How secure is your website? 5 things you can’t ignore.

Wednesday, 5 August 2020  |  Posted in: Most Recent, News  |  7min read

With a number of high-profile cyber-attacks during the emergence of the COVID-19 crisis, including pro-longed cyber-attacks targeting government and businesses, Australian businesses have needed to become increasingly vigilant when it comes to information security and cybercrime.

These attacks are part of a dramatic increase in cybercrime that Australian businesses seem particularly vulnerable to. A 2020 independent analysis ranked Australia 6th on a tally of ‘significant cyberattacks, having recorded 16 such attacks in the last 14 years.

While the motivation for any given attack may be different the outcomes are often dire for the business being compromised. Recent hacking attempts have resulted in the sharing of online currency scams from company accounts, data breaches leaking internal and customer information, employee or organisational blackmail or even access to compromised websites being sold on the dark web.

While it is scary to think of what a hack of your own business’s website might result in, it is important to know that protecting yourself is easier than you might think.

Most hacking attempts are opportunistic and seek to exploit common vulnerabilities in websites and website infrastructure. Keeping an eye on your website security and regularly updating your website is often enough to deter opportunistic hackers as they seek an easier target.

In this blog, we look at 5 things to consider when looking at your website security to keep it current and prevent illegal access to your online assets.


1. Dedicated hosting

One of the best things you can do to protect your website and other online applications is to update your hosting arrangements. We have highlighted the importance of hosting in maintaining your security in previous blogs where we have discussed the differences between shared and dedicated hosting environments.

Shared hosting environments trade away performance and security in return for a cheaper service because, as the name suggests, you share that environment with other organisations. If anyone of them gets compromised, then your business is also at significant risk. By some estimates, it can take less than three minutes to break through from one site into the shared server itself and delete the contents of every website sharing those resources.

While steps can be taken to improve the security of a Shared Server it will never compare to Dedicated Server, where all the infrastructure is yours alone and you are not reliant on other businesses doing the right thing. Click here to find out more about how to migrate to dedicated hosting.

Scan your website to understand your risks

Book your website security assessments with The Digital Embassy starting from only $450 ex GST.

Take action today to quickly identify risks and prevent intruders from accessing your website and sensitive information.



2. User and password management

Poor passwords are still among the leading causes of website compromise. Most website platforms now include robust user and password management systems that encourage complex passwords but the most hacked passwords still remain things like 123456 and password.

Every person that manages your business’s website should have their own login username and password combination and all passwords should be forced to include a combination of letters, numbers and characters. While it can make a password harder to remember a complex password is essential to keep unwanted visitors out of your website.


3. Update your platform and plugins

Websites and their plugins are regularly updated to improve functionality, introduce new features and, importantly, to address any identified security vulnerabilities. Not keeping these elements up to date, a process known as patching, identifies clear areas for hackers to exploit and gain access to your website.

The complexity of your website and the number of third party plugins and integrations included will determine how complex your patching process will be, and how often it should be run. We recommend using staging servers (or private testing servers) to test any patch works, does not create new security or design issues in the website and does not break any of your website’s functionality. If patching in a secure and private environment goes without a hitch than these changes can be committed to the live site.


4. Install an SSL certificate

For a long time, many organisations overlooked a Secure Sockets Layer (SSL) certificate as it was seen as something only required by eCommerce websites but Google’s insistence on this important credential has made it an important part of your website infrastructure.

On the surface, an SSL certificate is the difference between https:// and http:// but this apparently small change in your business’s URL hides several security measures that help your website perform better and remain secure.

An SSL certificate’s main role is to encrypt data as it moves between one location and another. For example, between your website hosting server and your user’s browser or between the form fields on your website and the database back on your server. Encrypting this information prevents it being intercepted, keeping you and your users safer.

SSL certificates need to be purchased and require several authentication and verification steps so seeing one on a website indicates that the owners of this website have completed sever steps to maintain your security on their site, which builds trust with users.

Google’s insistence on the use of SSL certificate by all sites has also meant that it has been included in Google’s search result determination. Two identical sites where one has an SSL and the other does not will always see the SSL secured site rank higher, this simple bias has meant that good website security is considered a vital component of your search engine optimisation activity.


5. Regularly backup your website

Backups are sometimes not considered part of the picture when it comes to website security but they play a vital role as a point in time to restore your website from if things go badly.

Regular backups of your website secure the 1000’s of hours of work that went into building your website and it’s content and is the last resort during an attack or automated hacking attempt.

Even if unsuccessful, hacking attempts that make use of malware can permanently damage website files which can be easily recovered from a backup if need.

There are lots of ways you can create and store backups of your website, or even your whole server, but configuring these can be difficult. It is often best to discuss your current backup plan with your web development team.


Website security is vital to your organisation

These five elements of your website security make a good foundation but it is vital that your business’s website security is reviewed regularly and updated often by your team or digital agency.

While your website might only be a simple website without eCommerce or other complicated functionality it still represents an important part of your business that, if it were to become compromised or deleted, would have a significant impact on your company and your business.

Many also underestimate the ability to use a website as a door to the otherwise secured internal networks of your business which contain confidential and protected information. Refusing to take your website security seriously potentially leaves this door open and invites attacks that will compromise not just your website, but your entire business.

Don’t leave your organisations website vulnerable to cyber threats

Book your website security assessments with The Digital Embassy starting from only $450 ex GST.

Take action today to quickly identify risks and prevent intruders from accessing your website and sensitive information.


Ready to talk about your requirements?

Phone us on 1300 375 368 for an obligation-free chat with a digital specialist about how we can help to scale up your business online.

[contact-form-7 id="120" title="Let's Talk"]
This website uses cookies to improve your experience. By using our website you consent to the use of cookies in accordance with our Privacy Policy
Read More