Once you start taking your first tentative steps online as a small business owner, it won’t be long before the subject of website security raises its ugly head. The sad reality is that there’s no shortage of bad guys out there — they’re practically waiting for you to lower your guard so they can pounce on your secure site.
Site owners are regularly (and rightfully!) badgered to maintain high security standards in WordPress, but there are plenty of other open security doors in the typical small business scenario. All that diligent plugin updating will be in vain if you’re fatally exposed elsewhere in your setup.
In this piece, we’ll help you stay safe by outlining five non-WordPress security traps to avoid for a secure website. Steer clear of them all, and you’ll have gone a long way toward locking things down across the board.
Let’s start with a classic!
1. A secure site doesn’t fall for phishing
Not every phishing scenario is as laughably transparent as the average 419 attempt. Scammers have considerably upped their game over the years, and they’re more than capable of putting together sophisticated traps that can fully mimic the look and feel of services, such as an online banking interface.
Email is the classic entry point for most phishing attempts, but it’s by no means the only one. You need to be equally vigilant over the phone if somebody is trying to extract information. One way or the other, the basics remain the same in terms of prevention:
- Never give out sensitive information over the phone or via email.
- Always think before you click. If an email is inviting you to login, do it manually rather than clicking through.
Any secure site can fall prey to phishing, so do your best to stay alert when it comes to suspicious activity.
2. Running an out-of-date operating system
The same principle applies to operating systems as it does to WordPress and associated plugins — always make sure you’re using the latest stable version from your provider.
Regardless of whether you’re running on Windows, OSX or Linux, a series of security updates will constantly be released to address vulnerabilities as they’re uncovered.
Make sure you’re taking the time to actually install these or you open yourself to considerable risk. Secure website or not, if your OS isn’t up-to-date, then you’re giving potential hackers unnecessary access.
3. Failing to use a password manager
This one is still a shockingly common problem. Let’s not beat around the bush here — you simply have to be using a password manager of some sort in your business. They’re affordable, infinitely preferable to the manual alternative, and will save you and your team a considerable amount of time and effort on a daily basis.
Top-notch products, such as RoboForm and 1Password, remove a lot of the hassle involved in managing multiple passwords. In addition, they also offer you incredibly secure options for storing sensitive information like banking and credit card details. You’ve also got the option of securely backing up your information to the cloud for further peace of mind.
This tip is really a no-brainer. If you’re not already using a password manager, there’s no better time than today to get started!
4. Not locking down your docs
While much of your sensitive data will be safely stored away behind various password-protected, third-party services, a large amount will still be stored locally in either physical or digital files. Regardless of the type, both of these options need to be adequately secured.
Luckily, getting this right is relatively straightforward. On the offline side of things, the market is packed with affordable office safe solutions, which can be used to secure both documentation and smaller devices. In addition, solutions such as Dropbox and Cubby offer affordable ways of securely storing and password protecting digital documentation.
5. Scrimping on hosting
Let’s start with the good news. General security standards at hosting companies worldwide have come on in leaps and bounds over the last decade. Here at GoDaddy, we’re proud to have played a considerable role in helping the industry raise its game over the years — but the fact remains that not every hosting provider is equal when it comes to keeping you and your users safe.
Obviously, we hope you end up selecting one of our own affordable and secure hosting packages. However, even when looking elsewhere, make sure you’re really vetting your provider on security, as well as price.
Security standards can vary wildly for hosting products, particularly in the context of shared hosting. Do your due diligence.
If you want a secure site, you need quality hosting. The few cents you save by going with a corner-cutting outfit will be dwarfed by the costs of cleanup if a security incident occurs.
Security is one of those areas where you don’t want to get acquainted with the basics the hard way. The five steps we’ve covered are far from the only ones you should be taking, but they’ll go a long way toward maintaining a secure website.
Let’s review those points one more time to close things out:
- Stay on your guard against phishing attempts.
- Always keep your primary operating system up to date.
- Make sure you’re using a password manager to handle logins.
- Keep your paper and digital documents adequately secured.
- Thoroughly vet your hosting partner’s security track record before you sign up.
Are there any small business security tips you swear by? Get in touch via the comments section below and let us know!
Also published on Medium.