What is “Website Security” Anyway?
You hear the word security all the time. Unfortunately, these days it’s usually in reference to the latest breach a company is notifying us about. We sit back and wonder how these breaches happen again and again. Are companies not being careful? Are their websites not secure? Could it happen to your business? Maybe website security is an illusion…
What is website security?
The truth is a bit hard to define. Not only is website security a bit different for every business, but it’s also a combination of a variety of elements. Proper coding, user access, active scanning, monitoring, firewalls, SSL certificates, backups, and plain old common sense are a handful of the biggest pieces of security you can put into practice. I’ll touch on a few of the most important ones here and we’ll continue to discuss this in future articles.
SSL Certificates (HTTPS)
Have you ever visited your own website and noticed the URL bar says “Not Secure” next to your domain name? Or perhaps you notice you’re missing the greed padlock that you have seen on other websites. This is happening because you don’t have an SSL Certificate or it has not been configured correctly with your website. What do you do?
Well, that depends on your level of technical knowledge. If you are technical and have an understanding of what SSLs do and the level of security you need, then there are plenty of places you can purchase (Sectigo formerly COMODO) or acquire for FREE (Let’s Encrypt) an SSL Certificate.
However, if you are like most people and you don’t feel comfortable working with SSL Certificates, then you should contact a Website Design or Website Hosting company. But be warned. Not all companies are created equally. Use your best judgment and validate their abilities before hiring them. Ask questions like the following. Do you host and secure websites? Can you explain your hosting plan and what security it provides? They should be able to easily answer these and explain to you how their security will protect you, and more importantly, what they can and will do for you if something goes wrong.
From time to time it will likely be necessary to give another person access to your website. They may be a marketing company, graphic designer, social media person, the list goes on. When someone requests access to your website STOP and do the following.
- Check the legitimacy of the company/person asking you for access. If you are skeptical at all about a company or cannot speak to a person directly, don’t give access.
- Ask why the company/person needs access to your website. The truth is they may not actually need it. If you can avoid giving out access, do so.
- If someone absolutely needs access to your website, set them up their own account with a unique password. If anything happens or you stop working with that company, this gives you the ability to withdraw their access without having to make major changes.
Backups (Last but certainly not least)
This is by far the most critical piece of any security plan. Why you may ask? Remember at the top when I said, “website security is an illusion”? In today’s world, that is essentially true. Hackers working alone or in small groups often can work faster than the large companies creating security programs and software. This typically means that by the time software is released, or shortly after, they have found backdoors or other flaws that will circumvent the security. I’m not saying website security isn’t critical or that you shouldn’t do it. I’m saying keep in mind that no matter how secure your business or your website is, it can always be compromised. Instead of worrying about it, put a website security plan in place and make sure it includes backups, just in case.