Your website is the worldâs window into your business. In your brick and mortar locations, you secure the place by buying reinforced windows, installing alarm systems, placing surveillance cameras, and perhaps even hiring a guard. Are you doing the same to your online presence? You should be!
Â
Brought to you by AVG Technologies, the provider of Internet and mobile security, privacy and optimization to 150 million active users. Thereâs nothing small about small business in our eyes. Get more information how AVG can help your small business stay protected - go to http://www.avg.com/us-en/internet-security-business .
Â
The 5 Steps To Keeping Your Website Secure Without Hiccups
Â
For some, itâs kind of difficult to wrap their heads around the fact that the internet could be a dangerous place. This is true whether youâre operating a small business or a multi-national corporation. It makes no difference. People become neglectful with their online presences all the time. All youâre doing, though, is making the hackerâs life easier.
Websites are pretty straightforward things. Most likely, youâre using a content management system (CMS), which is a piece of software created for the specific purpose of setting up a website. It works right out of the box and requires few, if any, modifications to cater to your businessâ needs. This creates a false sense of security, especially since people become overly reliant on the software to do the job of keeping everything safe from invaders. The real problem lies in the user of the software, not so much in the software itself.
If you want to keep your website safe, there are a few things you should be doing:
-
Keep your CMS up to date! Missing an update for a few days usually wonât kill you. But if youâre still using the same version of your software for a year or so, some of its most known vulnerabilities will be exploited eventually. Every software has its cracks in the system. A CMS is no exception to this rule. There are always little crevices in the code that allows hackers to fall through and break your system. Developers are constantly working to fix these vulnerabilities. When they address these issues, they release updated versions of the CMS. When you update, youâre protecting yourself from exterior threats. That said, if a CMS is no longer being actively developed, itâs time to dump it and look for another one. The process may require an upfront investment at times, but youâll be glad you did it.
-
Use more random and diverse passwords for your siteâs accounts. Your SQL database, control panel, FTP accounts, and website should each have their own administrative passwords for all high-access accounts. The passwords should be complex. In other words, they should be difficult to guess. If you feel that the passwords are too difficult to remember, use a competent and reputable single sign-on (SSO) solution. SSOs store your passwords and sometimes even let you sign in accounts with a single click.
-
Set appropriate permissions. If a hacker ever gains temporary control of your site, he will use the siteâs own mechanisms to try and sabotage it. This involves reading and writing information. When you first install your site, it sometimes needs full read/write/execute (â777â) permissions. If you have control over file permissions on your host, set permissions to 755 (the owner has âread/write/executeâ permissions, and everyone else has âread/executeâ) for folders and 644 (the owner has âread/writeâ permissions, and everyone else has âreadâ) for files. 777 basically lets everyone do anything they want to your server, regardless of what other protections you have in place.
-
Use SFTP instead of FTP to transfer files. This way, any transfers are encrypted and people canât snoop in and grab copies.
-
Host through a VPS rather than a shared server. Most web hosts use shared servers. In other words, they run a script that separates websites from one another, but host them all on one machine. Virtual private server (VPS) hosting is kind of the same, except for the fact that each website is run on its own separate virtual environment. If a hacker gets into one environment, you remain unaffected. On the other hand, with shared hosting, a hacker gets access to all of the sites on the server when he compromises it.
Even if you follow this advice, you wonât be completely impervious to attacks. You must also keep your eyes open at all times and make sure that no hole goes uncovered. This minimizes the risk that you end up losing everything. In addition to this, you should keep consistent backups of your site and test them. The backups should remain in a hard drive or SD card thatâs not permanently attached to your computer. This way, if a hacker manages to topple your site, you can have it back up and running in minutes.
Â