Recently I had the opportunity to speak on a panel at a Cyber Security Awareness Conference in Waterloo, IA. While I won't even pretend to understand all of the nuances of cyber security, I was asked to shed some light on a topic I am much more familiar with, website security. I realized this information could be helpful to many businesses who are currently responsible for managing their own websites. So let's jump in to the three questions all businesses should be asking themselves about their own websites.
1. Where is my website hosted and who manages it?
When I say "hosted", I'm referring to the physical server where your website lives. It may seem crude, but all the content on every web page you view actually resides on a physical server, typically in enormous warehouses, somewhere around the globe. The most common situation is that companies will pay a hosting provider (i.e. GoDaddy, Bluehost, inMotion) to host their websites for them along with maintaining the server the website is hosted on. Your hosting provider will typically charge a monthly fee and in return you'll receive server space for your website, website support, and potentially a plethora of other services.
While there is no trump card when it comes to website security, where you decide to host your website is the most important factor. When you understand what a hosting provider is actually doing, you're trusting them to not only keep your website secure from potential attacks, but also the server where your website resides. In many cases, hosting providers will throw your website on a shared server with hundreds of other websites, each one with the potential to create vulnerabilities that could in turn affect your website.
If you understand the importance of keeping your website secure, fast, and running efficiently, don't skimp on hosting! The sad truth is that often times companies will choose the least expensive hosting option because they don't fully understand what they're paying for. In my opinion you are setting your website up for failure if you choose a cheap hosting company. You will run into problem after problem and won't get the support you need. Set aside the budget ($100-$200/month) to pay for proper hosting. You'll be glad you did.
2. Who maintains my website?
Today many websites are built on one of three popular CMS platforms, WordPress, Drupal, or Joomla. Just like your phone which uses installed apps to do new and exciting things, these CMS platforms utilize plugins and extensions to extend the functionality of your website. Things like shopping carts, newsletter signups, lead generation forms, and social media feeds, are all examples of tools that are being used to make your website better. AND just like your phone which needs constant updates to the apps and operating system, your website requires updating as well. The CMS platforms, plugins, and extensions are constantly releasing new versions that require someone to login, update, and test your site after updating to ensure everything is running smoothly.
In our experience the number one cause of websites getting hacked is out-of-date plugins and extensions. If you are in charge of maintaining your website, you need to carve out the proper time to keep it updated. If no one is taking the time to do this you are opening your company up as a likely target of malicious attacks.
So what can you do? Some hosting providers will maintain your website for you at an increased cost. Often times this is the best solution as you are keeping the website in the hands of professionals who understand the ins and outs of your website and know how to respond to issues if they arise. Some web agencies will offer full-service hosting packages in which they will host your website AND keep your CMS platform up-to-date. In my opinion this is the best solution. Take advantage of those packages. You will rest easy knowing your website is in the hands of professionals.
3. Does our website have an SSL certificate?
The question used to be, "Does my website need an SSL certificate?" Now you should be asking if you have one or not. If you don't have one, get one today! No matter what kind of business you own, in our experience this is a minimum requirement if you want to keep your website secure. If you don't know what I'm talking about, an SSL certificate is a bit of code on your server that provides a layer of security. When a web browser contacts your website, the SSL certificate provides an encrypted connection. It's kind of like sealing a letter in an envelope before sending it through the mail. If you've ever visited a website and seen a padlock next to the URL with a message saying "Connection is secure," that means that website has an SSL certificate.
So how can you get one? If you choose a good hosting provider often times SSL certificates are included in the monthly cost or as a free add-on. If not you may have to purchase one through your current hosting provider.
As a best practice we require all websites we build to have an SSL certificate installed and include that in our monthly hosting fee. Not only does it add an extra layer of security, but SSL certificates have other benefits, most notably that Google gives a "boost" to secure websites over non-secure websites. So by installing an SSL certificate you are essentially improving your search engine rankings, or at least increasing the chances you'll appear above other sites that are not secured.
So if you're managing a website today, ask yourself these three questions. If you're unsure of the answer or need help, contact us! At IFC we offer full-service hosting packages on our very own dedicated servers.
Tony Kraayenbrink is the founder, owner, and website guru of IFC Studios. Outside the office he loves soccer, Sour Patch Kids, and is endlessly inspired by his amazing wife and children.