These days, sadly, hacker protection is, or should be, a high priority for any business owner (even if they don’t have a website). The good news is that it’s possible to have a very high level of hacker protection with common sense and effective policies, plus a few, affordable, security tools. Here are some tips.
What You Need to Know about Hacker Protection
There’s a strong link between privacy and hacker protection
When you buy your domain, make sure you check all the privacy options, even if you have to pay for them. Also, choose two-factor authentication if it’s available (it usually is) and put a lock on your domain so that important actions (like transfers) require additional authentication.
Think about how you display your contact details on your website. On the one hand, you want to reassure your customers that you exist in the real world (this gives you a lot of credibility). On the other hand, if you only have one business address, then that’s presumably the address you use for everything to do with your website (e.g. paying for your domain and hosting). This means that knowing it could be very useful to hackers.
If you need to have members of the public visit you at your premises, then you will probably have to display your full street address on your website. If you don’t, then you might want to consider getting a PO Box for privacy.
Secure hosting is worth paying for
Be very aware that cyberattacks are increasingly being undertaken for financial gain, rather than just for the thrill of making mischief. This means that hackers are both increasingly willing and increasingly able to undertake challenging attacks provided that they think the potential reward justifies their effort.
If you’re self-hosting, then you need to take server security and, in particular, database (and possibly mail) server security very seriously indeed. If you’re using a third-party web-hosting vendor, then you need to make sure that they take server security very seriously indeed. To be clear, security, uptime, page-load speed, technical support, and customer service should all be much higher priorities than headline price.
On a similar note, it can often be worth paying extra for a higher-level hosting package if it delivers extra security and a better experience for your customers. For example, picking up on the connection between privacy and security, you may want to give serious consideration to paying extra for a dedicated server. Quite bluntly, this means you are guaranteed to be insulated from the effects of someone else’s security mistakes.
It’s also worth giving serious consideration to buying as much bandwidth as you can reasonably afford, even if you don’t think that you’re going to need it. Not only will it give you protection against DDoS attacks (and unexpected spikes in legitimate traffic), it will also improve the user experience in general.
You need a robust website vulnerability scanner
Having started by saying that hacker protection depends more on common sense and effective process than on security tools, there are some security tools you definitely do need. For most SMBs the easiest and most cost-effective way to get them is to sign up for a website vulnerability scanning service.
These are provided by a range of vendors and each vendor will have their own take on the service, but absolutely any decent website vulnerability scanning service should include an anti-malware scanner and a web applications firewall.
You might also want to consider signing up for a DDoS mitigation service. These work along similar lines to firewalls but only activate when a DDoS attack is detected. They then help the firewall to process large volumes of traffic quickly.
For completeness, you can argue the toss about whether or not DDoS attacks are, technically, hacking. You must, however, be realistic about the fact that they have the potential to cripple your website, not just during the attack, but long afterward. Keep in mind that the search engines measure both page-load speed and user engagement and use them as part of their ranking criteria. If they detect that your pages are loading slowly and/or that users are leaving your site quickly.
Last but definitely not least, you also need to organize an anti-malware solution with an integrated firewall for all your computers and mobile devices. If you have remote or mobile users, then you need a VPN too.
Manage your users carefully
In simple terms, you want to give any user the minimum level of access necessary to complete their assigned tasks. Only a small percentage of all website users will need admin access and these users should be vetted carefully before they are trusted with these valuable credentials. They should also be educated, managed, and monitored appropriately.
Please click here now to have your website scanned, for free, by cWatch from Comodo.