What is Website Security and why is it important?When I was growing up I could leave my house unlocked and the windows open without fear of being broken into; try that today and you ask for trouble. Think of your website as a window or door to your house. Just like a house there are other doors and windows that need to be locked but here we are discussing the minimum 5 locks you need on this door. I am not going to be technical here just simply outline and give a simple reason. The firm behind the now infamous Panama Papers was breached through their site server. One in a series of other lapses in security opened up their database.
1. A Secure Socket Layer Certificate (SSL)Its the little padlock icon in the top of the search bar. When closed you have an SSL when open there is no SSL or there are links on the page that are taking you to a non secured site. SSL or Secure Socket Layer is a small data file that encrypts the connect between a site and a web browser. This ensures the data going back and forth between a site and the browser remains private. This SSL certificate is so important that many search engines initially block a user from accessing the site without clicking through a warning. A website is also punished in terms of being shown in search.
2. A Web Application Firewall (WAF)The WAF is a layer of security that monitors and filters traffic between your site and the internet. This is where it can get really technical so keeping it simple it blocks most types of attacks on your site. There are a few types of WAF however the one we generally use is an End Point Firewall. The other job of a good WAF is to monitor your site for updates that are available for your websites core, code and applications.
3. Keep the Website UpdatedWe are not talking about content here, we are referring to your website core, coding and applications. Those notifications to update aren't there just to annoy you, apart from feature enhancements and bug fixes they are more likely security updates to fix a vulnerability that has been exposed. Hackers love to find sites that aren't updated. The more complex your site the more updates and testing of those updates is required and that leads into the next must have, regular backups.
4. BackupsThere are many reasons why a website might need to be rolled back and they can be summed up quite easily, the site has been corrupted. A scheduled back up to a different storage location than that of your site server is required. It might be something as simple as an update didn't go to plan or something more worrying as an exploit that has laid dormant for some time. We backup regularly and keep these backups for sometime.
5. User Access Rights and Password ProtectionEveryone who needs access to the website should only have as much access as they need. Access should not be shared between individuals. \Passwords must be complex, with the speed and sophistication of password cracks a simple 7 character password can be crack in less than a day. Use at least 8 characters using upper and lower case, numbers and symbols. Use a good password locker and use unique passwords. Where 2 Factor Authentication (2FA) is available use it.
About the author
is the founder and CEO of Cool Runnings Business Solutions PTY LTD. Sean is a process optimisation fanatic and works with his team in the Digital Transformation space. Cool Runnings specialises in configuring and creating software to suit the nuances of your business. Cool Runnings is a Certified Authorised Zoho Partner.