A recent study conducted by University of Maryland’s Clark School found that hacker attacks on computers with internet access happen on average once every 39 seconds and affect one in three Americans each year. You may feel that your business may not be at risk for a cyber-attack, but the truth of the matter is that a whopping 64% of companies have experienced attacks as such and 95% of breaches are due to human error.
Here at VisioneerIT, we offer website security with all of our website hosting plans to help provide you with peace of mind that your company, its clients and website are secure. However, it's still important to remain diligent when it comes to protecting yourself against threats. If you’re interested in learning about the various steps you can take to secure your company and its customers, then this article will provide you with 9 simple ways you can work towards enhancing the security of your website as soon as today.
1. Conduct regular and routine software updates
With the multitude of responsibilities you have as a business owner it can be quite easy to forget something as seemingly trivial as keeping track of when your software needs to be updated. However, this seemingly insignificant task can have a massive impact on your website’s security as well as the security of your business and its patrons. Believe it or not, according to BulletProof’s 2019 report, 22% of the “high and critical-risk” security issues which were reported were the result of outdated and/or unpatched software. Hackers aggressively target security flaws in website software and as a result, it’s essential to ensure that every software product which you use remains up to date.
2. Customize your admin path
According to recent data from IBM, the average cost of a data breach is a whopping $3.9 million. No company can afford this level of distress to their finances or corporate reputation. Fortunately, something as simple as customizing your admin path can help provide you with an added barrier of protection against harmful attacks. This is because that many attacks are implemented using automated techniques which look for standard configurations on sites. Brute force attacks are often implemented on username and password combinations and something as simple as changing your path from “website.com/admin” to “website.com/fksewr” (something randomized) can make it a lot more difficult for these individuals to find your admin page and initiate an attack. If you choose a plan with VisioneerIT, you can rest assured that our hosting plans' websites are not accessible from the "wp-admin" path.
3. Keep only essential files, plug-ins or apps
According to a global survey conducted by Accenture, security breaches have increase by a massive 67% in the past five years alone. Something as simple as doing a quick inventory of the various applications you use can make all of the difference. We know, it can be pretty easy to go wild when it comes to the various plug-ins and apps which you utilize for your website. They’re simple, they make life easy and there’s a multitude of options for practically every concern on the planet. However, these same applications can leave you vulnerable to attacks as they also provide hackers with possible points of entry. Keep inventory of the ones you use. Make sure they’re up to date and delete any non-essential files, applications or plug-ins which you no longer have any use for.
4. Use strong passwords and update them routinely
You’ve heard it time and time again. Everyone pretty much understands how important it is to use strong passwords, but the truth of the matter is that many of us still rely on passwords we’ve used forever which often contain personal information such as birthdays, the names of children we’ve had or other information which can easily be retrieved by searching public domains and social media accounts. How often do you update your passwords? According to TechRepublic, 93% of companies do in fact have password rules, but less than 25% of these companies actually require something as simple and effective as mandatory password changes. Hackers use highly sophisticated software which uses brute force to crack through passwords. In order to protect against attacks as such, passwords should be regularly updated and complex. This means at the very least they should be at least 10 characters long and include a combination of upper and lowercase letters, special characters and numbers.
5. Backup your data
According to the National Archives & Records Administration in Washington, DC, an astounding 93% of businesses who lost their data for 10 days or more had to file bankruptcy within one year of the event. Furthermore, 50% of these businesses were found to have filed bankruptcy immediately. If you’re not regularly backing up your files, then you’re essentially playing a dangerous game of Russian roulette. While many web host providers such as us provide their own daily backups, it is still absolutely essential for you to maintain backups of your own files as well on a regular basis in the event your valuable data becomes lost or inaccessible. Lucky for you, there are a multitude of extensions and plug-ins which can help to automate this process so that it doesn’t have to be done manually.
6. Manage website users and their access to sensitive files
According to a global study by Varonis, 41% of businesses allow all of their employees to access more than 1,000 sensitive files. Sensitive files are those which are deemed to contain critical information such as credit card numbers, personal information or health records. Do you know every single individual who has access to sensitive information, even if just the login information to your website? If you don’t, then you should. Actively manage the various users and take steps to assign appropriate permissions to them based on their role in your company. In the event you find you may need to grant an individual escalate permissions, be sure to remember to reduce those once the task is completed.
7. SSL Encryptions
According to recent statistics by the Hosting Tribunal, approximately 21% of the top 100,000 websites still don’t implement HTTPS and approximately 32.6% of websites have inadequate security. We’ve all heard of SSL encryptions but many of us don’t know exactly what they entail. SSL stands for “secure sockets layer”. Perhaps you’ve noticed that some websites begin with “http” and others begin with “https”. Well, that little “s” is actually an indicator that the website you’re visiting uses SSL encryptions. Whenever you visit a site, fill out a form and click “submit”, the information which you’ve entered is subject to being intercepted by an attacker. However, SSL encryption ensures that there is an encrypted link between the website’s server and the web browser. It renders the information entered meaningless to any person potentially attempting to intercept it and thus provides valuable protection for critical information such as passwords, logins, bank accounts and credit card numbers. Security is of paramount importance to us at VisioneerIT -- which is why all of our websites come with free SSL certificates.
8. Implement regular monitoring and testing
According to a recent SCORE report, a whopping 43% of cyber attacks target small to medium sized businesses. Think your company is too small to be on the radar? Think again. Hackers love to target these business because they often don’t have the level of resources available to implement proper security measures that are available to larger companies. If hiring a security expert simply isn’t a financially feasible option for you, then it is absolutely critical that you take steps to implement ongoing monitoring of your website and its activity. Purchase the appropriate software to do so or install a reputable plug-in or application which implements consistent monitoring and testing of your files and website activity in order to keep abreast of potential changes and/or abnormalities. Scans to consider are daily malware detection, file change detection (included with our website hosting plans), PAN scanning, security event log monitoring, vulnerability scanning, and penetration testing.
9. Choose a reputable hosting company
Believe it or not, according to Acunetix’s Web Application Vulnerability Report for 2019, 46% of websites have what are deemed as “high cyber security vulnerabilities”. Even more interesting is the fact that this same report also found that a whopping 87% of websites have what are considered “medium security vulnerabilities”. With VisioneerIT, we offer website security with all of our website hosting plans which include malware and firewall protection. However, this isn't the case with all providers. Fortunately, you don’t have to be a cyber security expert in order to take steps to properly ensure the security of your company and its clientele. Something as simple as taking the time to vet your web hosting provider can make all of the difference. Also take into consideration the various forms of technical support they offer as well as its availability and the methods of contact which can be used. You want a provider which provides ongoing support who can be there in the event an issue should arise and respond efficiently.
Cybersecurity attacks are rapidly on the rise. According to Identity Theft Resource Center’s 2018 End-of-Year Data Breach Report, the instance of web attacks jumped 126% from 2017 alone. You don’t have to be a cybersecurity expert in order to take control of your website’s security. These 9 simple steps can be implemented by just about anyone regardless of their technical expertise in the field. Use this article as a guide to get you started on the path towards more enhanced website security for 2020.
When it comes to website security, how does your website hosting provider stack up? Here at VisioneerIT we offer website security as an added feature to our website hosting package in order to give you the peace of mind that your business and its customers are safe. To learn more visit www.visioneerit.com