Welcome to 2013, where the year is fresh and there are more hackers on the web than ever before. Let’s talk more in-depth on why you need a secure website and, more importantly, how to secure your website. Hackers are on the move, and their numbers are growing stronger each day. There are so many of them that we now place more money into fixing what they break than we do trying to catch the actual person. It is just less of a hassle. As a website designer/website owner, why do you care? After all, that’s not in your job description. Well, since you’re in charge of the website, consider it the fine print that you didn’t see.
Your website is only as secure as you make it (or more importantly what you don’t make it). “What do the hackers want with my site? I have no valuable information over here.” Everyone has valuable information. It doesn’t matter if you have credit card numbers or pricing information stored in the server about your latest roofing projects. It’s there, and they want it. Think of your closest competitors: how much are they willing to pay for the inside scoop on your company? If they are willing to pay, it’s valuable. So let’s get into what to secure, why to secure it, and how it’s done.
Passwords
Yes, I know: you’ve heard this lecture before. Your password isn’t strong enough, you have to change it after a set time, or maybe it’s just easily accessible. Well, here it is again. Your password is that code required to get into your valuable, and sometimes personal, information. Well, if you make the password to your website 8 characters and all it says is your name, initials, or family members, it doesn’t take rocket science to figure that out. A simple Google search could find some of that out. Passwords are the front-line defense of your website. If the login isn’t secure, neither are you or your business. To make a secure password there are loads of requirements: length, characters (uppercase, lowercase, special characters), and most importantly it is not supposed to be a dictionary word. We all know the length should be 12 characters, and we’ve all heard the character lecture before; but what about this “no dictionary words” rule? This seems impossible doesn’t it? Your name is in fact a dictionary word. Here’s an easy way around this: make your password some sort of phrase or combination of words that really have no relevance to you, but one that you’ll remember. For example, howoldryu?4?. “How” and “old” may be dictionary words, but the odds of a password cracker guessing that entire phrase is unlikely. Brute force attacks would guess it eventually, but not for weeks.
Viruses, Malware, and Google?
Viruses and malware are out there, and your website is perfect for spreading it around. Every visitor to your site could download a virus just by being there. The reason they don’t is you keep it keep it secure…don’t you? Google Webmaster Tools is a great tool, made by the Big Daddy himself. With Google’s Webmaster Tools, you can check loads of things on your site, such as 404 pages and viruses. Wait, what was that last one? This tool will alert you when malware infects your site. We all do not want to be on Google’s bad side, so make sure when you see these alerts you deal with them immediately. Google will blacklist you, and traffic will drop significantly. If that didn’t persuade you enough, consider the lawsuits people will be filing if they find out they got the virus from your site! Not pretty.
HTTPS vs. HTTP
If your site does in fact process transactions, your URL better say https at the front. If it says http, take a look at this article and find out how to get a more secure site. It is a complicated process, but if you process and store credit card information, then having this information encrypted is a must! No, changing is not free, and there is no legal way of getting a free change. If your website does not do purchases, it is still a good idea to change to https anyway if you have personal information. Examine your website and think of the visitors and what information they gave you. Stored or not, does it need to be encrypted? If so, take https into high consideration.
Software Code
“Hey there man, I’m no programmer!” Programmer or not, most (if not all) software has flaws in it. This is partly why programs and applications update so frequently. They could have been made aware of a backdoor/vulnerability and updated the code so you can be more secure. Keep your software up-to-date, or you’ll never get this important update.
On the topic of software, consider some website security programs, such as Symantec’s Protection Suite Enterprise Edition. Symantec is one of the leading security companies out there, and as far as their protection goes, you’re getting your money’s worth. Be sure to place an antivirus/antimalware program on your pc, while constantly scanning it for malware.
Good news and bad news. The bad news is your website is never fully secure, as anything is breakable. The good news is the more secure your website is, the less likely a hacker will target you. Why go through the hassle of attacking a secure website, when you can attack a nonsecure website and save yourself the trouble? Keep your website safe from hackers and give your visitors peace of mind when they visit. An unhappy visitor will not purchase a thing from you. This is a lot to keep track of when you have more business-related things to do, I know. You may need to hire someone to do this for you, if you do not think you’ll have time. Every website needs security, and that includes yours!
Author Bio: Ryan Gavin is an associate with Ignition72, a web design agency in Baltimore. Ryan is a web enthusiast with a focus on website design.