The security of a website is as important as that of any land-based business, but many webmasters do not seem to recognize the vulnerabilities of being online. The main threats are hacking, spamming and malware, all of which can be protected against to a certain extent.
Choosing a web host that openly advertises the security measures it employs is a good start, but if you are using shared hosting for reasons of cost you should understand that other sites hosted on the same server could have their own vulnerabilities exploited. This can put your website at risk, potentially outweighing the financial benefits of shared hosting.
If your website has special importance to your business it is much better to use a dedicated server to host your site. This is more costly, but it will also give you control over security. Buying and installing the best anti-virus and anti-malware software can help, but such programs are not always infallible. Even hardware firewalls can be compromised or circumvented.
If you have any concerns, the first thing to do is to run a security audit on your website. This can be achieved using one of many free online resources such as Acunetix or McAfee SAAS, but ideally it should be carried out by a trusted online security expert.
Utilising a log-on management system can be of help if there is any chance of vulnerability through a specific form of hacking technique known as blind SQL injection; otherwise, the application will not give an error message nor reveal the source of the attack.
Any sensitive data held by, or which could be accessed from, a website should be encrypted so that if the database or user session is compromised by an attacker, user data is at least kept safe. This can be done in various ways, all of which involve security measures such as employing SSL technologies and saving secure back-ups.
Secure off-site back-up storage is readily available and is best used in the following way:
- Retrieve data (preferably on a daily basis).
- Remove from any online device and check for presence of malware offline.
- Once cleared, encrypt and assign a different password to each set of data.
- Run a digital back-up.
- Copy the data to a secure off-premises server with an additional password.
Beyond this point, if data are sufficiently sensitive, the password could be segmented further with one part given to several users and only accessed by a given number of users at the same time.
In comparison to the damage that can be caused by hackers, spam threats may seem relatively minor. However, spam can actually disable a small business website in a matter of minutes if it has been targeted.
The most vulnerable are the websites that do not filter blog comments or allow website users to add unsolicited information, e.g., customer reviews. No matter how inconvenient it may seem, any website which allows user input needs to have a filtering system in place, be it manual or digital, to prevent an attack.
Online security breaches have increased in recent years to something resembling epidemic proportions. Even the smallest blog or e-commerce site needs to take this into account. Contrary to what you might assume, it could happen to you.