The importance of website security
We have tried to emphasize the importance of Cyber Security at Dragonfly Computers, this extends to our approach to website security. 2016 was a record year for cyber attacks with entire swaths of the internet being taken down and data breaches galore. If you wonder whether even small-town local business websites get attacked, the answer is an emphatic Yes! Our experience has been once a website goes up, attacks will begin somewhere between a couple weeks and a couple months, once they start, they never stop. Many web developers and DIY’ers neglect this aspect of their website and we believe it is absolutely crucial. Website security grows more important every day as the tools attackers use become more automated and sophisticated. Here are some steps we take on every website we build.
If you’ve ever noticed that some websites you go to have a little security lock in the address bar and start with https instead of http, this is because they are using a SSL certificate. You NEVER want to enter confidential information on a website that does not have https in the address bar. So what does it do? It encrypts the traffic between your website and the computers that visit it. It also verifies that you are the owner of that website. Certificates aren’t issued automatically, in order to install one, some details such as your business name, domain name and web server must be verified. This helps when building trust with your users. Even if you don’t sell things on your website, just having a contact form exposes potential customer details to any cybercriminal who may be between your customer and your web server. In addition, Google and other search engines have used SSL Certificates as a positive ranking factor for years, so they assist with SEO as well.
Website firewall and Malware protection
The firewall allows us to set lots of rules governing the website, such as: blocking automated attacks, blocking specific IP addresses, and hiding certain parts of the website that are visible by default. When people ask what attackers do to websites, they often assume it is just to deface them. Only amateurs do that. A real pro might do things like use the website database to generate “ghost pages” that you don’t realize are there. These pages will have your domain as it’s root but be links to things like advertisements for fake prescription meds. So, for example, they could create a page that would look like this: www.yourdomain.com/freeviagra. Why would they do this? Because you’re paying for the hosting and they are using your server space and bandwidth to drive people to their scam websites. This can also affect your results in Google and not in a good way. Another common attack would install malware or malicious software on your website that deploys it’s package to all of your users. When potential customers come to your website, they are getting infected with malware or even worse, ransomware. If your site ever becomes flagged as an attack site, it can be very difficult to have it removed. In addition, you could lose the trust of your precious local customers. This could be a fatality to a business and something we would want to avoid at all costs. We scan our sites daily for malware if it is ever detected we have experts that help us remove these infections manually rather that use an automated service which often doesn’t work as well.
If you have an existing website, call your developer and ask them when was the last time your site was backed up. Many developers do not offer that service, it is a standard part of our package at Dragonfly Computers. Why would you need your website backed up? There are so many reasons. If your site is ever attacked, defaced, or loaded with Malware, we can immediately revert to a previous backup to have the site fixed and back up in a matter of hours. If there is ever an update that breaks the site (yes this happens) we have a current backup, we can reinstate. Also, sometimes web servers get blacklisted which can cause email problems among other things. If we need to move to a different web server, having current backup makes the process much easier. We keep 30 days of backups on hand for every website we host, the backups run late at night so as not to affect performance during business hours.
I can’t stress the importance of this enough. Once you cover the basics, such as not using “admin” as a username and not using password1 as your master password, one of the biggest vulnerabilities on your site is using older version of WordPress, plugins, and your theme. With WordPress being open source, once a vulnerability is discovered it will be listed everywhere on the Internet. Everything must be kept up to date at all times! This of paramount importance in today’s world of constant attacks on your website. It is a lot of work; themes, plugins, and platforms update almost daily, sometimes the updates break parts of your site which you must discover and fix. It’s the dirty work that most people don’t want to do.
Solid website security isn’t free, and all of these services do cost a little extra, but in the long run wouldn’t you rather have the peace of mind knowing that your site is backed up and protected? Think of what it would cost you if you lost everything on your site and had to start from scratch. Think about the negative impact it could have on your business if your site starts getting flagged on search engines as an attack site. It’s a question I often ask people, what is your data worth? I’ve already asked that question and I’ve seen the results of people losing it all. It’s not pretty so we do everything we can to be proactive, make you an uninviting target, and have a plan b and c in case of disaster. Contact us to learn more.