Improving Website Security
Cybersecurity is a priority topic for many companies, and for good reason. We’ve all seen the headlines about catastrophic data breaches compromising customer information and permanently damaging the company’s reputation.
Every year the number of companies who experience cybercrime is growing. In 2018 there were more than 351,000 breaches reported to IC3--a dramatic increase of roughly 18% when compared to 2016. More shocking? average breach costs $3.86 million in damages. It’s easy to see why increasing website security is your best chance to avoid a growing and costly problem for business owners, especially startups focused on establishing their reputation and encouraging growth.
Focus on these key security tactics when working on your website.
Start with a solid foundation: choose a secure CMS
If your website were a home, the content management system (CMS) would be the foundation. Essentially, it’s the back-end of the site where all your front-facing digital content is managed and updated. There are many popular CMS platforms out there, with WordPress being the most commonly used for startups.
In fact, WordPress is the most popular CMS in the world, largely because it’s free and offers a wide array of plugins and templates. It’s also a known fact that it is not the most secure platform. Alternatives like Sitefinity come with a price, but are known for reliable security as part of the CMS architecture. If you’re building or updating your startup’s website, be sure to compare multiple CMS options and vet security features of each.
If you’re partnering with an agency or external partner for your web development project, make sure that your partner has a full understanding of your business and unique needs to choose the best option for your security. While it may be costlier upfront, a data breach can have catastrophic costs for your business.
Using HTTPS will increase website security
HTTPS is a way to encrypt the data that your visitors send between their browser and a web server. It protects personally identifiable data like names, emails, phone numbers, logins and credit card data. This is a relatively quick and immediate way to increase website security.
Some of the security benefits of HTTPS include:
- It keeps the contents of your web traffic private.
- It protects users’ internet data from being compromised over public WiFi networks.
- Some ISPs inject ads into users’ unencrypted web traffic. HTTPS can prevent this.
Having your website on HTTPS has other added benefits, including:
- SEO benefits: Google factors in HTTPS as part of the overall search ranking, giving HTTPS websites an advantage in search results over HTTP sites.
- Brand trust: HTTPS allows for a padlock and “secure” tag next to your website URL in the address bar of a browser, building immediate trust with website visitors.
When browsing in Chrome, non-HTTPS sites are labeled by Google with a grey “Not secure” tag next to the URL. To see if your site is secure, using Google Chrome, input your domain into the address bar and if there is a green secure tag to the left of the address, or if there is a padlock, you are secure. If nothing appears, you are not running HTTPS and thus, not secure. This could taint how your website visitors perceive your brand, especially since 60% of all web traffic comes from Google Chrome.
At Bayshore, we’ve helped many customers upgrade to HTTPS. Click here to learn more about this essential website security upgrade.
Keep your software up-to-date
A very simple but often overlooked preventative measure for website security is keeping all software and plugins up to date. New ways to hack websites come out daily and the developers of your website’s software push out updates to provide you with the latest counter-attack measures. Every update you ignore opens the door to your data just a bit wider to hackers.
To increase website security, install updates to the software that runs your website right when they come out. You’ll be able to take advantage or the latest patches and bug fixes that contribute to overall security. It’s really that simple.
Most software and plugins will provide alerts when an update is available, or allow you to set up an auto-update. Consult with your IT team to figure out the best option. While it’s a more manual process, you can also set up periodic meetings and use a software checklist to see if any updates have been released. It doesn’t matter how it happens, just make sure it does.
This is also a practice that should become mandatory for any software that touches sensitive data within your company
These are just three methods your company can use to increase website security. There are many other factors to consider and steps to take when building a secure website environment. Do you research, partner with an experienced resources if you’re updating your website and make sure your teams are trained on security best practices to avoid a costly cybersecurity problem in the future.
Our partners at Bayshore Solutions contributed this guest post.
Keep up with the latest in Tampa Bay startup news, local talent interviews and founder resources.
Delivered to your inbox every Thursday.