Website Security Scanner Online
If you're running a business website then you hopefully already know that you should be giving it a regular website security scan. You may not, however, have thought about all the extra steps you can, should, and must take to maximize your website's security. Here are some tips.
Start with your domain
Ideally, you should buy your domain directly from a domain registrar. This may be slightly more expensive than having a host bundle it with a hosting package but it gives you full control over it.
Make sure you activate any privacy options available to you, even if you have to pay. Use a genuinely strong and unique password for your domain account and activate two-factor authentication (it's practically guaranteed to be available). Put a lock on your domain so that any important action needs extra verification.
Take the security of your servers very seriously
Think of your web servers as back doors to your website. You need to make sure that they're robust and properly locked. This is becoming increasingly important as the current generation of cybercriminals are showing themselves not just increasingly willing, but increasingly able, to mount attacks directly on web servers. In short, the extra work involved can now be justified by the value the data servers often contain, particularly database servers (and mail servers).
If you're using a third-party hosting service (as most SMBs probably will), then security should be a far higher consideration than price. Uptime, page-load speed, technical support, and customer service should also be far higher considerations than price. Trying to save money in any of these areas often turns out to be a false economy, generally a painful one.
Similarly, be prepared to spend money on a high-quality hosting package. A dedicated server costs extra, but it can be worth the money, especially if you have sensitive data. Firstly, you're never going to find yourself facing problems caused by someone else's lack of security. Secondly, you'll have total control over your website's environment and so you can do whatever you think best without any constraints or the need to ask permission.
Sharing a server can be a reasonable option, especially if you don't have sensitive data. You will, however, need to be careful to nail down your file and directory permissions. These form your first line of defense against malware from neighboring sites leaking into yours. You also need to be willing, or at least prepared, to live with the restrictions which are an inevitable part of such arrangements.
Do everything you can to harden your database
There are many steps you can take to harden your database, but most of them revolve around three basic concepts. These are as follows.
1. Keep access to a minimum.
This means that humans, websites, and applications should only have access to a database if they really need it and only to the extent that they need it. Each database user should have their own set of credentials so that their activity can be monitored.
2. Keep all sensitive data encrypted.
From a security perspective, it doesn't hurt to keep all data encrypted, but certainly, keep sensitive data encrypted. This may sound like common sense (and often the law) but as continual cyberattacks show, it seems to be something many companies overlook.
3. Keep your data robustly backed up.
These days the practical definition of “robustly” is, “backed up in a way that means you can still recover it even if you fall victim to slow-acting ransomware”.
In short, you can, should, and must do everything you can to protect the integrity of your website. You should, however, also work on the assumption that your defenses will be breached and think about what you need to do to protect your data, or at least your sensitive data.
Regularly carry out a website security scan
You can do this manually, but for most SMBs this approach is more hassle and risky than it's worth. These free ad hoc scans are, however, a good way to trial a service that you might be interested in using on a paid-for basis.
Different vendors will have different approaches to implementing a website vulnerability scan, however, any decent paid-for service will include an anti-malware scanner and a web applications firewall. These are both core to defending your website against cyber attackers.
You might also want to consider signing up for a DDoS mitigation service. These days, even a high-quality firewall is likely to struggle if it has to deal with a DDoS attack on its own.
Last but not least, you need an anti-malware solution with an integrated firewall for your local computers and mobile devices. If you have remote and/or mobile users, you should also invest in a VPN.
Please click here now to have your website scanned, for free, by cWatch from Comodo.