Website Security in 2018

Your website is critical to your business, whether you're an e-commerce retailer or a brick and mortar store, your website is the face of your business. The constant increase in the number of malicious bots, code and users put your company and your website at constant risk.

On average, websites experience 59 attacks every day, any of which could block your website from appearing on a search engine, take it offline completely, or compromise your customer's sensitive data.

However, there's no need to worry, securing your website can be quite painless with just a few key steps.
 

  1. Install an SSL certificate to secure data passed through your site.
    Using a security certificate will make your URL appear as 'https://website.com' instead of 'http://website.com' and will ensure that any data sent through your contact forms, login or registration pages or payment pages cannot be intercepted by hackers. (Notice the 'S' in the 'http' portion of the URL)

    As of January 2017, websites without an SSL certificate will appear in Google search results as "Not Secure". Starting in July of 2018, websites will also show "NOT SECURE" in the browser address bar as users browse each page of your site.
     
  2. Use CAPTCHA on forms to block spam and hacker bots. Without some form of validation that a user is a real person, bots can submit thousands of spam posts to your site daily. In some cases, they can use these bots to exploit your forms to get information from your database, or even take control of your entire site. Chances are, you've seen some form of a CAPTCHA while browsing the web before. Until recently, CAPTCHAs were often blamed for low conversions because users had to type some obscure text or solve a math equation. Google's reCAPTCHA has solved this problem by providing a simple checkbox for users to confirm, "I am not a robot."
     
  3. Generally, a large uptick in web traffic is a good thing, but in some cases - it can be a bad thing. In the event of a DDoS attack, your website can be knocked offline by a flood of illegitimate traffic; this can also throw off analytics traffic reporting.

    This problem can be prevented by implementing a web application firewall (WAF), which lives on your server and scans for this type of traffic, then shuts it down when it occurs.

    Alongside a WAF, serving your images from a content delivery network (CDN) ensures that your traffic is distributed to servers nearest your viewer. Serving from a CDN prevents swarms of traffic from all hitting the same server and has an added bonus of decreasing load time for your visitors.
     
  4.  A complete security plan should always include a website scanner that continuously watches for and removes malware. In Q2 of 2017, 4 out of 6 major malware trends specialized in quietly infecting websites and remaining undetected.

    These different types of malware can damage your business in a variety of ways, from stealing your customers' data to landing you on Google's blacklist and ruining your search reputation.
     
Talk to us today about securing your website and safeguarding your business's reputation.