If 2020 taught us anything, it was that a) you can’t take anything for granted and b) you never know what’s coming. At SmartBug, we like to recommend a cautious, borderline paranoid approach when it comes to website security. It’s like mom used to say: You can never be too careful. So, whether you’re building a website for the first time or looking to maintain your fine-tuned, well-established website, take a look at our top five website security must-haves.
1. Web Application Firewall
Cloudflare is a Web Application Firewall (WAF) that protects your essential web applications from malicious attacks. Unlike legacy firewalls that force users to create a set of rules, Cloudflare is dynamic and uses collective intelligence to save you time and resources. Cloudflare WAF also spans 200 cities, which allows for scalability.
As Cloudflare filters traffic to protect from ill-intentioned users, it also uses machine learning to track and scan repeat attacks in order to block entire IPs, without requiring any additional effort from the user. On top of these advanced features, the onboarding process is reportedly simple and well-guided.
2. Two-Factor Authentication
When it comes to all-around safety for both your company and your individual employees, two-factor authentication (2FA) is a definite must-have. 2FA does exactly what you might expect it to do—it requires two different factors to authenticate you as a user and allow you to log in.
This may sound annoying or troublesome at first, but it usually integrates quite seamlessly with your workflow. The first factor is typically your password, which you then use another method to verify. This can be anything from a YubiKey—which is a physical USB insert—a code texted to your cell phone, or even biometric access like a fingerprint scanner. Duo and LastPass are both well-known 2FAs that pass our “worried parent” test.
3. Endpoint Security Software
Go ahead and add a robust endpoint security software to your must-haves list as well. Endpoint security software is a custom combination of cybersecurity and privacy controls that helps stop malware infections dead in its tracks. The Bitdefender Endpoint Detection and Response software is appealing for a number of reasons. We love its highly visual interface and its scalability from small businesses to full blown enterprise organizations.
Bitdefender offers centralized management, multi-layer security for all endpoints, universal coverage, risk analytics, protection against fileless attacks, and network attack defense. If you’re looking for comprehensive protection for physical and virtual desktops, then this is our number one recommendation.
4. SSL Certificate
Let’s be honest. If you don't have an “s” after your “http,” even people with the slightest amount of web knowledge aren’t going to spend much time on your website. Secure Sockets Layer (SSL) certificates are what allow for a secure connection between a website’s host and an individual’s browser. Without one, your website suffers immensely. Google actually prioritizes (https://) over (http://) in an effort to provide users with a safer experience, so this is not only an issue of safety, but also of web traffic and SEO. To get a standard SSL certificate, Comodo SSL and Let's Encrypt are both good bets.
5. Website Backups
Keeping all your files in a singular place is a big no-go. What do we love? Backups. And what do we want? Backups! We know it is tempting to trust the iCloud, but we highly recommend using a secure and credentialed service to store all of your files and keep them safe in the event of a malicious attack. Sucuri automatically backs up your website at the frequency of your choosing. It works across any CMS or web hosts, so you can keep your backup even if you choose to change platforms. Their servers are also monitored by a dedicated web security team, which will help give you peace of mind.
We know spending some of your budget on maintenance and security isn’t glamorous, but it is necessary. Apparently, Americans spend $11 thousand in their lifetime just on toilet paper. That is enough money to buy Griff Tannen’s original hoverboard from Back to the Future Part II and still have some money left over for the super cool display case you would put it in! But would you go your whole life without toilet paper just to have the hoverboard? We didn’t think so. That is how we feel about prioritizing our website security.
Prioritizing the security of your website will pay off in the long run. Need help implementing a website security strategy? Contact us.