If your company’s website isn’t secured properly, it might be easily compromised, which might result in vandalism, disturbance of service, or even the theft of company or customer data. Every one these can have serious consequences.
Sites Differ from business to business, however there are some basic suggestions to follow:
- If hosting your site (s) internally on servers belonging to your business:
- Restrict access to authorized employees only.
- Apply all available and relevant patches to the Web server operating systems and any other software that is running, helping resolve any known issues.
- Implement regular backups of your business systems to a server at a separate location.
- Turn on server logging and have whoever is in charge of the server(s) review those logs regularly and keep an eye out for suspicious activity.
- If your business uses a Web hosting service, make sure they have a security plan and that they:
- Scan their Web servers and your website for potential issues and then fix those issues to protect the server and your site further.
Monitor your website (and any systems) for intrusion or attempted vandalism.
- Protect your website from interference and disruption.
- Will restore your site to service in the event of a failure or interruption by cybercriminals.
- Do not post any personal emails on your business website as spammers and others will use them (e.g., for phishing). Use generic business accounts like firstname.lastname@example.org or email@example.com.
- Be prepared in case your business website is compromised. You may need to reduce service, switch to a backup server or service provider, or even take your site offline temporarily. Consider all of this before a security incident takes place, so everyone in the business knows what needs to be done.