Sep 24, 2020


Web Design

Is your site prepared to fend off a cyber-attack that could lead to the loss of sensitive data, including your personal or customer information? These losses can cost you significant fees in damages/reparations, and they can seriously damage your company’s reputation. Here are four ways you can improve the security of your website.

1. Establish Strong Device Security Protocols

Consider the people in your business who have access to make edits to your website and your company’s social accounts. What devices do they use to make these changes and additions? Desktop computers, laptops, and even mobile devices are all commonly used to access a company’s online assets. This means that if any of these devices are lost, stolen, or compromised, you could be giving someone easy access to all your company’s online accounts.

Device security is an important component of any security strategy, well beyond just the security around your website. Entrepreneur recommends taking the following steps to tighten your device and network security:

  • Ensure that logins expire after a short period of inactivity.
  • Change passwords frequently.
  • Create strong passwords, and don’t write them down.
  • Scan all devices that are plugged into the network for malware each time they are attached.

In addition to creating strong passwords that are changed frequently, we also recommend utilizing multi-factor authentication (MFA) to add another layer of user identification and further protect your credentials. While some of these precautions may seem obvious, they’re also ones that many people skip because they also add a layer of slight inconvenience to the login process. Yes, requiring that passwords be strong and changed regularly can be a bit of a pain, and MFA certainly frustrates some people if it is not properly deployed, but these are critical steps that cannot be skipped if you want to mitigate the largest possible amount of cyber risk for all of your accounts, not just your website.

2. Use SSL

We previously published an article on our blog highlighting the importance of using an SSL certificate on your web pages. SSL, which stands for Secure Sockets Layer, encrypts the transmission of data from a person’s computer to the web server where a website is hosted. If your website is attacked and a cybercriminal intercepts your data, an SSL certificate provides a layer of security to this transmission that disables the offending party from accessing the data in its plain text form.

SSL certificates have been traditionally used on websites that collect personally identifiable information - credit card numbers, social security numbers, addresses, and birthdates. SSLs are not only for Ecommerce websites, however. Google has been recommending that all websites use an SSL for years now, a recommendation that Envision has long echoed. In fact, as a part of their efforts to make the Internet a more secure environment for users, Google will now flag any and all websites who don’t have an SSL certificate in place, listing them as “Not Secure” in their flagship Google Chrome browser. This flag may potentially cause you to lose customers who may be fearful of entering their personal information into, or even simply browsing, a website that has been marked in this way. Thus, we strongly recommend that all sites, not just those that routinely collect personal information from site visitors, have an SSL certificate in place. Installing SSL has become an industry “best practice”, and it will improve both your site’s security and reputation.

3. Deploy a Web-Application Firewall & Install Security Applications

Web application firewalls (WAF) will defend your website against malicious requests and are especially important for websites that frequently experience high volumes of traffic. According to Microsoft:

“Web application firewalls help secure your web applications by inspecting inbound web traffic to block SQL injections, Cross-Site Scripting, malware uploads & application DDoS, and other attacks. They also inspect the responses from the back-end web servers for Data Loss Prevention (DLP).”

This firewall backbone can be enhanced by installing additional, secondary security applications on your website. Common security applications include vulnerability scanners, authentication platforms, SSL server tests, web audits, and reputation monitors. One of our primary security partners, Sophos, develops and offers a large variety of these types of applications for communication endpoint, encryption, network security, email security, mobile security, and unified threat management.

4. Keep Your Software Up-To-Date

We recommend updating your software on a regular basis to protect customer data and enhance your overall online security. Since you’re more likely to fall victim to a software vulnerability than a physical vulnerability, it’s critical to keep your operating system, web browser, and computer software up-to-date. In particular, pay attention to updates to the content management system (CMS) that your website is built upon. Whether you’re using Craft, DNN, ExpressionEngine, WordPress, or some other platform, CMS providers regularly release updates to their software, and those updates often include critical security patches that will help to keep your website safeguarded.

Ask the team responsible for your website, whether they are an internal or external team, about their process for keeping the CMS up to date with the latest versions and security features to make sure that your site is protected.

Have Questions? We Can Help.

If you’re not sure about the status of your website security, or you want to learn more about how you can better protect your digital assets, contact our Envision web experts today. We’d be happy to have a conversation with you about your online security or any other aspects of your company’s website and digital marketing needs.

Explore our cybersecurity services to find out how you can further protect your organization and its people.