With the recent GoDaddy outage in the news, it seems like a good time to think about website security. Although hackers, as initially reported, did not cause GoDaddy’s outage, news stories of computer-related crimes are becoming a daily occurrence.
Whether for business or personal use, computers have become a part of our daily lives. A company’s website has become its most important marketing and communication tool. Given a website’s importance, you may be surprised how often little or no thought is put into site security. Recent research shows businesses just don’t take website security seriously enough.
There are many ways in which a website can be hacked and for a number of different purposes. Sometimes hackers just want to deface your site. Sometimes they want to disable it, take it down or redirect the traffic from your site. Other times they attempt to lurk undetected, trying to capture personal or financial information from your customers.
No matter what the purpose, an attack can result in lost sales, costs associated with the restoration of your website, data loss, and a blow to your business’s reputation.
The following are a few tips you can use to thwart the efforts of hackers. While not a complete website security plan, these tips can help make you less vulnerable to exploit.
1. Update your software. This is one of the easiest ways to protect yourself. Keep your software up to date. Your website’s content management system, your computer’s operating system and your internet browser all play an important part in the security of your website.
2. Use strong passwords. We’ve all seen the unbelievably insecure list of the most used passwords. Ones like passw0rd, 123456, letmein, monkey, football, etc. If this is you – change your passwords right now. A strong password should be random, include upper and lower case letters, numbers and symbols.
3. Don’t share login credentials. Each user should have their own login credentials that can be deleted when no longer needed.
4. Encrypt your login pages. So often the pages after the login are encrypted (protected by an SSL certificate). However, it’s the login form itself that is often most vulnerable.
5. Consider upgrading your shared hosting account. Even if you are careful and have adopted good security on your website, don’t count on all the website owners on your shared server having done the same. A VPS, or virtual private server, is inherently more secure due to the separation from the other sites. If you have a business critical website, it belongs on a VPS or dedicated server.
6. Back up. Back up. Back up. The only thing worse than being hacked is not having any clean website files to go back to. If you don’t have a current backup of your website, it will significantly add to the cost of restoring it after being exploited.