Tips to Make Your Website More Secure
Cyber attacks seem to be occurring more and more due to the advancements in technology and the sophistication of cyber criminals with national cyber attacks expected to intensify greatly by 2025. As a web development company, we are always keeping up with the latest trends and making sure to keep security as our top priority because we know how important it is whether you have a small company or a million-dollar business. Below are some basic tips for keeping security at the forefront of your business.
Site Backups
Scheduling regular site backups will ensure that in the event of malicious attacks or hardware failures, you will still have a recent version of your site ready to be relaunched in a timely manner. Many hosting providers offer regular backups with their services but you can also create backups manually, or using a service such as Amazon S3 coupled with file replication services.
Ask us about configuring high availability and disaster recovery strategies for your business-critical hosting.
Restrict User Permissions to Certain IPs
IP restriction requires users to gain access to website data from a specific IP address defined by the business owner. When restricting user access via IP address, it’s an added layer of protection. It allows an organization to limit access of their business data to only a specified and registered IP address range. Enabling IP restrictions ensures that your important data can’t be accessed at an unsecured public place or through an unregistered IP address.
Two-Factor Authentication
Having secure usernames and passwords is important. Make sure to keep them simple but hard for possible hackers to guess and avoid using common words such as family names or dates. With that being said, even with a solid username and password, there is still vulnerability to third-party attacks trying to gain access. Having two-factor authentication (also known as Multi-Factor Authentication, or MFA) gives you an extra layer of security by requiring users to provide additional information after entering a username and password such as a separate code provided via SMS or a question only you would have the answer to.
DID YOU KNOW? Our engineers often participate in SIG and SIG Lite audits to ensure that our clients, particularly in the financial services sector, comply with industry regulations. As an example, implementing MFA is commonly an outcome of these if it’s not already in place.
SSL
SSL stands for Secure Sockets Layer. Basically, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing hackers from reading and modifying any information transferred, including potential personal details. To know if a site is secure, you will see a padlock icon in the URL bar.
The padlock will show up on the left- or right-hand side of the URL bar, depending on your browser and you can click on the padlock to read more information about the website and the company that provided the certificate. To obtain an SSL certificate for your site, you will need to purchase one from an SSL provider or there are also free options available, like Let’s Encrypt.
FUN FACT: Umbraco Cloud comes with a built-in implementation of the open-source SSL service Let’s Encrypt. The feature of the cloud-based CMS is called Umbraco Latch.
Update Your CMS
Making sure to keep up with CMS updates when available is helpful. Many releases contain bug fixes, but sometimes they also contain security fixes for a certain section of the CMS that was discovered. Even if it’s a minor item, any security fix is beneficial.
You also want to make sure that the CMS you are using is continually following best practices to make sure the platform is as secure as possible. For example, the Umbraco HQ team is diligent about ensuring the safety of their CMS. 3rd party penetration tests are conducted 2x per year, they are continually making sure to fix any vulnerabilities that have been discovered and provide information about manual fixes in a timely and secure manner, and for any clients using Umbraco cloud, fixes are automatically updated on the CMS (Umbraco Cloud).
Website Hosting
Having a stable hosting environment is very important and beneficial to obtaining a more secure website. With a reliable hosting service (we recommend AWS hosting or Umbraco cloud), you will have less downtime, better load time, frequent data backups for added protection, and monitoring of the server and hardware with alerts for any suspicious activity. When choosing a provider make sure to keep all of these things in mind.
DID YOU KNOW? Adhering to industry certifications and standards, such as SOC2, PCI, and others can help your customers (especially if you deal with enterprise businesses) feel confident that you are on top of your security game. In fact, some companies may require this in order to do business with you. Companies like Amazon AWS provide these certifications for you on the infrastructure side.
Conclusion
These are just some basic tips to make sure you are doing what you can to stay protected, but website security is an ongoing process, therefore, staying informed and being proactive to protect your website and client data is key. Of course, we’re also here to help make sure your site is secure and you have one less thing to worry about so don’t hesitate to reach out!
We can help with your security audits and needs.
