Security is a massive part of the business. How do you keep your clients safe and keep your business safe? With cyber crimes continuing to escalate, small businesses must be diligent in keeping secure.
Today we will discuss security features you need to have on your hosting account (where your website is stored) to keep your online webpage and emails secure.
It is important to note that Security starts with your business’s owners, managers, and employees. Strong passwords and resetting passwords regularly (every 90 days or sooner) will be your most substantial protection.
Apart from this, there are some things you can make sure you have in place for your online presence. They are in no particular order.
1. SSL Certificate. Security is a massive part of the business. How do you keep your clients safe and keep your business safe? With cyber crimes continuing to escalate, small businesses must be diligent in keeping secure. It is important to note that Security starts with your business’s owners, managers, and employees. Here is one way to make sure your customers are safe
2. External Backups. To protect yourself from ransomware (or just messing something up on your website), you need to have automatic backups to an external server (not on your server) of all your files (email and website). This will give you added peace of mind that you can get your data back if something goes wrong.
3. Private IP address. Most hosting programs are on a shared hosting account. However, you want to ensure your website is on an individual IP address or a dedicated server for added Security. This means your website will have a unique IP address, and it will not share it. It is like a home address for your website.
Why is this important? You can get cheap hosting when you are on a shared account like Go-Daddy or Host Gator because you are paying for a lot lower Security. However, it is like sharing a house with dozens of people you don’t know. When one of the websites gets hacked, they all can. Also, having a private IP address protects your clients because websites often collect data (that is why we have a Data policy), and once the hacker is in, they have access to your client’s information to see if it is stored there.
4. Firewall Yep, your server (like your computer) needs a firewall that scans incoming information to protect it from harmful users like cyber attackers. Cybersecurity and Infrastructure Security Agency states, “Firewalls protect by shielding your computer or network from malicious or unnecessary network traffic.” If you are not sure your hosting platform has it, reach out to them.
https://www.cisa.gov/uscert/ncas/tips/ST04-004
5. Encrypt your email. According to digitalguardian.com, “Encrypting emails means disguising the content of the email messages to protect sensitive information from being read by anyone other than the intended recipient. Hackers wishing to access your personal information have a more substantial task when you encrypt all email messages as a standard practice. It can be a daunting and tedious task even most dedicated hackers may feel is not worth the effort.” When you encrypt your emails, you are going the extra mile to protect your customers and yourself. Most providers have this as an option (usually not default); if you are in finance, law, or health, this will be mandatory. https://gemwebsitedesigns.com/
To read more about email encryption, follow the link below:
6. Setup automatic password reset reminders
Life gets busy, but protecting your passwords and personal information starts with securing passwords. Your passwords are your first line of defense against intrusion.” as stated by keepersecurity.com. So make sure you set up an automated password reset reminder for a minimum of every 90 days (or sooner). This will be your best internal guard for online protection. Why 90 days? 90 days is the most common, but some companies pick 30 or 180 days. There is no absolute number. According to blog.1password.com, “security specialists felt that 90 days was short enough to “beat” any hacker trying to brute-force a hashed password without being too inconvenient for the account owner, who is ultimately responsible for updating the password.”
Some say there is no need to change your password as long as it is solid and unique. According to blog.1password.com, “you only need to update them if they show up in a leak or if you discover that the company, platform, or service guarding them has been compromised.”
Whatever way you choose to keep hackers from invading your company, it is up to you. Just know that Security is everyone’s responsibility: business owners, managers, and employees. Unfortunately, it takes one person does not take it seriously for problems to occur.
For more information on resetting passwords, follow the links below:
“How Often Should You Change Your Passwords?” from keepwersecurity.com
“Do You Really Need To Change Your Password Every 90 Days” from 1password.com
It is important to note that Security starts with the owners.
These will be the essential points to keep in mind.
Pro-Tip On Your Server-
Most shared hosting servers are not updated regularly. This is because there are so many users on one server & the hosting company cannot force all users to update their websites (which holds back essential updates on the server). This is another significant security risk. Reach out to your hosting provider to see how they address this issue.
If you have any questions about this subject, contact me at office@gemwebsitedesigns.com. As a plug, our hosting platforms address ALL these concerns. Security is our #1 priority when it comes to hosting, and we take the guesswork out of it by ensuring your site has everything it needs to be successful and protected.
You can see what we offer and all our hosting packages at https://gemwebsitedesigns.com/services/website-hosting/.