Evaluate and improve your website security using these simple steps
Security is a major aspect of any website – particularly e-commerce operations
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
There was a time when people and companies chucked up websites with total abandon, simply hoping that nobody would hack the contents or install malware on the site.
Those days are long behind us, as the number and frequency of attacks mean there’s a constant threat – and the more successful a website is, the greater the danger.
So what are the ways in which you can protect your website (via yourweb hostingprovider), and how can you reduce the possibility that the site is hacked and nefariously altered?
Before we get to that, though, we need to understand the most basic level of security that is responsible for many hacked sites – even those hosted on secure servers.
The first line of defense
Although some companies insist on hosting their own websites, most business domains are located on secure servers contracted for the purpose.
When you choose the hosting, you get to define what OS that system is running (Windows Server, Linux or Unix) and that dictates the security protocols which are required.
The person or people with the responsibility to administer the site have admin rights to alter the file structures on it, and nobody else.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Where this can go wrong from the outset is if too many people know the admin account details, and the password isn’t changed on a regular basis. And it only takes a keylogger to be installed on one of the machines used to do the admin, and the password is revealed to exactly the sort of people you would least want to have it.
But being honest, how many people work in an office where passwords are regularly remembered with post-it notes? A few hands went up there, doubtless.
Securing these passwords is the first line of defense, and without that, whatever else you do can be easily undone.
So, there are two initial lessons to be learned about website security, namely that:
Security audit
Performing a security audit on a site is a relatively simple exercise that can be done by IT staff using a selection of software tools. Or alternatively you can contract a third-party to perform the scan for you, and provide a list of potential weaknesses to shore up.
If you are buying a web hosting service, the provider might also bundle a security tool to make sure that you are reasonably secure from the outset – but not usually on an ongoing basis.
Beyond that, many providers also offer a website security package, where they promise a rapid response to threats and mitigation of service denial assaults. Unless you have just a small personal blog, these are a sound investment.
The price of these services isn’t much when you consider how costly having a site offline for any period of time might be, especially for those offering e-commerce.
Whatever approach you take, it’s important that security scans are performed on a regular basis, to identify possible new threats as they emerge, and address them immediately.
Common concerns
The most common forms of attack that websites encounter are these:
Weaknesses by design
While many sites operate with the following features active, they are the source of many security issues for numerous reasons:
Obviously, removing all these functions from a website would make it a much less inviting place for visitors. A judgement call needs to be made about what elements you are prepared to use, and how you intend to mitigate the possible security problems associated with them.
Appropriate protection
There is only one way to guarantee that your website is never hacked, and that’s not to have one. Ultimately, website security is a mitigation exercise where you do enough to make it much less worthwhile to try and hack your site, and also ensure that it’s quicker to recover from any incident.
The exact level of security effort made is a choice that all companies must wrestle with, but for those involved in online selling, the commitment must be 100% to secure the personal and financial details of those who trade with you.
Numerous companies and organizations have had all their customer data stolen and then subsequently used for identity theft scams, with expensive consequences.
Whatever level of protection and monitoring you choose, it needs to be fit for purpose. Finally, consider that having better security than you need has a minimal cost implication, but having less could have huge legal and commercial ramifications.
Mark is an expert on 3D printers, drones and phones. He also covers storage, including SSDs, NAS drives and portable hard drives. He started writing in 1986 and has contributed to MicroMart, PC Format, 3D World, among others.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
