Security Measures for Your Website

  • Ethical Web Design
  • Tech & Code

In a world ruled by data, privacy and security become a very important concern. Many, if not most, of your daily actions are monitored and tracked using technology. As an individual, your data is used to sell you products, influence your opinions, and it also has the potential to be stolen. For an organization, the latter is usually more of a concern.

As a marketer, it’s essential to make sure your website is secure for your users. In terms of your business, you want to make sure your company’s information is protected from hackers and security breaches.

Here are some security measures you can put in place to protect your website, company, and users.

Get an SSL Certificate

Have you ever noticed that some websites begin with HTTP:// while others with HTTPS://? What does the additional “s” mean for your website? 

You’ve probably noticed that some websites have a lock icon next to their URL. The lock icon is a well-known way to tell whether a website is secure, which is exactly what the extra s stands for. When you see a website page start with HTTPS:// you can be sure that your data is encrypted and secure.

To ensure that your website URLs begin with HTTPS:// you need an SSL certificate. If you don’t have an SSL certificate, visitors will get a warning that your site is potentially dangerous, making your website and business less appealing and trustworthy.

What is an SSL Certificate?

SSL certificates are small data files that bind a cryptographic key to your website. Crypto what? A cryptographic key is essentially a string of characters used within an encryption algorithm to alter data so that it appears random. That way, the information between your web server and browser remains “locked”.

The idea is that the information you put on a website, what is known as plaintext, is altered using this cryptographic key which then becomes ciphertext.

An SSL certificate will protect credit card information, usernames, and passwords – a minimum requirement to build trust with your users.

Be Careful of Mixed Content

Mixed content is when a secure web page contains linked content such as images, styles, scripts that are served through an insecure HTTP protocol. It’s basically when your page contains both secure (HTTPS) and insecure (HTTP) content.

When you have mixed content, you are putting your site in danger because someone with access to your network could easily take control of your entire page, not just the compromised (HTTP) resource. This is a security risk not only for your website but also for your users. 

The severity of vulnerability does depend on whether it’s passive or active mixed content, active being the most dangerous. Most web browsers will block active mixed content; however, passive mixed content can still provide hackers with an opportunity to compromise your privacy.

Google now blocks HTTP content on an HTTPS website, which will, in turn, reduce your SEO ranking, reduce your ad views, and attract fewer visitors. So how do you know if you have mixed content?

To check if your website contains mixed content, you can use:

  • JitBit SSL Checker – A free online scanner tool, JitBit will check up to 400 pages on your website for insecure images, styles, and scripts that trigger a mixed content warning.
  • SSL Insecure Content Fixer WordPress Plugin – this WordPress plugin will help you solve content warnings and clean insecure content.

If you do have mixed content warning on your site, to fix it you should:

  • Remove the resource altogether, meaning the video, image, audio, etc.; or
  • Download the resource and host it on your site directly.

Use a Password Management System

Another way to keep your website secure and protected is to use a password management system. There is software available that can manage all your passwords as well as offer additional security.

Some examples:

  • Dashlane
  • 1Password
  • Last Pass
  • Keeper

These management systems make it easy to create strong passwords that are unique for every website. Along with using password software, there are additional measures you can take to increase security.

2 Factor Authentication

Two-factor authentication (2FA) or multi-factor authentication is when you can only sign in to a website or device once you provide two or more other pieces of information. It can be a code that is sent to your phone number. It can be a code given by your password management system that changes every 30 seconds. It can even be a security question.

Changing Passwords Frequently

Another thing you and your team can do is make sure to change your passwords quarterly. This might seem like an extra headache, but a password management system makes password changes a breeze. You don’t even have to remember any of your passwords except the master key that unlocks them. Trust me! It’s worth the small investment, plus for individual use a lot of them are free.

Backup Your Data

You never know what could happen to your data. Your laptop could be stolen, you could be a victim to a ransomware attack, your hard drive could crash, or worse case, it could literally go up in flames. That’s why you should take different measures to protect important files and information.

Especially now that most people are working remotely with laptops, it’s crucial to make sure you have a backup. That way, if your device ever gets stolen, you can quickly deauthorize it and activate remote erase, while ensuring that you still have your info in a safe place.

How do you backup your data? There are a two different ways:

  • Physical backups such as a hard drive or memory card
  • Cloud backups such as DropBox, SkyDrive, or CrashPlan

One of each is the best way to ensure you won’t lose data. Keeping a physical backup in a different location is also a good idea.

Keeping backups of data might seem like a lot of extra work for something that might not even happen but better safe than sorry. Trying to restore data doesn’t always work, but backups will always have your back (pun intended).

Update Your Software

I know it’s tempting to delay software updates. I get it. If you’re busy working, the last thing you want to do is update your software. But you shouldn’t put it off for too long. These updates can actually protect you from malware attacks.

Cybercriminals will use software vulnerabilities to gain access to your website and its data. The thing to remember with cyber threats is that they are constantly changing, which is why many software updates will contain revisions to better protect you against the latest threats. 

Here are some ways to get better at updating your devices:

  • Enable automatic updates in your settings;
  • Try updating during off-hours, so it doesn’t disturb you during your workday; or
  • Take a break! Use your software updates as a reason for your next coffee break (we won’t tell).

Beware of Phishing Attacks

Phishing attacks are becoming more common and sophisticated. It’s no longer just an email telling you you’ve won a million dollars. Now phishing emails can look like a warning from your bank, a security update from your phone provider, or even your boss asking you for a quick favour.

These types of attacks are used frequently to trick employees into giving confidential company info. In the past, it’s been used to get information from politicians or thought leaders. 

Here are some quick tips to avoid an attack:

  • Check the email address to make sure it’s legitimate
  • Make sure the links are from a secure (HTTPS://) website
  • Don’t open PDFs unless they are from a trusted source

Try taking this Google quiz to test your phishing knowledge and get more tips!

The most important thing to remember when looking into your website’s security is that it’s ever-changing. Hackers and other cybercriminals will always find new ways to gain access to valuable information. The best thing to do is update your security measures bi-annually or quarterly to make sure you’re always one step ahead of them.