5 Steps for Maintaining a Secure Website

As news of the WannaCry ransomware virus swept through headlines in May, nightmarish thoughts about security breaches and hackers became impossible to ignore.

As news of the WannaCry ransomware virus swept through headlines in May, nightmarish thoughts about security breaches and hackers became impossible to ignore. 
 
You may have found yourself wondering what precautions your business is currently taking, and whether you could do more to protect yourself, your employees, and your clients. 
 
Although shoring up your website’s security may seem like an intimidating project, adopting proactive security habits can be as easy as following a five step plan. I recently spoke with Nick Damoulakis, president of Orases, to learn more about his top suggestions for staying safe online.

Plan to invest time in maintenance 
When clients come to Orases, it’s often because they’ve run into a security problem that they need help fixing. More often than not, these security problems are based in common misperceptions about website maintenance. 

Many businesses are looking for a website they can “set and forget.” Unfortunately, this approach often creates significant security gaps over time. According to a recent survey by DC-based ratings and review firm Clutch, despite the fact that only 50% of website managers update their applications and software when prompted, only 18% plan to do so in the future.

In reality, every website needs some occasional tune ups such as application and software updates, plugin updates, and revoking access for former employees. 

By letting go of the idea that you won’t have to maintain your website, you can open the door to creating a better--and safer--experience for your employees and clients. 

Over time, maintaining your website will become second nature. 

Set up two-factor authentication (It’s free!)
Two-factor authentication allows you to create an additional layer of security that goes beyond simple password protection by linking your account to a specific device that can be used to corroborate your identity. 

This is why Google suite or Twitter may have recently asked you to add a cell phone number for security reasons. If someone tries to sign into your account, they won’t be able to gain access without a code texted to your cell phone--which will also tip you off to a possible attack.
 
Only 39% of website managers recently surveyed currently use two-factor authentication, exposing a missed opportunity. By simply adding your cell phone number to your accounts, you can greatly reduce the risk of a hacker gaining access to your account.
 
Best of all, this feature is typically available at no cost!

Learn how to access built in security features
If you use Google Suite, you already have robust built in security features. The key is learning how to access and interpret them. 
 
Google’s Security Checkup is a powerful example of this. To find it, go to “My Account” and look for the column of links to security features. 

Screen Shot 2017-05-24 at 12.30.10 PM.png
 
From there, Security Checkup can walk you through the steps you can take to ensure your account is secure, including:

  • Recovery information, like your phone number and email
  • A list of devices connected to your account
  • Account permissions

By looking at the devices that are connected to your account, you’ll quickly notice recurring sign-ons from your devices such as a laptop, tablet, or mobile device. This means that you’ll also be able to spot unfamiliar devices should someone try to hack into your account. 

This is also where you can add two-factor authentication if you haven’t already!

Create a culture of healthy skepticism
To create lasting change in security habits in your organization, take steps to create a culture of healthy skepticism.
 
In practice, this means giving your employees the tools and background knowledge to think critically before installing plugins, opening suspicious email attachments, or releasing sensitive information during a phone call with a stranger claiming to represent a client. 
 
By empowering your employees with knowledge, the burden of maintaining vigilant website security won’t rest too heavily on any individual employee, reducing the chance of a costly mistake.

Set aside time each month to review old passwords and accounts
 
It’s easy to put off updating the security measures you take online. By setting up a recurring calendar event every month or every quarter, you can automatically build in time to:

  • Update passwords or install a password manager 
  • Close old accounts or credit cards that you no longer use 
  • Check on your credit score
  • Download software, application, or operating system updates

You can even treat these recurring calendar events as an opportunity to multitask. For example you could plan to get coffee with a new employee while updates are downloading, ensuring that your time is well spent. 
 
Of course, there are many additional steps you can--and should--take. But these five steps will give you a starting point for building a more secure website and a more proactive business.