Website Security Concerns
For this article, we sat down with him to know more about the most common security-related matters website owners face and what would be the best piece of advice he can give to our clients.
1. Understand the Responsibilities of Your Hosting Company
While competent web hosting companies implement a certain degree of protection to their servers, they still can’t guarantee full protection or recovery. As such, we strongly advise business owners to learn how to regularly back up their website to make way for a full recovery should anything goes wrong.
Client’s Concern: “If full protection isn’t guaranteed in the first place, then the web development agency must constantly backup my website in case anything goes wrong”.
With this, we advise you to engage reliable web agencies like Verz Design that can provide you with hosting services which come with automatic weekly backups. However, we still recommend that you regularly backup your website, especially if you always update your website’s content. It will protect you from losing important and sensitive data, as a backup will serve as a safety net for recovery of your website especially in the unlikely event that your web hosting company’s backup fails or gets corrupted.
3. Change Your Default Password Immediately
Client’s Concern: “My website went live and my web development agency provided me with a complex cPanel and CMS password. I’m thinking of not changing the password because they may need to access it in the future. If I do change the password, I may just reset it into something that’s easy to remember.”
In terms of your cPanel and CMS passwords, it’s important to change them as soon as your website goes live. Never use a simple or easy to remember the password, otherwise, you’ll be putting your website or business at risk. By rule of thumb, it must consist of letters, numbers, and even special characters. Since access to cPanel and CMS won’t usually be on a daily basis, you can keep such complex password on a Word or Notepad document, and put them on a safe folder in your computer.
In addition, avoid sharing your cPanel password with everyone in your team. If a member of your staff needs to update or manage contents, you can just give them your CMS password to do so.
4. Safeguard Your Visitors’ Personal Data
Client’s Concern: “How do I ensure that my website complies with the Personal Data Protection Act and that I won’t be penalised by the Personal Data Protection Commission?”
Beyond that, another way of providing users with a safe and private environment is by refraining from asking too many personal details, like their NRIC, especially if they aren’t necessary. Keep your request for personal information to a minimum at all times.
Moreover, you must also ensure that you’re fully compliant to Singapore’s Personal Data Privacy Act because once your website gets hacked and a breach in privacy occurs, the PDPC will check the following items below:
- Do you have an SSL Certificate on your website?
- Do you use a Web Application Firewall for your site?
- Do you keep your password complex and secured?
- Who can access the information you collect from the website?
- Are site administrators the only people allowed to access data collected from the website?
- Who is your web hosting company and/or web development agency?
These things will allow them to know if you are using the best practices for your website, or if you’re just saving costs for the sake of putting your business online. Bear in mind that engaging a competent web development agency and a reliable hosting provider is more cost-effective in the long run, with the chances of a breach or attack being reduced drastically.
5. Be Familiar with Malware
Client’s Concern: “I’ve been informed that my website has malware. Can you explain what malware is and what will happen if I do not remove them? Is there any web hosting provider that can guarantee a malware-free website?”
Minor malware-related incidents may cause the web hosting company to suspend the website or limit its admin features, including not being able to edit the CMS, and disabling all enquiries and orders.
When malware starts to occur on your website, we strongly recommend you to immediately work with a reliable web agency who can remove the malware, at the same time find ways to prevent another one to surface.
Unfortunately, no web hosting company can guarantee that your website won’t suffer from any malware, just like no doctor can provide you with an all-in-one vaccine which can protect you from all known illnesses. However, most web agencies or hosting companies offer website packages that include support to remove malware.
If you think you need professional help on your fight against malware, talk to us.
6. Be Careful About Some Bad Computer & Internet Habits
Client’s Concern: “Apart from learning to regularly backup our website and to keep our password complex, is there anything else we need to know?”
- Not ticking the “remember password” checkbox when logging in
- Avoiding cPanel and CMS access on Cyber Cafes, free computers on airports, public networks, and more.
- Equipping your computer with reliable anti-virus and anti-malware software
7. Know That Anyone is Prone to Attacks
Client’s Concern: “I am only a small business owner, and only a few people visit my website. I am sure my website won’t be prone to hackers or malware. I don’t even see any news about small websites being attacked by hackers or malware.”
Even if you aren’t able to read or hear about any news on small websites being attacked, it’s unwise to assume that there are little to no cases about them. In fact, there are hundreds or thousands cases of SME websites being affected by malware. In this day and age, it’s always better to be safe than sorry.