04 Sep Must Have’s for Website Security
Website security is becoming more and more an issue today. As we see the New York Stock Exchange, Wall Street Journal, New York Transit Authority and other high security entities have security issues, it’s easy to understand why it’s important for the non-sophisticated startup or middle market retailer to take some basic precautions. It’s easy to use the logic “I’m just a small business, why would anyone target me?”. This logic is why hacker’s use bots and other computer software to hack into thousands of websites a day. It’s because they know they can. So, how can you, as a web business owner or operator take some basic precautions to protect your business. Here are some of our top tips.
Tip 1: IP Filter Traffic
This is an easy one many people miss. I know the thought of a global business can be attractive, but as a rule of thumb if you’r enot transacting business in a country, use IP filtering to block all traffic from that country. This simple tactic will block most bot traffic that is looking for vulnerabilities to hack your site
Tip 2: Domain Level Firewall
Most shared servers, virtual private servers and dedicated servers will have a server level firewall. If you have multiple applications on a server, you’ll want to make sure each application (domain or subdomain) has an individual firewall to protect the site as well. We have worked with www.sitelock.com in the past and found their basic service to be quite effective.
Tip 3: Regularly Scan for Malware
You can use a service to automate this like Site Lock, or you can send a support ticket to most hosting companies once per week and they will run their own scan free of charge (in most cases). Malware often takes weeks to show it’s true effects on your website after it infects the site, so early detection is critical.
Tip 4: Take Regular Site Backups
If for any reason you have an intrusion or need to revert back to an old version of a site, you will wish the version you’re reverting to is from yesterday so you don’t lose orders, client information or content changes you’ve made. You can take manual backups from your FTP daily, or you can schedule a service to automate this. We’ve used www.codeguard.com with great success, but there are several services available.
Tip 5: Monitor Uptime
It’s important to know if you have an issue as soon as possibly. Installing a basic site monitoring tool to tell you if your site is down is an easy way to ensure you can react quickly if there are even any issues. www.pingdom.com has an affordable, easy to install monitoring tool that works well.
Overall, the biggest thing to understand is that a website is no “set it and forget it”. You must continuously focus on the security of your site, look for new security patches from your platform. Also follow security site blogs to read and understand new vulnerabilities so you can be preparred and stay on top of new risks as a web business owner.