Simple Tips for Website Security

Written by Jen on January 20, 2017

In recent months, it has been reported that a few big companies websites had been hacked with customer’s information being compromised. This is obviously big news, but sadly it isn’t something new either.

Website hacking has been around since the internet’s inception, and while there are far more security systems in place, and hacking into someone’s computer it isn’t something any Tom, Dick and Harry can do, it can still happen to anyone, even big companies who’d you’d expect or assume to have high security systems in place.

To help protect your business website, below are a few simple tips you can put in place that you don’t need to be an IT whiz to do:

1- Make your passwords complicated

Seems like an obvious one right? Well, you would be surprised at how many people still have their passwords set as “password123” or their date of birth. Passwords can be guessed quite easily, which is why it is important to make them complicated.

You will probably notice when creating new a account there are certain requirements for a password and this is very important to stick to. Below are a few tips for a good password:

  • A minimum of eight characters – the longer the better as someone is less likely going to guess it if it is really long

  • A mixture of upper and lower cases, numbers and special symbols.

  • Avoid any type of personal details, i.e. birth date or a loved one’s name – this type of password can be guessed as information is readily available on social media such as Facebook and Twitter

  • Try to avoid using the same symbol twice in a row

A good example of a complicated password would be something like this:

Lv0u%15t&NUo7£y

This is good as it completely random, a mixture of upper and lower case, with a number and some symbols thrown in. No one is likely going to guess this password!

Of course, if you are not going to remember something like this then you can always use different apps to store passwords.

2- Use HTTPS

This is something that we’ve talked about in past blogs but it is something that every website should be doing now, and that is converting from HTTP to HTTPS.

What is the difference you ask? Well that S on the end basically stands for secure. The application basically uses SSL to add an extra layer of security and helps protect information. If you are an ecommerce website than having HTTPS is a no-questions must have, but if we are honest, it is good fro every website as it protects the information, making ti harder for hackers to access the data.

Click here for a simple step on how to switch on Magento.

3- Update!

Every now and again, software will tell you there is an update. Normally, this is because they have found a security risk so the update provides extra security. But if you don’t do the update then you are going to become vulnerable to this risk.

While updates can be annoying, especially if they happen frequently, and they can be time consuming, they are a necessity to security, so make sure you update!

4- Use Anti-Virus programmes

Much like anti-virus software protects your computer from malware and viruses, you can now get anti-virus software that scans your website for the same thing. These applications will scan through your website and let you know if there is anything at risk.

Like the usual anti-virus programmes for your computer, you can get different level of protection, from basic that just scans to higher level which can remove the malware as well. Akami and Sucuri are a couple that are good for the job.

5- Limit who can access your accounts

If you are the admin of a website you can grant access to people, however you should really limit who these people are and only really grant them limited access. Granting full access means that person can do what they want with the account, so if you need to grant someone full access make sure they are someone you can trust 100%.

If someone no longer needs access to your website, make sure to delete their account straight away or change all the passwords.

6- Avoid Dodgy Emails

Getting phished can happen to anyone, and it does and a daily basis, but don’t let it happen to you. There are easy ways to determine if an email is dodgy, below are a few indicators:

  • Bad grammar and spelling

  • If they request personal information – a company should never ask for information this way and if they do, always pick up the phone to double check before emailing back

  • The email has an attachment and it wasn’t something you were expecting or it is from someone you don’t know

  • Check the email address – some spammers can mask their email and use addresses that contain big brand name, so always double check it is the right one. If in doubt, google the email address, there are many sites now that give feedback on things like this

  • Check the links – if you have hovered over the email, hover over the links as well and if you look in the corner of your web browser and see a link appear and it doesn’t match, then this is a huge indicator it is spam.

A few ways to avoid spammy or phishing emails is to:

  • Implement captcha on any forms on your website – bots have a hard time getting around this, so it’s always a good to have one on your forms

  • Limit where you put your email address, and if you can avoid putting it on your website. Many company have bots that trail the website looking for email addresses, so is an idea to not have your email address anywhere. There are ways to hide this or

  • If you must have your email on your site, then try different ways to write it, such as using the words instead of symbols, i.e. info (at) bigeyedeers (dot) co (dot) uk.

While hackers are trying to find new ways to get passed security systems, it is always better to be safe than sorry, so make sure to try a few of these security tips to lessen the chances of being hacked!

Be Safe!