’s no need to manually update anything. You can set up auto-updates via your control panel or through the admin area of your website.
6. Are you protected from phishing?
Targeted phishing attacks on businesses are on the rise, with a growing number of employees unwittingly giving away login credentials and, in some circumstances, being duped into transferring money to criminal’s accounts after receiving fake emails pretending to come from executives and managers.
There are two ways to help reduce this. Firstly, using an advanced email filter, like SpamExperts, can drastically reduce the number of phishing, malware-infected and other spam arriving in your inbox. At the same time, Email Certificates verify that emails are genuine and not fakes, reducing the likelihood that an employee or customer will open an email that is not genuinely from your business. They also encrypt your email’s content, acting like an SSL certificate, to prevent messages and attachments from being stolen or tampered with in transit.
Conclusion
Website owners need to be on the ball when it comes to keeping their sites secure. Hopefully, by answering the questions above and looking at the information we have provided, you’ll be able to make your website security even more watertight.
For more information about our wide range of secure hosting services, visit our homepage.
