5 Quick Steps to Increase Your Website Security

July 26, 2018

You wouldn’t leave your door unlocked for strangers to walk inside and steal your important documents, so why would you let your website exist unprotected? Ignorance may be bliss, but when it comes to cyber security, it’s not just your data that needs to be protected – it’s also the information of all your visitors and customers.

Once a hacker gets inside, it’s too late and the damage is done, but on the bright side, there are ways to prevent such malicious attacks from happening in the first place.

We understand that not everyone has a background in computer science and thinks coding is sexy (that’s why we are here), but for those with basic knowledge, here are some quick tips to ensure your website’s security:

1. Update, Update, Update

If there’s a software update available for your scripts or platforms, always say yes. Delaying an update that likely includes better security exposes you to an attack in the meantime. Hackers scan websites to find those that are less updated, and therefore, more vulnerable. Even if an update costs money upfront, it’ll be well worth it in the long run to avoid a costly attack.

2. Put the “S” on It

Browsers recognize website securities by the shorthand HTTPS in URLs. By making sure your website is SSL certified, you will be able to demonstrate to your customers that sensitive information is well encrypted and signal that you are more trustworthy.

Article Image
3. Set up Parameters

A very common hack is a SQL injection, which are put into play when you have a web form or URL that allows for outside users to input information. This means that a hacker can potentially insert information into the query and make their way into your database. As a business, it’s your responsibility to protect your customer’s private information, especially with the new GDPR regulations (link to another post). One of the easiest ways to protect against a SQL injection is by using parameterized queries, or placeholders that only provide the values at the time of execution.

4. Employ Content Security Policy

Similar to SQL injections, cross-site scripting (XSS) attacks are a common occurrence. These happen when hackers input JavaScript code onto your pages, which then affects all visitors to your site who come across it. Like parameterized queries, you can make sure your codes explicitly state what kind of fields are allowed to be input.

Additionally, you can use Content Security Policy (CSP), which directs a browser to know the kind of domains that are valid sources for executable scripts. Therefore, you’d be adding directions for your browser to ignore potentially malicious scripts.

5. Thou Shall Not Pass(word)

Perhaps the most generic word of wisdom is to make sure your passwords are stronger than a whiskey neat. It may surprise you to know that the most common password is still 123456. Use a mix of numbers, letters, special characters, and in this instance, size matters – the longer the password, the better.

If you have a team that accesses your company’s data, ensure they know the rules to make a strong password, because there’s no “ I in team,” so if one person gets hacked, your entire company is now in danger and your data is unsecure.

Cyber security is like an iceberg – we can see only 10% of the dangers above surface, while the other detrimental 90% lies below. The more complex dangers take more expertise to mitigate, but hopefully, from the above information, you will be able to at least enact one step to bring you closer to maintaining a secure website, and in turn, protecting your customers and their information.

July 26, 2018