Blog: Five steps to increase your website’s security

Cyber security is currently a big focus for many businesses, who have had implement various cyber security safety policies including data sharing when working from home, safe file sharing mechanisms and checks to ensure your employees and customers personal data is secure. Whilst all these efforts have been much needed and have increased the security of data and CRM systems, an often overlooked cyber security element is your website.

Below our Business Communications Manager, Rachael Zaidel Lamb shares five things you should check and implement to make sure your website is as safe and secure as it can be.

1. User security

A common security flaw on websites is the user profiles on your site. It is best practice to regularly review what user accounts there are on your website, deleting any user profiles from past employees and making sure any current users are regularly updating their passwords, with a secure password.  If like a lot of people you struggle to vary from using the same password for every application then a a secure password generator like Avast  or LastPass is the best solution, generating random secure passwords. Making sure these passwords are regularly changed and updated is also important, leading to the next point…

2. Updates updates updates

Just like your PC and mobile phone your website content management system (e.g. WordPresss, Umbraco etc.)  will often have updates for bugs and fixes, it is vital that you update this system regularly to make sure your website has the best chance of remaining secure.  These updates will often appear when you first login to your site.

Plugins can make your website look and flow so much better and can be the busy marketer’s best friend, enabling you to display and  include content in the most effective ways, but just like any other software it needs updating. It can be tempting to hit ‘remind me later’ when you login to the backend of you site and get a notification to update another plugin, but it is a necessary evil to keep your site safe and secure. Outdated or non-existent plugins can be vulnerable to hackers and malware, similar to dormant user accounts, if hacker gains access they can jeopardise your site and compromise the data held on your site.

3. Malware Scans

Malware is increasingly being used to exploit web servers, the websites they host, and the users of the websites. A malware infection can impact your business by resulting in the loss of IP or data, as well as financial fraud, causing your online reputation and customer trust to be diminished. Malware can also impact your search ranking, as search engines may blacklist your domain and remove your site from search listings.

You should ensure your website is regularly scanned for malware so you can identify any malware at the earliest opportunity and can take the necessary actions. Google offers a tool that can help you identify if there is any malware on your site.

An example of how to use this tool is: http://www.google.com/safebrowsing/diagnostic?site=www.cheshireandwarrington.com

In the example above you would need to use your own site’s URL, and start with “www.” make sure you don’t include the “http or https” in your website URL.

The National Cyber Security Centre has guidance on how to protect your business from malware.

4. Use HTTPS

Websites that start with “HTTPS” rather than “HTTP”  use an SSL/TSL certificate, this means that the website has a form of authentication and that data transferred from a web server to a browser (to view web pages) uses a  secure encrypted connection between the web server and the web browser.

The SSL certificate stands for ‘secure sockets layer’, TSL stands for  ‘Transport Layer Security’ it will protect your login details and sensitive data, such as bank information, from hackers and viruses. These certificates will need renewing, usually every few years. As well as being less secure, sites without a valid SSL/TSL certificate can often feature lower in search engine results.

5. Run regular back-ups

Hopefully if you are following the suggestions above then you won’t need to use a back-up you’ve made, but it’s always best to have a back-up in the event of worst case scenario. You should regularly back-up your site, to make sure that you lose as little as possible.

With a back-up you can restore your website after an incident, your back-ups should be stored on a secure server or stored offline.

If your business needs support with cyber security then please contact the Growth Hub