The technology has the role of offering new ways to do things more easily, practical, with better results and less effort. This is seen in all areas and it is no different in the corporate environment. On the contrary, the business world knew very well how to take advantage of it, both to obtain more productivity, more profits, as well as to communicate more widely and quickly, among other benefits.
Among all that technology provides, undoubtedly the Internet and how it has developed over the years, it consists of a range of new opportunities for companies already established in the physical world, as well as new ones, which have their performance 100% grounded in the digital world. If on the one hand there are new horizons for everyone, on the other there are also new problems to be faced, and what is possibly the most critical, is security!
Sites visually represent new opportunities for doing business and as such, in the same way as in the real world, it is necessary for people who take care of their business on the Internet, to take certain precautions so that a promising website on the Internet , don’t become a big troublemaker.
No, it’s not an exaggeration! Those who do not know or do not have the necessary experience, may face issues that in some cases seem insoluble and that cause many headaches. Therefore, in this post we have gathered some important tips so that you can work on the security of your website and as much as possible, take advantage of only the benefits that it can provide you.
Consequences of fraud and problems on the Internet
The most unwanted consequence of an Internet security problem is financial losses, which can occur not only because a payment for a sale made in an online store is defrauded, but because customers have been lost, because the company’s image has been affected , because it was spent on advertising and better search engine positions, without the expected counterpart. Anyway, there are several reasons for losses to occur.
Imagine that one or many customers have made a simple registration on your website to receive a newsletter and that such data has fallen into the hands of “virtual crooks”, simply because the security associated with the website has allowed it to be accessed by third parties. Examples like this occur almost daily and affect even large corporations, such as the spill that affected Origin in 2019.
But the types of problems and their origins are many and can affect organizations of all sizes in different measures, as well as their respective sites. The truth is, no one is free from something happening. The most pessimistic go so far as to say that the question is no longer IF a site will be hacked, but WHEN and HOW often it will be!
Seen in this way, there are those who can imagine that if the situation is indeed so worrying and it seems inevitable that someday you will be affected, then why do something? To decrease the chances of this happening and postpone it to the maximum. If not, would you also fail to open a profitable business in the real world, just for the simple and remote possibility of one day being robbed
Therefore, it is up to those responsible to adopt a series of preventive measures that can often significantly reduce the chances of problems, perhaps at the same levels of winning the lottery!
Site security tips
To help you avoid hassles and unwanted losses, we will list 7 important tips for you to implement a security policy on your website.
- Create one site per server
Most website hosting plans allow you to have more than one hosted website and many subdomains. For this reason, it is common to see several sites on the same account, which in consequence, are several sites on the same hosting server.
If a website has a vulnerability or any other situation that implies an attacker’s access to the account, it will have access to all sites under that account.
Another unfavorable point and that it hurts to have more than one website in the same account, is that there are as many times more chances of having security problems as there are sites in the account. Let’s say you have 5 sites, each based on a CMS. There is at least one chance for an attacker to discover a vulnerability, for each hosted site.
- Install an SSL certificate
SSL certificates, in addition to being a favorable aspect to the ranking of the website in search engines, constitute an important and necessary security measure.
Basically what SSL does for website security is to encrypt all data that is exchanged between a device that accesses and the website. If an attacker eventually intercepts the data, he cannot read it, since encryption consists of the process of algorithmically transforming the characters belonging to a sequence. So, a word as simple as “password” can look something like: “yJDekjok4oqws8bnqa3p2m1hjdEWXC”.
There are different SSL certificates available; few of them are wildcard SSL, multi domain, single domain. The necessity of an SSL certificate depends upon site’s requirement for example, a cheap wildcard SSL is ideal to safeguard unlimited subdomains pertaining to a main domain. Nowadays, SSL certificate comes with budget price.
This is a particularly desirable situation, especially nowadays when there are many accesses by mobile devices, which often use hotspots or free Wi-Fi connections and whose security is generally flawed. Intercepting data on public Wi-Fi networks is very simple for a hacker.
- Update your systems
Using outdated software can bring a number of vulnerabilities to your website. And here the concern must be twofold. When we talk about software, we are referring to what you have on your computer and which is usually what you use to access the administrative area of the website, the hosting account, the e-mail account, as well as the CMS that you eventually use to create and manage the site.
Yes, CMS is software, but installed on the hosting server!
Client-side vulnerabilities, such as browsers or an email account management program, could allow an attacker to discover your password from the hosting control panel or from your email account.
When there are vulnerabilities on the server side, that is, in the application you use to maintain your website, it may be possible for the hacker (actually a cracker) to perform various actions on your account, such as installing scripts, deleting or change account content and even gain full control of the hosting account, allowing you to do everything you do, as if you do.
Therefore, it is common for companies like Microsoft to release updates for the operating system, as well as the developers of programs like Mozilla Firefox and others that we have installed on our devices.
Good CMSs, as well as developers of the best and most popular themes and plugins, are also aware of security issues identified and reported by the community of developers and users and often release updates that improve the component on the one hand and correct problems on the other. .
Therefore, always keep your personal system (eg notebook) and your website up to date.
- Build strong passwords
Currently, a user has several accounts on the most diverse platforms and, for this reason, he usually uses a simple password, repeated in all his profiles to facilitate recovery in case of forgetfulness, however this attitude is an opportunity for cybercriminals.
This is a very serious mistake! In some cases, discovering a password can lead to the attacker having access to all your accounts, or in other words, to your social networks , your hosting account control panel , email, etc.
In some cases, it is not even necessary to discover all of them, since many services send a password reminder or password reset link to an email account that was informed at the time of registration. Therefore, if you only have one email account and the attacker finds out its password, it will automatically be able to access everything that the account is associated with.
Therefore, it is important to know how to create strong passwords and that the most important passwords are changed periodically, always making sure that the device that is used to access the respective services is free of malware, as there is no use for a very difficult password, if it is used by a device infected with password-stealing malware.
To help you create a password that is sufficiently secure and easy to remember, we indicate the article: “Password: how to create one that is safe and easy to remember”
- Carefully select applications
With the infinity of technologies for creating different types of websites currently on the market, such as Joomla !, WordPress and Drupal, among a few hundred options, these applications – known as CMSs – have been the main development platform for many websites that we browse daily , including some very popular ones.
In general they are all good, with each one having its own peculiarities and advantages in relation to the others, except for the fact that everyone – without exception – has security problems. Some more than others, it is true and it is not because many are free and open source , that they are more or less subject to it. Even the extremely popular and paid Windows has many.
So, when choosing an application to create and maintain your website, check the security aspects in forums and specialized websites. Even CMSs like WordPress, which has several known flaws, can be a great option, since against the problems, there are always fixes frequently released. On the other hand, there is no use in another CMS with a low rate of problems, but which never releases updates and corrections.
The same applies in terms of the plugins and themes you want to use.
- Back up frequently
In the age of technology, information can be generated quickly and lost just as quickly. A natural event or a simple carelessness, you can lose everything in seconds. Therefore, it is crucial to have a systematic backup routine.
More than that, don’t just rely on the backup routines of the website hosting company you use. First, because the first responsibility for keeping backups up to date is with the website owner. Second, if there is a problem with the hosting backup, you have your own backup to restore the site to its original condition. There are two chances to protect your valuable content!
Some precautions to be taken when backing up your website and email accounts:
Never keep the backup in your hosting account. If the attacker has access to the account, he will also have the backup. In addition, maintaining a backup – of any type of content – with the content, is like keeping the spare key, along with the original. One is lost, both are lost;
For similar reasons, if the backup is kept on your work computer, take the time to record it on external media, such as a USB stick or even a cloud storage service. If your notebook is stolen or physical damage occurs, you have a recovery option;
Don’t leave too much time without making backups. Make a backup schedule, particularly if you update content frequently. Large intervals between them mean a lot of content that is not backed up;
It is very advisable to make a backup before updates and modifications, which can damage the systems and consequently leave the site down;
- Use restrictive and indicated permissions by the hosting
Permissions refer to who can do what within a website and are divided into reading, writing and executing. They are one of the security pillars of Linux- based servers.
Some older and less up-to-date CMSs sometimes change the default permissions for hosting account folders and files during the installation process, especially when done manually. In these cases, it is common to find folders and files with inappropriate permissions and that favor the invasion by someone with the necessary knowledge.
The indicated is that files have 644 permission and folders, 755 permission. If you have doubts about this and how to return the indicated permission, it is recommended that you contact the technical support of your hosting company and ask for help or guidance on how to proceed with the change.
Conclusion
Website security is a fundamental issue in a world where technology offers so many options, but at the same time presents difficulties that many still do not know how to deal with. However, solving most of the most common problems is not difficult and with organization and method, it is possible to substantially reduce the chances of security problems occurring.
