How To Secure Your SME Website

How To Secure Your SME Website

SHARE
Here are some tips to help you protect and secure websites.
small-business -advice

Every SME should have a website, or maybe you host a number of client websites as part of your business model.

What happens when that website gets compromised? How do you restore faith in your business with your clients, or ensure confidentiality on behalf of your clients?

Tip 1: Buy the right stuff

When you purchase your domain from your registrar, fork out for the privacy option. It will help prevent unauthorised access to your personal details as the owner of the domain, which could be exploited by hackers to “fiddle” with domain transfers, password amendments and other riff-raff. Have a look at this GoDaddy link for more info on domain Privacy.

Related: How To Secure Your SME

If you have built-in e-commerce functionality, you must purchase SSL certificates for your site. This adds the strongest possible encryption to all connections between your “buyers” and your website. It helps you protect all transactions through an encrypted tunnel.

The online user will also feel a greater sense of comfort seeing “Https:” in the address bar of their browser. Have a look at these links for more info on SSL stuff:

Tip 2: Pick a reputable company to help you manage it

business-management

There are loads of web hosting companies to choose from. These guys are the pro’s when it comes to hosting your website for you, maintaining its security, managing the required renewals, and giving you ample support.

I would look at the following key criteria, but best to give them a call and discuss your requirements & their capabilities in detail:

  1. Price
  2. Relationships & track record with larger registrars
  3. Support structure
  4. Redundancy & back-up capabilities i.e. what can they guarantee you in terms of website uptime & restoration
  5. Peripheral services such as web design, Search Engine Optimisation (SEO), & security services.

Tip 3: Lock it down

If you host your website yourself on your own web server, here are a few tips to ensure some security:

  1. Keep up to date with all patching on the Operating Systems (OS) & web software
  2. Keep strong passwords and change them regularly – use a blend of upper and lower case alphanumeric, & special characters
  3. Use built-in web server security modules
  4. Use the built-in web server firewall
  5. Use SSL where possible

If you have your own physical firewall appliance/s employed to protect your network and web server/s, then here are some useful firewall tips to help further secure the website/s:

  1. Only allow necessary ports on the firewall/s
  2. Use VPN to remotely administer your servers – don’t allow RDP or SSH access from the internet
  3. Install an IPS in front of the server – block all known signatures
  4. Implement a Web Application Firewall or Reverse proxy with an IPS

Further Considerations

  • Constantly scan your servers – from internal and external devices – there are a number of freeware products available for download. Go here: https://www.scanmyserver.com/ or https://pentest-tools.com/home
  • Don’t install your database and web server on the same host – separate the servers and place them on different DMZ’s on your Firewall
  • If FTP is used for file uploads – consider switching to SCP or SFTP.

Don’t leave your business or that of your clients’ exposed. Understand and protect your website/s, and secure your sustainability.

Related: How To Lock Up And Grow Your SME

Pick a partner that has the expertise, and who is alert and ready for any event. Employ a network security strategy that ensures split-second reflexes. Get a security solution that enables decisive preventative and reactive action. Lock-up and grow!

Mar 1, 2016
Jared van Ast is the founder & MD of 10dot Cloud Security. Frustrated with diluted value propositions. Loves to do things properly. Suspicious by nature and habitually pragmatic. Focused on network security, 10dot works to lock-up SME networks & help them grow. Over 15 years experience in IT & ISP sectors, Jared is hell bent on enabling SME’s to focus on core business. 10dot Cloud Security – The Network Security Specialists.