6 Steps to Secure Your Online Business
The internet was helping businesses long before Covid-19 struck. Since the pandemic began, it has played a vital role in keeping businesses running. Your company website can, however, be a major source of vulnerability. This means that you need to be proactive about security it. Here are some tips.
Choose your Hosting Carefully
If you have no IT knowledge, then your safest option might be to use one of the all-in-one website-building solutions. These can be more expensive than using hosting plus an open-source content-management system. You are, however, paying for convenience and security.
The potential downside to these companies is that they offer very limited scope for customizability. How much this actually matters depends on your plans for your website. If you just want to run a basic online store, then you’ll probably be absolutely fine. If, by contrast, you really want advanced functionality, then they’re unlikely to be for you.
If you do go down the self-hosted route, choose both your vendor and your package with care. Shared-hosting solutions can reduce costs, but they can also reduce performance. Site speed is now a major ranking factor so weak page-load times can undo a lot of good work.
Choose the Right CMS
The popularity of WordPress makes it a prime target for cyber-attackers. This means that you should at least look at the other mainstream CMS options to see if one of them could be suitable for you. For completeness, you will need to apply much the same cybersecurity measures. You may, however, give yourself a slight edge.
Most of the mainstream CMS systems have optional third-party integrations. Some of these can really extend the functionality of the core system. Some, however, are malware and many are on a continuum somewhere in between. To make the situation even more confusing, some integrations are fine on their own but refuse to work with other integrations.
The moral of the story, therefore, is to keep your integrations to a minimum and choose them very carefully. Even if your research is all good, test them thoroughly before you deploy them on your live website.
Change the Default Settings on your CMS
Whatever CMS you choose, change the default setting for the login page and update the default admin login. Any cyber-attacker can find these with just a quick internet search.
Keep all your Software Up-to-Date
All your software means exactly that. It means everything you use on your desktops, laptops, mobile devices and other smart devices as well as everything you use on your website. In the context of your website, it means both the main CMS and any third-party integrations you use.
Invest in Cybersecurity
As a minimum, protect all laptops, desktops and mobile devices with an anti-malware solution, a firewall and a VPN (virtual private network). If at all possible, use a website-monitoring service. If you’re with a reputable host, they’ll probably offer this as an add-on service. Alternatively, you can work with a managed IT services vendor.
Educate your staff on current cybersecurity risks. Be aware, however, that these days, humans should typically be your last line of defense rather than your first. In other words, you should be doing everything possible to screen communications, including phone calls, to stop fraudsters from getting access to your staff in the first place.
Manage your Accesses Robustly
There should be a clear procedure for getting access to your website and this should be strictly enforced. People should only get access to your website if they need it and for as long as they need it. If they are granted access, they should get the minimum level of access necessary to do their job. This access should be revoked immediately if it ceases to be required.
Use the settings in your CMS to enforce strong passwords and explicitly forbid people from sharing them. Log people out automatically if they are idle for an extended period. Last but not least, keep an eye on your user list and take action if you see any names you do not recognize.