Cybersecurity Tips for Your Website
The Internet Crime Complaint Center (IC3) reported 791,790 cybercrime complaints in 2020 alone. That came with losses of more than $4.1 billion, which represents a 69% increase from the previous year.
If you have a website or are going to create one, you need to pay close attention to cybersecurity threats and be sure your website is safe for you and your users. A website with weak security shows that you don’t care about your user’s safety.
We’ve asked Florence and other cybersecurity experts to provide insight into how to secure a website the right way in 2021
In this article, we provide insights and expert tips to help you secure your website the right way. But let’s start with the potential cyber threats to your website.
Most Common Website Security Attacks
How can your website get hacked?
Phishing is a social engineering act that consists of the hacker sending a misleading message to trick the victim and get their sensitive information, like credit card information. A common example of a phishing attack is CEO impersonation, which consists of the hacker sending a scam email pretending to be the CEO of a company and requesting sensitive information.
A ransomware attack consists of a hacker using malware (i.e. damaging software) to ask a victim for a ransom payment or they will publish their data.
Denial of Service (DoS)
Denial of Service consists of a hacker overwhelming a website with Internet traffic until it becomes unavailable and crashes.
SQL injection is a technique that consists of a hacker using malicious SQL statements to access sensitive information.
Cross-site scripting happens when a hacker inserts malicious code into a website to steal users’ information like cookies and session tokens.
In code injection, a hacker takes advantage of poor handling of data to run malicious code on an application.
Malware is a generic term referring to malicious code that hackers use to take control of your website through viruses or worms.
How to Keep Your Website Secure
Step 1: Start with a Safe Web Host
The first step to having a secure website consists of using a secure website hosting provider, considering this is the place where all your data and files are stored.
If a hacker attacks your web host, your website is at risk too.
What does this mean to you? To start with, if your web hosting service doesn’t have strong security features, hackers will find it easy to run malicious code or find other ways to break into your website.
Your website host needs security features like web application firewall (WAF) and denial-of-service (DDoS) protection.
Step 2: Use HTTPS
Have you ever noticed a warning when entering a website site with no SSL certificate?
Encryption is a must-have if you want to keep your website safe. Google even puts websites without HTTPS in a disfavorable SEO position, which means your website will rank lower and ultimately get less traffic.
SSLs certificates encrypt the information passing between your website and your visitors.
When setting up an SSL certificate for your website, create expiration alerts so you’re always reminded when it’s time to renew it.
Good website platforms and web hosts come with free SSL certificates. But if you want advanced security features, consider purchasing an advanced SSL certificate from your web host.
Step 3: Manage Admin Rights
Studies on cyberattacks that happened in 2020 show that 56% of critical vulnerabilities can be mitigated simply by removing admin rights.
This is a basic, yet powerful measure you or your business can take to protect your website.
When a large number of users have access to a website, it becomes difficult to ensure that all cyber safety measures are in place.
If admin rights are restricted, everything is more predictable and easier to manage and account for.
But can simply reducing the number of administrators stop cyber risks? Of course not. The National Security Agency put together a list of the best practices to take control of admin rights:
- Deny remote access to your network and make sure local admins use machines where they are physically located. Also, make them use cyber-safe workstations at all times.
- Limit admin access to computers that contain sensitive information, since users could unwillingly expose credentials.
- Remove membership of standard user accounts from the local administrator group to have an additional barrier from malicious hackers.
- Don’t use accounts with admin rights to browse the internet, access email, or carry other unnecessary tasks that could involve processing malicious information of different kinds.
- Reduce the number of administrates with privileged rights such as the ones that have access to domain admin credentials.
- Always use multi-factor authentication for admins with privileged rights
- Make sure to use and manage your passwords effectively by asking for password changes regularly, ensuring they are different for every admin, and keeping them in a physical safe or other offline location. In the next section, we’ll dive deeper into how to manage your passwords.
Step 4: Manage Passwords Effectively
Did you know that 64% of sites use unencrypted passwords?
That makes it extremely easy for potential hackers to attack systems, as they can simply track the traffic to the website.
When you create a password, include different letters, as well as symbols and numbers.
Your passwords need not be related to you in any way, and you must change them regularly. To store your passwords safely online, use a password management tool like LastPass.
In addition to using secure passwords, follow these best practices to stop potential hackers from cracking into your website:
- Restrict authentication URLs access
- Restrict the number of login attempts
- Use CAPTCHAs on your site
- Add multi-factor authentication
Step 5: Update Your Website Regularly
No matter which platform you chose to create your website, you need to update the software, but also the themes, plugins, and extensions you run on it.
These software updates consist of fixes that cover security flaws and prevent potential cyber-attacks. But there’s more you should do to keep your website platform safe. If you use plug-ins to enhance the features of your site, run updates on a regular basis for those too.
Step 6: Use Anti-Malware Software
Antivirus software will keep you protected from basic cyber threats including worms and phishing attacks, but if you’re looking to be really cyber safe, use an anti-malware software program to scan your computer and find potential malware. This type of software will also help you prevent cyber threats and remove malware of different kinds.
Make sure anti-malware software is on your radar when you’re creating a website, and be sure it’s part of your checklist before the website is live. If you do, access from unauthorized parties becomes difficult.
Fortunately, you have many options to choose from when it comes to anti-malware software. AVG and many other brands offer free versions with basic features. These will help you detect and block viruses, malware, and more.
Step 7: Use of Security Plugins
Consider making use of security plugins and software to add an extra layer of security to your website.
No matter which website platform you’re using, you can download a plugin to enhance its cybersecurity functionalities.
There are many you can download for free — especially if you’re using WordPress. For example, Bulletproof Security and iThemes Security are two amazing website security plugins available for WordPress users.
Alternatively, you can use a software program like SiteLock to detect viruses, malware, and general vulnerabilities.
Step 8: Perform Security Checks of Your Website
Don’t forget to track your website security status and identify potential threats at all times. These are necessary especially to verify the compliance of your website with data protection laws.
To do that, run security checks of your website on a regular basis. How often? At least every quarter.
If you’re looking for a free tool to run website security checks, look into ImmuniWeb’s “Community Edition” online tool, SiteLock Scanner, or Patchstack.
Step 9: Backup Your Website Regularly
Website owners often forget about proper back-ups. In the case of a cyberattack or data breach, back-ups are essential to avoid any data losses that could greatly harm your business.
Not running backups might mean losing all the information on your website.
You can use cloud storage to run automatic data backups of your site at regular intervals., but it’s important you also have a proper recovery plan. Also, remember that cloud computing services can’t guarantee complete privacy because they are on outside servers. Consider using a plugin like UpdraftPlus to perform automatic backups of your website.
The United States Government suggests that you use the 3-2-1 backup strategy for complete data protection and availability:
- 3 copies of essential files (1 primary and 2 backups).
- 2 different media types to store your data
- 1 offsite copy (i.e., outside your office or home)