Part of our role as consultants is to understand what our clients need and how best to support them and their business by providing strategic and creative marketing, pr or advertising services.
But we know how important it is that the core foundations are in place. Website and business online security is hugely important, especially if you are an eCommerce business or handle personal information.
We as a consultancy take the pressure off our clients by knowing categorically what needs to be done for each specific website. Making sure our clients not only comply with the law and GDPR regulations, but have everything in place so they don’t need to worry about security risks.
When we create a website, it has many roles. It has to hit client KPIs, be the client’s online shop window, but before that, it needs a solid foundation. We’ve put together these five top checks to keep your website secure and visitors protected. They are the basic steps; just like locking your business's physical front door at night, and putting the alarm on. This won’t necessarily stop your site from being attacked or hacked, but they can dramatically reduce the risk.
1. Keep all Platforms updated
We know how hackers can easily find vulnerabilities in your software, so that’s why we ensure updates happen as standard, where possible. This also goes for any plugins your website may be using, as they act as another entry point.
Failing to do this can result in intruders and malware taking advantage of your site. Whenever there is an update available, we install it immediately. This will also update any security patches, which makes it harder for your website to be hacked.
2. Use a staging site and back up your site regularly
As you’d protect any valuable documents or files, we also do the same with your website. If a website has been hacked and injected with malware, the most secure and cost effective way to restore it, is from the most recent backup. Therefore we ensure that the hosting server is being backed up regularly.
3. Using a reputable hosting provider
We ensure that we provide 24/7 access to experts who can help if you get attacked, or if your site goes down out of hours. We also make sure we provide security scanning, allowing us to proactively check for any weaknesses on sites before hackers find them, and provide us with vulnerability reports for us to act on.
4. Limit user access and check passwords
Assign different access levels to staff and install permissions restricted to certain areas on the website. If your staff/users don’t need to access sensitive areas, it’s a good idea to put permissions in place.
Looking for unknown users is also a good health check for your website. You will probably only have a limited amount of users editing your website, so it’s easy to look at your user log and make sure there aren’t any unidentified users registered.
We use long, secure passwords – 16-digit jumble of letters, special characters and numbers that aren't replicated anywhere else. You can then store the password offline on a different computer, hard drive or use a password management site. 80% of data breaches can be traced to weak, reused and stolen credentials.
2-step verification is now the most secure way to password protect valuable portals. This acts as another layer of security protection. It requires you to enter a time sensitive verification code after you’ve entered your username and password. We would always advise that you always enable this functionality where possible across all websites and apps with administrator privileges.
5. SSL Certificate
SSL stands for Secure Socket Layer. An SSL certificate is used to ensure a secure and encrypted connection between your website and the visitor’s web browser. When the SSL certificate is used, it activates the padlock and https protocol (as standard on a website you will have http, but the ‘S’ stands for ‘secure’). HTTPS guarantees that users are talking to the server they expect, and that nobody else can intercept or change the content. These security measures provide a secure connection, typically allowing for a secure credit card transaction, data transfer and logins. This is now required by law through GDPR. The regulations are complex but include clear guidelines. All data transfers must be encrypted if you process any kind of personal data online – you will not be able to ignore it. But that’s where GoGo takes over. We make certain that all necessary actions and procedures are followed as standard, which then allows us to do our job.
Expert tip: SQL injection
We know SQL injection is one of the most common web attacks used by attackers at the moment. It’s used to steal sensitive information from websites. While SQL Injection can affect any data-driven application that uses a SQL database (the language that allows your database servers to store and edit the data on it), it is most often used to attack websites.
Our developers can prevent SQL Injection vulnerabilities in web applications by using parameterised database queries with bound, typed parameters and careful use of parameterised stored procedures in the database.
We do this as standard, enabling us to get on and do some awesome marketing for your business whilst you concentrate on your business safe in the knowledge of the security of your website.