Websites are facing increasing threats to security. We’ve all heard about bots, ransom attacks, and other hacks that leave businesses without one of their most important business assets - their website. Here are a few steps that you can take today to ensure your website’s security.
HTTPS is a protocol used to provide security over the Internet. It guarantees that users are talking to the server they expect and that nobody else can intercept or change the content they're seeing in transit. Any website, especially those that require log-in credentials, should use HTTPS. In modern web browsers such as Google Chrome, websites that do not use HTTPS are marked differently than those that are. If you have any data that your users might want private, it's highly advisable to use only HTTPS to deliver it. That, of course, means credit card and log-in pages. To enable HTTPS on your site you will need an SSL Certificate from your Hosting Provider.
What is an SSL Certificate you might ask? Well, it is a Secure Socket Layer Certificate. SSL Certificates are small data files that establish an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remains private. While the primary purpose of SSL is securing information between the visitor and your website, there are benefits for SEO as well. According to Google Webmaster Trends Analysts, SSL is part of Google's search ranking algorithm. This certificate is provided by most, if not all, Hosting Providers and is required to use HTTPS on your site.
Every user that can log into your CMS or website can be a potential security risk. One way to reduce the risk of a security breach is to change your passwords regularly. The industry standard recommends a new password at least once every 60-90 days, if not more. Another industry standard that goes hand in hand with changing your password is using an alpha-numeric password. Alpha-numeric simply means any combination of letters, numbers, and characters. The rules can vary as to length and qualifying characters, but generally the longer the better. Things you want to avoid when making a password are using full words, sequences of numbers like your date of birth, and any sort of personal information about yourself that can be found online like your favorite color or family members’ names. In addition to changing passwords often, you should also limit the number of users that can log into your CMS. In an ideal world, users would be people who make regular edits or stakeholders of the project. Along with limiting the number of users, properly assigning roles to these users is also important. Making sure people only have access to the parts of your CMS that let them perform their role reduces the risk of security breaches and website errors.
Finally, keeping your platform up to date is essential. When I say platform, I mean your CMS, your website, and any other online software you use to run your business. Keeping all aspects of your platform updated means that you are running on the latest and greatest that software has to offer. When a developer releases a new version of your software, it very rarely changes how your site functions or looks. Most often these updates are to keep your information, your users, and your website secure. When new releases of software come out, developers have the foresight to consider what it would take to upgrade to the newest version and almost always have clear and documented processes on how to move forward with an upgrade. If you feel that a task like that is too far outside of your expertise, there are plenty of options out there. Some hosting platforms offer these services as part of their packages, so keep an eye out for that! Also, most developers will gladly assist in giving suggestions on how to approach these very technical topics.
Get started making your site more secure by adding an SSL, limiting the number of people who can make changes to your site, and keeping your software up to date. Don’t be afraid to ask questions when you don’t know something or need help. Reaching out to a professional can make sure it is done right the first time versus suffering a serious breach!