If you manage your company's web presence, one of your primary concerns should be site security. A hack can not only lead to data loss, but can also impact your search engine rankings when your site becomes a hacker controlled spam machine. Over the last 12 months Google has recorded a 190% spike in the number of websites being compromised by hackers in the San Francisco Bay Area alone. While there isn't a 100% effective solution to keep criminals from accessing your site, you can reduce the chance of a succesful attack on your company's website.
Here are some Simple Steps you can implement Today to Harden your Site Security
SECURE YOUR PASSWORDS
Coming up with a password that is hard to guess or hack by brute force is critical to site security. Your best practice is to only use passwords that contain a blend of letters, numbers, special characters or are part of a secret pass phrase. The number of characters in the password is also critical. The more complex your password, the harder it will be to comprise. There are numerous sites on the web that can test how secure your password really is.
Never use the same password for multiple sites. A clever attacker will start by using any known username and password combinations scraped from leaked password sources to gain access to as many user accounts as they can. If your name and passwords are made available via compromised sites or other hacker resources without your knowledge, your entire network of sites you manage or use can be taken over.
Whenever possible make use of Two Factor Authorization. This adds an extra authentication step to protect you even if your username and password become compromised. Sadly not all websites and services make use of this helpful technology.
UPDATE YOUR SERVER SOFTWARE
Hackers love poorly maintained and neglected servers because they often are chock full of well documented security flaws to take advantage of. Make sure to occasionally check your site for any obsolete code, and install the lastest updates and patches. If you utilize a web server like Apache, Nginx or other business web server packages, verify you have the latest and greatest version of the server software.
If your site runs on a Content Management System (CMS) make sure the modules and plugins installed to the system are up to date. Joomla, one of the more common content management systems, offers one click updates for its core component as well as user installed modules and plugins. If you find extra components in your Content Management System you no longer need, shut them off or remove them - your site will run faster as well as being more secure.
Lastly, stay up to date on security announcements published by the software vendors you use. Often you can be the hero that is aware of a bug or a fix before it becomes a problem for your organization.
MAKE SURE YOUR HOSTING COMPANY TAKES SECURITY SERIOUSLY
A Hosting Company's approach to identifying and mitigating security threats is in a vital component to consider when picking a company to host your business site with.
If you already have an established relationship with a hosting company, get in touch with them to check whether they offer help cleaning hacked sites and restoring damaged sites due to data loss. You can likewise check online client testimonials and reviews to verify whether they have a reputation of helping their customers with security issues and getting them back on their feet after an attack.
If you host your own server inhouse or employ a Virtual Private Server (VPS), make sure you are trained to deal with any security related problems that can pop up. Server administration is tough to do well, and one of the most important duties of a server administrator is ensuring the server hardware and software is up to date and is not harboring a security risk. Unless you have a very specific reason to manage your own servers, you would be better served by using a professional hosting company's managed services packages.
USE FREE TOOLS TO MONITOR YOUR SITE
You can take charge and actively manage your site utilizing free tools. The faster you can identify a potential security issue, the easier it will be to fix your site and avoid data loss.
If your havent already, register with Google to get the Search Console Tool. Google offers this service to help you identify problems on your site such as hacking and spam content. You should also set up Google Alerts for your website to warn you if there is any inappropriate content being served from your web properties. As an example, if you run a site selling car wax called www.bestcarwax.com, you can set up an alert for [site:bestcarwax.com Viagra] to notify you if any spam content about Viagra is being displayed on your website.
You can also use this tool to run multiple checks on your website for a large range of spam terms. Not sure what spam terms to look out for? No problem, just use Google Search to find common spam phrases.