Your website is the world’s window into your business. In your brick and mortar locations, you secure the place by buying reinforced windows, installing alarm systems, placing surveillance cameras, and perhaps even hiring a guard. Are you doing the same to your online presence? You should be!
Brought to you by AVG Technologies, the provider of Internet and mobile security, privacy and optimization to 150 million active users. There’s nothing small about small business in our eyes. Get more information how AVG can help your small business stay protected – go to http://www.avg.com/us-en/internet-security-business .
The 5 Steps To Keeping Your Website Secure Without Hiccups
For some, it’s kind of difficult to wrap their heads around the fact that the internet could be a dangerous place. This is true whether you’re operating a small business or a multi-national corporation. It makes no difference. People become neglectful with their online presences all the time. All you’re doing, though, is making the hacker’s life easier.
Websites are pretty straightforward things. Most likely, you’re using a content management system (CMS), which is a piece of software created for the specific purpose of setting up a website. It works right out of the box and requires few, if any, modifications to cater to your business’ needs. This creates a false sense of security, especially since people become overly reliant on the software to do the job of keeping everything safe from invaders. The real problem lies in the user of the software, not so much in the software itself.
If you want to keep your website safe, there are a few things you should be doing:
Keep your CMS up to date! Missing an update for a few days usually won’t kill you. But if you’re still using the same version of your software for a year or so, some of its most known vulnerabilities will be exploited eventually. Every software has its cracks in the system. A CMS is no exception to this rule. There are always little crevices in the code that allows hackers to fall through and break your system. Developers are constantly working to fix these vulnerabilities. When they address these issues, they release updated versions of the CMS. When you update, you’re protecting yourself from exterior threats. That said, if a CMS is no longer being actively developed, it’s time to dump it and look for another one. The process may require an upfront investment at times, but you’ll be glad you did it.
Use more random and diverse passwords for your site’s accounts. Your SQL database, control panel, FTP accounts, and website should each have their own administrative passwords for all high-access accounts. The passwords should be complex. In other words, they should be difficult to guess. If you feel that the passwords are too difficult to remember, use a competent and reputable single sign-on (SSO) solution. SSOs store your passwords and sometimes even let you sign in accounts with a single click.
Set appropriate permissions. If a hacker ever gains temporary control of your site, he will use the site’s own mechanisms to try and sabotage it. This involves reading and writing information. When you first install your site, it sometimes needs full read/write/execute (“777”) permissions. If you have control over file permissions on your host, set permissions to 755 (the owner has “read/write/execute” permissions, and everyone else has “read/execute”) for folders and 644 (the owner has “read/write” permissions, and everyone else has “read”) for files. 777 basically lets everyone do anything they want to your server, regardless of what other protections you have in place.
Use SFTP instead of FTP to transfer files. This way, any transfers are encrypted and people can’t snoop in and grab copies.
Host through a VPS rather than a shared server. Most web hosts use shared servers. In other words, they run a script that separates websites from one another, but host them all on one machine. Virtual private server (VPS) hosting is kind of the same, except for the fact that each website is run on its own separate virtual environment. If a hacker gets into one environment, you remain unaffected. On the other hand, with shared hosting, a hacker gets access to all of the sites on the server when he compromises it.
Even if you follow this advice, you won’t be completely impervious to attacks. You must also keep your eyes open at all times and make sure that no hole goes uncovered. This minimizes the risk that you end up losing everything. In addition to this, you should keep consistent backups of your site and test them. The backups should remain in a hard drive or SD card that’s not permanently attached to your computer. This way, if a hacker manages to topple your site, you can have it back up and running in minutes.