5 Ways Small Businesses can Improve their Online Security
Every year thousands of businesses fall victim to cyber-attacks, security breaches, and loss of information. Understandably large organisations take measures to limit security issues of this nature, however there’s no reason why small businesses can’t do the same if they’re smart about where they put their dollars.
In this article we’ll show you 5 quick and easy ways to ramp up your online security. From applying an SSL certificate to your site, to advanced user management, we’ll show you that improving your online security is something you can do without too much effort.
1. Your website needs an SSL certificate
Chances are when visiting your favourite sites on the Internet you’ve noticed a green “Secure” message, a lock icon, or the name of the site you're visiting with a “https” protocol at the beginning. What this means is that the site you’re visiting has an active SSL certificate which is protecting the site from unwarranted transmission of information.
SSL certificates are easy to purchase, setup, and come in a variety of options. For example, if you want to purchase an SSL certificate that protects a single site you can do so for around $100/year. The next step up is what’s called a UCC/SAN SSL certificate which allows you to protect around 5 sites for around $200/year, and if you need to, you can implement a Wildcard SSL which will allow you to protect as many subdomains as you like for around $400/year. Pretty affordable right?
The cool thing about SSL certificates is that they not only protect your site from SQL injection attacks and the like, but also help you rank higher on Google which is becoming more and more a key factor in Google’s assessment of your website.
2. Backing up your data is key to your online success
These days backing up your data is no longer a hassle. With everything “in the cloud”, you can schedule regular backups of your data to occur as many times as you would like, provided you're willing to pay for it.
Services such as Amazon’s Web Services (AWS) are a great solution here, because you can not only build your site within a highly scalable environment, but back it up to the cloud and not have to worry about any on-site management of your data from the same location. Even if you’re not particularly skilled in this area, cloud experts such as the team at OSE can set this up for you in such a way that takes so little maintenance you’ll wonder why you never considered this route before!
The reality is, in the age we live, you’re crazy if you don’t have a data backup and recovery strategy in place. For one it’s very cheap to implement, and two it’s very expensive to restore data if you don’t have one. It’s kind of no brainer. So if you’re looking for a quick and easy way to improve your online security, this should be your number one go-to option.
3. Get a security audit done on your website
It’s surprising how many organisations have not run a basic security audit on their site. Usually it’s because management places too much trust in web developers, or don’t understand the industry, and we get that. Commonly when you run a security audit across a site you may only pick up a few minor things, but there have been instances where we’ve seen major organisations with huge budgets discover seemingly minor security blunders have been made which if in the wrong hands could be disastrous. For example:
- Usernames, passwords, and other important details have been left commented out in the source code of pages
- Server passwords uploaded to publicly accessible code repositories such as Github
- Easily mapped AJAX-based code has allowed for hacking of databases
- Secure information posted to the user via online forms, and
- Server passwords left in hidden variables in the source code of pages
These simple mistakes are just a handful of the kinds of things a website security audit will expose. So no matter how large or how small your organisation is, it’s good practice to get a security audit done from time to time to eradicate any future headaches of this nature.
4. Review your host’s security performance
If you take a look online, you can host your website for as little as $1/month. As awesome a deal as this sounds, my suggestion to you is to do your research first, even if it’s a special offer from a major hosting provider.
You can literally lose hours looking at reviews of hosting sites online, but be warned, a large number of these review sites are paid review sites and do not fairly evaluate website hosts. A quick Google and a few seconds later and I found a handful of sites like this and to be honest it’s very hard to know which of these sites are not paid by the hosting vendors to say nice things about them.
Our recommendation is to stick with well-known brands, and definitely talk to an expert. If you have the technical know-how, you should also consider what software and security measures are undertaken by your host autonomously to protect your data. Let’s face it, hosting companies are subject to attacks both big and small every day, and you need to know that you’re not going be adversely impacted when you aren’t necessarily the focus of an attack, but your host is.
5. Consider advanced identity and access management tools
You may not have heard of identity and access management tools, but if your site has a user base and a login mechanism it may be something worth considering.
For example, if you’re an AWS customer, Amazon has a tool called Identity Access Management (IAM) that allows you to securely control who can and cannot access certain areas of your site, resources, and so on, using purpose built technology…(and the best part is that it’s free to use if you’re already using any other Amazon product!).
Tools such as this can be an excellent way to manage large user bases, provision access to resources for both public and internal consumption, whilst not having to worry about how sensitive information is stored or whether it’s being remotely accessed.
Although a relatively new concept to the developer community, consider talking to an expert about IAM based solutions for your site, as this can be a great way to keep out uninvited guests and keep your online security in a healthy state of being.