Security Matters
With the holiday season nearly upon us, more money is being spent online than ever and more purchases are being made through mobile devices than ever. It’s the time of the year when security matters most for both you and your clients.
If you are keeping hold of clients’ details, you need to think about more than when they are browsing your site. For the same reason you don’t leave a handbag out in the open, you don’t want to leave your server vulnerable. There are several ways to protect your server; some better than others but the simplest idea is to use strong passwords.
Password length gives strength
We have covered password complexity in the past on our blog, but essentially a good password is not necessarily complicated (in terms of replacing letters with numbers and adding punctuation) but long instead. Length is a really good measure of how strong your password is. Obviously it’s still a good idea to use a mix of numbers and letters (both upper and lowercase) but a password needs to be long to be strong.
With your own passwords, such as online banking and shopping passwords, it is essential to choose a password that you won’t forget. The rules for a computer are completely different though. Use a password generator to create a password that is both long AND complex because unlike us, a server won’t forget connection details to its own database.
Some hosting companies will allow you to set different passwords for your database, FTP account (which you use to upload and download files to your site) and the server control panel itself. If this is the case, it would be good to use different passwords all round so that if one part of your site is compromised, the other areas will remain intact.
Regular back ups
Backing up your site regularly is a good idea and some hosting providers will give you a service to do it automatically. At LOGO, the websites on our largest servers are all automatically backed up daily to a remote location. Our smaller websites on shared hosting have a different backup system. Don’t leave it until it’s too late – find out if your ISP or website agency has regular back up procedures operating on your site – if they don’t they – or you – should address this as a matter or some urgency.
If you are selling anything online, an SSL certificate signed by a veritable intermediate is an essential aspect of your site’s security. It adds a layer of encryption between you and each of your clients to stop people listening in to your communications as well as letting people know that your website is genuine and has been verified by a third party.
Distributed Denial Of Service
Another thing to protect your site against is a DDOS (Distributed Denial Of Service) attack. They work by flooding the site with requests, giving the effect of millions or even billions of users accessing the server at once. The server finds it difficult to determine which requests are from genuine users and eventually either slows down to an unusable speed or falls over completely.
These types of attack are extremely difficult to protect against but several solutions exist. Generally speaking though, either using a powerful, good quality server with a reputable hosting provider or using several distributed servers in the cloud are the best way to protect yourself against DDOS attacks.
Gone phishing
Pay no attention to requests to transfer your domain. The way domains work is a talk for another time, but anyone can request to have your sites domain transferred to their registrar. These requests usually come by email and are addressed to the email that the domain is registered to. Unless you are moving your site to another server (you will know about this) then you don’t need to transfer your domain anywhere, regardless of what the email says. These are simply phishing requests and being used to find out who will bite. Next time you get a reminder to renew your domain name be careful to check that it really is from the company you originally registered it with or you might find yourself sending money to a fraudster with nothing to show for it.