Basic Security Measures Every Small Business Should Check
Business owners need to take some precautionary security steps to ensure their websites are protected from the increasing number of hacker activities. I see it daily: people from around the world trying to gain access to unsuspecting websites, hoping to either use them as a shield to hide behind, perform other unethical tasks on a larger scale, or hold your website hostage, demanding a ransom. This article is designed to provide you with a quick checklist of a few key items that you should check for or discuss with your web provider to ensure your small business is protected from these cyber thieves.
1) Check To See That Your SSL Certificate is Active
An SSL Certificate is a layer of encrypted security that is added to the server environment, putting a layer of security between your website files and the World Wide Web. When active and installed properly, a lock should appear before your website address in the browser address bar.
If there is no lock, there is one of two problems:
1) You are missing an SSL.
2) An SSL may be present, but it has been installed incorrectly.
In either case, the solution begins with your web hosting provider. If you are missing an SSL, you can purchase one through them. If you already have one, then ask them why your SSL is not displaying a lock in the web browser. It may be something they will help you with, or they may direct you to your web developer to resolve. I know that with some web environments, extra steps must be taken for the files to see the SSL on the server, so it may mean just a few minor adjustments to your core files to resolve.
2) Make Sure You Have an Off-Server Recovery File for Your Website
Most websites are hosted on shared server environments, meaning you and several others have your web files stored on the same computer connected to the internet. This might make more sense if we compare your server to the neighborhood where you live. Most servers have programs that monitor the network for potential threats, much like Police in a gated community. Still, just like in our communities, it is up to each person on the block to do their part in both securing their property (hosted files) as well as reporting a potential crime to the community manager (the hosting company) to keep things healthy. Now, part of your server program involves creating a daily backup of the server files. Still, this backup is primarily for the hosting company’s recovery purposes in the event their hardware fails. These files are also stored on the server, so if a hacker gains access to the neighborhood, they gain access to all files, including the backup files, stored on the server. For this reason, it is recommended that you download and keep a regularly updated version of your website files off-server for safekeeping so that you can use these files to identify and close any open doors quickly, then move to another server if needed, and restore your online presence without paying any ransom to restore your website. To protect yourself, you can check with your hosting company to see how to download a recent copy of your archive files. You can also check with your web developer to ensure this is managed for you regularly.
3) Make Sure You Have Virus Scanning Software
Just like you might install virus-scanning software on your desktop computer to help scan the opening of files you download or access from an external drive or the internet, your web files should have some similar protection. This adds an extra layer of protection from activity in your server neighborhood and scans your website files, notifying you of any critical changes or anomalies that appear out of place compared to normal function. This simple oversight tool can save you and those who visit your website from unexpected trouble. Additionally, if you are accessing your webpage, having this type of protection on your computer can also notify you and limit the spread of troublesome scripts designed to record or secretly share your sensitive personal information.
4) Make Sure You Have a Technical Oversight Partner
While many talented people have mastered the concept of web design thanks to more user-friendly programs, being excellent in design is not enough. It’s through technical development that critical security elements are planned and executed. Sadly, we have encountered far too many situations where someone has hired a “designer” or attempted to create their own website. Still, without technical knowledge, they are totally unaware that they are leaving themselves vulnerable to criminal access to their systems. The rise of cyber crimes targeting smaller businesses has increased. As a result, the focus is no longer on the big companies that have the resources to hire highly skilled talent to help them prevent these situations. Now, more than ever, if you did your own website or hired someone based on price alone, we strongly recommend you consider finding a Technical Web Partner who can review your files and help you identify and close any open doors, and suggest ways to keep your site secure.
If you need a Technical Partner, consider our Technical Team at GSG Web Support. A division of Golden Services Group, they work as advocates for your business and advise you of necessary security measures you might need to keep your risks low and your customers safe!
About the Author: With a 30+ year career spanning sales, marketing, and education, Digital Strategist Julia Eudy brings a unique lens to online growth. Her long-standing fascination with online buyer behavior honed through 20+ years of analyzing digital marketing data, informs the development of marketing strategies that demonstrably improve digital sales and accelerate business growth.