5 steps to website security for your small business

Security best practices

No matter what sorts of products or services you offer, website security should be a cornerstone of your online presence. Even if you don’t sell products or collect customer data via your website, it is a key point of presence for your business.

Website security matters because there are so many bad actors and dangers out there on the web—malware, hackers, distributed denial of service (DDoS) attacks and more. If your website gets attacked, it might be down for days while you restore the content.

Even worse, you might need to redo all the work you invested in your website if you weren’t diligent about backups. In the event of a breach, you would hate for a hacker to deface your website with inappropriate content because that could damage your reputation in the market. If your site is compromised, it might be blacklisted by Google, which is a disaster for search engine optimisation.

The good news is that it’s easier than ever to run a secure website as a small business owner. Here are five good practices to follow:

  1. Strong passwords and two-factor authentication

Using a strong password for your account with your website host and any third-party tools (Google Analytics, social media, etc) that you use can help safeguard your digital presence from attacks. A long password (16 characters-plus) with a mixture of upper- and lower-case letters, numbers and non-alphanumeric characters will be hard for anyone to guess or ‘brute-force’.

password manager such as 1Password or LastPass enables you to store long, complex passwords without having to remember them. Two-factor authentication (2FA) adds another layer of security by requiring an extra step when you sign into your account or try to edit sensitive information like your password. An example is a code sent to your phone via SMS or generated on an authenticator app (like Google Authenticator or Authy) on your phone when you sign in.

  1. Host with a reputable company

Website security begins with where you host your website, so look for a service provider with a good track record. You can look at hosting on a website builder, like GoDaddy’s Websites + Marketing. You’ll have the tools to design and update the content on your website, while the hosting company looks after the security and most other technical details in the background.

Business owners that need more flexibility than they can get from a website builder will usually build their websites with a content management system like WordPress. Maintaining and securing the website can be complex and time-consuming if you are not a technical professional.

You can opt for managed WordPress hosting from GoDaddy for most of the day-to-day site maintenance and upkeep. GoDaddy will back up your site every day and keep it secure by ensuring you’re always on the newest version of WordPress with all security updates applied. The Website Security in the Ultimate and Ecommerce plans finds and removes malware before it does damage.

  1. Do your backups regularly

Website backups and secure storage are another important part of your website security toolbox. You should back up every file, folder and database in your site, so that you can restore your site quickly if you’re hacked, the servers crash, or if you simply accidentally delete a lot of info. GoDaddy’s simple, automated website backup services make this easy for you.

Even if something goes wrong, you can quickly restore any lost or damaged files with no disruption to your business. You can also download copies of your website backups to local storage. You’ll have control of when your daily backups take place. Set it up, then forget about it and just focus on building your business.

  1. Scan your site for malware

Malware is no fun and anyone on the Internet can be a target. Some malware variants are designed to steal your data, like logins or personal information. Others hijack your computer or worse. It is worth investing in a service that scans and monitors your site for malware.

GoDaddy’s Website Security, for instance, checks your website at predetermined intervals for malware, blacklists and uptime so you don’t have to. If malware is found on your site, the team can help you remove it. It can also help to protect your site from DDoS attacks and other issues.

  1. Convert your site to use Secure Sockets Layer (SSL)

SSL is a must for every company with an online presence. SSL stands for Secure Sockets Layer, and it encrypts your users’ data as it moves between their browsers and your servers, meaning that hackers can’t intercept and steal it.

An SSL certificate inspires trust and shows visitors that you value their privacy. Most savvy web users will look for the padlock icon and the https:// prefix in the URL address when they visit a website. Getting a ‘not secure’ warning on their browser when they go to your website will frighten them away.

Plus, search engines like Google rank https-encrypted websites higher in their search results. SSL is required by most merchant account services – you’ll need one if you plan to accept credit cards on your website. An SSL certificate contains the following information:

  • The certificate holder’s name
  • The certificate’s serial number and expiration date
  • A copy of the certificate holder’s public key
  • The digital signature of the certificate-issuing authority

There are two parts to setting up SSL: obtaining a certificate and implementing it on your site. Getting a certificate is easy; for example, GoDaddy provides them as a yearly subscription. Once you have a certificate, you’ll need to link it to your site.

Website security to protect your reputation 

Your website is the first place many people will encounter your business. Keeping it secure is essential to building trust in a world where so many interactions have moved online. Some simple precautions, as outlined above, are all it takes to keep your website secure and running smoothly.

Image by: Icons photo created by 8photo - www.freepik.com

Selina Bieber
Based in Dubai, Selina heads up MENA and Turkey at GoDaddy, overseeing the growth of the business and brand in this exciting region. Before joining GoDaddy, Selina headed up media relations across Europe for a large-scale energy project headquartered in the Netherlands and was on the agency-side leading marcomms activities for the likes of Facebook, Verisign Inc and Euler Hermes. Selina grew up in Australia, studying international studies and media at the University of Adelaide before moving to Istanbul and completing a Master’s Degree in Political Science at Boğaziçi University. She also holds a CIM Level 6 Diploma in Professional Marketing. With English as her mother tongue, Selina additionally speaks Turkish and German.