Top-level web security is one of our 5 core beliefs here at Seven Hills Creative. Not only are 30,000 websites hacked on a daily basis, but 64% of global companies have experienced at least one form of attack. With customer data, private info and a massive reputational risk all at stake – you’ll need to ensure you’re protected by the most stringent security measures.
To get you started, here are four beginner-friendly security tips to help improve your website…
1) Protect Sensitive Data with Strong Passwords
Typically, hackers gain unauthorised access to sensitive information because of human error. Commonly, this is due to a weak password. Simple phrases enable intruders to access control of your devices with ease. In contrast, strong and secure passwords act as the first line of defence against malicious attacks.
Weak passwords pose security risks for countless websites. In fact, compromised terms were responsible for 81% of data breaches in 2019. It’s simple really, the harder a password is to guess, the lower the chance you’ll face unwanted intruders or a brute force attack.
Strengthen Passwords with these Top Tips
- Above all else, make your passwords long and complex – as these require more effort and time for a hacker to crack.
- Never use the same password for two or more services, as hackers who gain entry to one system will try to use the same phrase to take control of others.
- Passwords should contain at least 12 characters – though we’d always recommend bolstering your web security with phrases that are 16 characters or more.
- Utilise a variety of unique characters – such as commas, ampersands and hash symbols, as well as a varied mix of numbers, lower-case and upper-case letters.
- Don’t use obvious terms when creating your passwords. Dates or birth, pet names – or the names of your spouse and children, are all easily guessable.
- Never write down your passwords, as this could make it easier for them to be stolen and used by someone else.
Even though 91% of people are aware it’s bad practice to reuse passwords, 59% continue to do so, both at home – and their place of work. The most common reason people do this is out of fear they may forget more complex phrases. In these cases, utilising a dedicated password manager could help you generate strong passwords – and store them securely.
2) Bolster Website Security with Two Factor Authentication
While strong passwords are a great first defence against security issues, website owners – and site visitors alike, will benefit from a second line of protection. To help further avoid a major security incident, it’s worth exploring multi-factor authentication systems…
MFAs are a layered approach to securing private data and web applications, where a system requires multiple forms of authentication before it can grant user access. This means that – even if your passwords become compromised, malicious users will still be unable to gain access without verifying additional factors, first.
The vast majority of two factor authentication systems require user input of an authentication code before granting access. While it may sound simple, Microsoft have highlighted how 99.9% of account compromise incidents they face could have been pre-emptively blocked by using a multi-factor authentication app – such as Google Authenticator or Microsoft Authenticator.
3) Defend against Web Security Threats with an SSL Certificate
If your website handles sensitive data – such as medical records and financial information, you must get an SSL certificate for an added layer of protection. SSL stands for secure sockets layer, a security protocol that creates encrypted links between servers and web browsers. In a nutshell, it upgrades your easily-targeted HTTP connection, to a HTTPs one.
SSL certificates are essential for e-commerce websites – or any other web application that handles customer information, as they authenticate your brand’s identity, convey a sense of trust, give you more protection against hackers, and ensure your data is safely encrypted.
It’s also worth noting that search engines promote websites with SSL over those without, as this encourages users to visit pages with excellent protective measures. As such – if you’re looking to increase your site’s footfall, it’s worth installing an SSL certificate to improve your site’s search engine optimisation (SEO) – and gain popularity through increased traffic.
4) Strengthen your Web Server with Security Headers
In case you’re not aware, security headers are an essential part of protecting websites and content management systems. In simple terms, they are directives that web apps use to configure security defences in web browsers.
Based on these directives, browsers make it harder for hackers to exploit client-side security vulnerabilities – such as through Cross-Site Scripting and Clickjacking. Believe us, you don’t want any of these web security threats affecting your business.
Key Security Headers to Familiarise Yourself with…
- Content Security Policy (CSP) protects site visitors from Cross-Site Scripting (XSS) attacks – where hackers use holes in your site’s security to upload malicious scripts.
- Strict Transport Security Header (HSTS) prevents attackers from downgrading the https connection of a site – which allows them to secure sensitive information easily.
- X Content Type Options stops certain exploits that can happen through methods including malicious user-generated content and drive-by-download attacks.
- X Frame Options helps to prevent clickjacking attacks – where a user is tricked into clicking on a link that doesn’t take them to the location they were expecting.
Stay Secure with Seven Hills Creative
There are a number of other security vulnerabilities that can negatively impact your site’s security – including outdated software, malicious code and hardware failure -.but those are for a later post…
In the meantime, we’re happy to advise on all aspects of web defence. Get in