There is so much you need to know when running a small business. Sometimes it feels like there are more new things you need to understand each day than you can learn. Website security shouldn’t have to be one of these bewildering things. After all, your website is one of the faces of your business and serves as a digital entrance for your customers, and often your employees as well. Here are key website security fundamentals that all small businesses should be practicing.
Foremost, you’re going to want to have a clear idea of which pages on your site are for public use, and which are administrative, that is, just for you and your employees to use. You’re going to want to block Google access to the administrative pages. This is often quite easy, just one text command that you, your employees, or your website design team adds to the pages you mean to keep private.
If you and your team are unsure of how to do this, or if this is already done, you can hire a professional to have a quick look at your site and let you know which pages are easy to access. Approximately 30,000 web pages are hacked every day. This is a quick way to ensure that you are not one of those 30,000.
Second, you’re going to want to be backing things up on the regular. This is one of those things that people are told often but tend not to take seriously until that terrible day they lose everything they were supposed to be backing up. Think about it, when you were in school did you start saving your essays every twenty minutes before or after you lost that especially dreary paper due to a power outage and had to write the whole thing again? It's a website security fundamental to not take lightly!
Many website hosting services will include backups in their packages. Ask a few questions to ensure your site is being saved regularly (ideally, once a week). If it isn’t, this task now falls on you, your staff, or your web design team. Alternatively, many affordable web design service providers can set up your pages for you and then teach you how to complete the backup yourself. They can also work with your backup settings on a hosting service to make sure your site is being protected.
Figure out what your current settings are — how long after someone who is logged in goes inactive does their access expire? It shouldn’t be more than a couple of hours. Yes, this will mildly annoy your employees from time to time as they will likely have to log in more frequently, but it will save you, your team, and your customers a potential big annoyance in the future. While you’re at it, make sure you and your staff are using high-quality passwords for their logins. Remember, it’s not people sitting down and guessing the password that is the problem, it’s computer algorithms running through each possibility.
Hopefully, you have heard of an SSL, but if you haven’t, it encrypts the data collected from your customers like their address or credit card information, or phone number. If anyone is “listening in” to what your customers are doing on your site, they will have a much harder time accessing this valuable information. As a lovely bonus, search engines tend to rank sites with SSL certificates more highly as they are seen as more trustworthy, so this tip can also help with the search engine optimization of your site.
Website security is a chess game where your opponents are forever changing their strategies. While these four tips are a great jumping-off point, regular research is needed to stay on top of the shifts in web security fundamentals, security standards and techniques.