Security doesn’t just stop with your company data in or out of the Cloud. It goes further than this – including to your website(s). Whether you have coded your own (kudos to you!) or use a CMS – (Content Management System) such as WordPress or Wix, the website won’t protect itself; they need as much care and attention as any data you look after “offline”.

Website security is quite commonly overlooked as websites are more often than not considered a ‘set and forget’ resource. Just like your other business IT systems, your website requires regular maintenance and upkeep to ensure it is up to date and secure. If your website isn’t secure, it makes it easy for hackers and cyber criminals to get into it and install malicious code (this can pass onto any user’s computer if they trigger it), steal data or even change the entire website design/redirection.

 

Don’t stress!

 

There are plenty of ways to know whether a website is secure – you can check the following things:

 

  • HTTPS:  HTTPS (Hypertext Transfer Protocol Secure) is the primary protocol for sending data between a website and a web browser. Using this protocol is most important when your website is one that requires credentials to log into it. You can check if a website uses it by checking the URL for https:// and making sure there is a small lock symbol before it. If a site does not use this protocol, it will signal this in the URL bar with “not secure”.
  • SSL Certificate (This is the S in HTTPS): Ensuring you have an SSL Certificate (Secure Socket Layer) registered to your website will ensure that any data flowing between your website and a user’s web browser (over https) will be kept encrypted and unreadable by any hackers or malware. There are different levels of SSL Certificates depending on how secure you want your website to be – for example if you are collecting bank details or any other sensitive information, you would want a high-level certificate. You can confirm if your website has an SSL certificate by clicking the lock before the https in a URL.
  • Updates: Keeping your website updated with the latest versions of plugins or themes will ensure that your exposure to vulnerabilities is much lower. These updates generally patch vulnerabilities that hackers and cyber criminals use to exploit your site. (It will also keep your plugins etc functioning should previous versions become unsupported and cause your website to fall over).
 
  • Backups: Regularly backing up your website, whether to the cloud or an on-premise device will mean that should any issue arise with updates failing, plugins breaking or your code getting corrupted, you will be able to recover your website by restoring it from the latest backup.
 
  • User-Account Management: Know who-has-what permissions. Don’t give someone Admin access to your website if they only need Author-level access. The more users with admin accounts for your site means the more potential for a cybercriminal to get in with all the rights to change everything about your website or access sensitive information stored on there.
 
  • Ongoing Security Monitoring: Some providers are also able to setup ongoing daily security monitoring of your website. This means that if the website is under attack or has been compromised you can quickly act and either ensure the attack attempt isn’t successful or quickly get your site back online if it is affected.
 

Other things to note are:

  • Not using “admin” as the admin user account name.
  • If using WordPress or another CMS, change the default file structure as they can be predictable which is a weakness – i.e WordPress uses wp-admin.
  • Use captcha on any submission forms so you know anyone filling them out is not a bot trying to spam you.
 

Most, if not all of the above can be easily managed by your IT department or Website manager. If you have any questions or feel you would like to gain more information on this topic, ONGC will be happy to review your current website or discuss the options for website support and management.