Do you know if you have good online security measures in place?
You have been very sheltered if you have’t noticed the recent tsunami of news casts, articles, blog posts and press releases concerning the recent announcement of a discovery of a flaw in the very fabric of the security system used by a majority of large websites.
Called the Bleeding Heart Bug, this flaw potentially allowed an attacker to penetrate to the very core of a website and gain access to a wide range of supposedly secure information. While alarming and widespread the sad truth is that most security intrusions do not require a giant security OOPS, they simply count on poor user behavior!
Guaranteed SEO work on hundreds of websites and we see a lot of attempts to hack them and mail servers that we manage for our clients. We do our best to work with good vendors who provide secure hosting and implement good online security but, that been said, not all our clients use us to host their sites and no matter how good your hosting security is, it won’t mean a thing if the bad guys get your passwords. This is unfortunate as it can result in, the misuse or defacing of your site as well as lost time and money while you try to fix what has been done by the hackers.
In addition to the potential embarrassment and loss of business there is also the expense of having to fix a site that has being hacked.
Furthermore your website might get black listed by the search engines as a result of being hacked or hi-jacked. Technical matters can be fixed, damage to your reputation and customers lost or offended can not be so easily repaired.
Online Security Best Practices
With online security being as important as it is, there are a few things that have come to light as “best practices” for keeping your website and online business secure. If you don’t do these basic steps then hackers may not need to crack your security, you may have given them the keys to the vault.
- Use good quality passwords.Avoid passwords that are easy to guess (birthdays, pet’s names, telephone numbers), or passwords that are too short. There are hundreds of programs that can break simple passwords in minutes or even seconds. Make it hard and use passwords that mix capital letters, characters and numbers eg. Something like $My#1p@ssword! is reasonably easy to remember yet hard to hack.
- Change your password regularly. If you use the same password for long periods of time other people probably know it. Change passwords regularly particularly on systems that are online and potentially worth hacking. Also, make sure that when employees leave a company you change the passwords on any accounts they may have been accessing etc.
- Use different passwords for different programs. Do not use the same password for different software. Your computer login password should be different from your CMS software login, which should be different from your server software login, which should be different from your personal banking passwords, FaceBook password, Twitter password etc.
- Make sure you have installed anti virus and anti spyware software on all your computers. Hopefully this is obvious, but I am still surprised at how many people don’t do it, including many people who know better. If you are accessing the internet with out good anti virus software you are putting a big HACK ME sign on your virtual forehead.
- Do not give your password to others – EVER! In addition, when you leave your computer to go to lunch or whatever, log out or have the computer set to do so automatically. The corollary to this is don’t leave your password sitting in a drawer, under the keyboard, glued to the back of the computer etc.
5 tips that provide the basics of good online security
- Choose the right hosting solution.The right web host will go a long way in helping prevent attacks from occurring, and will have solid options on how to recover from them. It is important to ensure that the web host maintains the most up-to-date stable versions of all server software. Server software updates will often contain security updates that will make your server much harder to breach. If you are on a shared web hosting service, it may be possible for an attacker to gain access to your website through another website on the same server. Ask your web hosts what security precautions they have in place to deal with it.
- Keeping a clean computer.It is very important to make sure that any computer(s) you use to access your web server or CMS is clean of malware, spyware or virus infection before accessing web hosting accounts. No amount of security will help if attackers are already logging sensitive information from the source. Imagine if someone has installed a key stroke logger software on your machine. When you type in the passwords to your website server, they are recording everything. You just handed them the keys.
- Keep your hosting software up-to-date. In addition to the OS of the hosting server, you need to be sure that any other software you use to run your site is kept up to date. For example if you use a Content Management System, make sure you are running the most current version of your CMS. Guaranteed SEO use WordPress for most of the sites we develop and regularly update the CMS to be sure that current security patches are installed. All major CMS vendors regularly provide updates and security patches so be sure to use them. If the CMS you are using does not provide regular free security updates you may want to review if it is the right solution for your needs.
- Encrypt your connections. Use encrypted connections where available. Connect to the file server using SFTP (Secure File Transfer Protocol) rather than FTP. SFTP ensures that your data is encrypted when sent to the server, therefore your password won’t be easily intercepted by an attacker. Again, why make it easy for people to hack your site, practice basic online security.
- Perform Backups regularly. As secure as web servers and CMSs such as WordPress can be, exploits and hacks may come along that can still gain access to the system that need to be fixed. Therefore is it a necessity to have backups of all of the files on the web server as well as regular database backups to ensure that your content is up to date went restoring.
We hope you find these tips helpful and that they encourage you to take a closer look at your current online security measures to analyze areas for improvement. Remember, it’s not just about having to spend money to fix the problem once you do get hacked, it’s also about protecting your brand from negative public opinion if someone breaks into your website and does something embarrassing using your company’s name.
If you’re worried that your online security isn’t strong enough, why not contact our internet marketing specialists to see if they can help shed some light on the topic.
Call us at 1-866-588-8282 if you have any questions or concerns about your website’s security.