Security and business go hand in hand. If you had a brick and mortar location, you would lock the doors at night and install some security cameras, wouldn’t you? It would be considered foolish not to. Yet, when it comes to a website we don’t necessarily talk about security in the same obvious way. This may have to do with differing levels of understanding of what actually goes into protecting an e-commerce operation or informational site. Often, the response is “Oh, IT takes care of all that stuff.” And that is usually the case. But, it’s important for business owners to know how their sites can be better secured even if they aren’t actually performing the implementation of these practices themselves.
Cybersecurity is gaining more mainstream attention for many reasons, whether it be political discussions or the reality of an ever more interconnected world. While you may not be running a bank or some other kind of high profile business that you think would make you a target, the truth is small businesses are targeted with fair regularity. In fact, 43% of cyber attacks actually target small businesses. Additionally, 48% of data security breaches occur due to malicious actors rather than human error.
All of this is to say that it’s important to fortify your website within reason. While you shouldn’t be losing sleep at night over it (making sales and generating leads are far more pressing concerns) it’s good to take the right steps to bolster your security for some piece of mind.
How Your Hosting Company Helps
You may notice that your managed VPS or dedicated server comes with a level of complementary DDOS protection. DDOS attacks, essentially an attempt to knock your website offline with a flood of artificial traffic, are a very common malicious event that affect many organizations every year. Your hosting company can’t guarantee protection from every kind of attack, but many of the major causes are covered. These include UDP floods, NTP amplification, DNS amplification, Syn flood, volume based attacks, and fragmented packet attacks.
Configure cPanel Appropriately
At the server level, your cPanel access does give you a measure of control over how your installation handles nearly every kind of security configuration you can think of. The company has actually put out an extensive list of recommended settings that you may opt to follow. It is a bit of a deep dive. Your individual use case may mean some of these recommended settings won’t work for you, but unless you have highly specialized reasoning for that, it’s a good checklist to stick to.
A few years back this may have seemed like going the extra mile, but every modern browser nearly shames you into using HTTPS and with good reason. Ever notice the pronounced green lettering and lock next to a URL in Chrome if the site uses HTTPS? Going to a site without this seal of security feels almost dangerous in 2017. Ever since Google made the switch to HTTPS for all search traffic, Blogspot, and Gmail, it’s become expected that your site uses this security protocol as well. While it’s especially important to invest in an SSL certificate (which will get you this HTTPS designation) if you have an e-commerce site because you’re handling sensitive credit card information, there’s really no reason not to invest in one no matter what kind of site you have. SSL certificates don’t cost much and they’ll pay for themselves with improved customer confidence and SEO value.
Keep Software Up to Date
Best cPanel practices are good for securing your site in the backend as is making the switch to HTTPS. But that’s the server itself. What about what you’re actually putting on that VPS? The software that makes up the customer facing part of your site, such as a CMS if you choose to use one, has to be maintained as well. An outdated CMS is a major risk factor when it comes to having your site compromised. Most websites run a CMS of some kind, with the big names being WordPress (the most widely used), Joomla, and Drupal. These are open source technologies which mean their source code is public and ripe for exploiting. This doesn’t mean you should avoid using a CMS. It certainly makes creating and updating your site a lot easier. But you must be diligent in running software updates, including updating whatever plugins or add-ons you’ve also installed to improve your site’s functionality.