Whether your business operates an ecommerce or marketing website, it is essential to protect it against attacks from hackers as well as technical failure. The consequences of not doing so include loss of service, reduced revenue and damaged reputation.
Get Safe Online's top tips...
The risks
- Theft of customer information, such as addresses and payment card details.
- Website defacement - potentially including indecent, abusive, hate or terrorist images and messages.
- Denial of service attacks by criminals attempting to disrupt your business, typically to extort money.
- Damage to your reputation.
- Website failure due to infrastructure or power supply issues.
- A deliberate denial of service (DoS) or distributed denial of service (DDoS) attack.
Protect your website
If you are hosting your own website rather than using a third party hosting company, ensure that the hardware and software is secure:
- Use strong, protected passwords throughout the system. Do not leave any password set to its default value.
- Make sure the server is protected by an effective firewall and internet security software.
- Monitor log files carefully to spot any attempts at intrusion.
- Use the latest version of any ecommerce software. Old versions may have flaws that hackers can exploit.
- Delete defunct websites by having them taken down by the hosting company and all files deleted.
- Never store customers’ private information and credit card details on a public ecommerce server.
- Protect your SSL details and keep them secret.
- If you consider that your website may be vulnerable to a DoS or DDoS attack, locate and consult a DDoS protection specialist who has the relevant knowledge and tools to protect your business
- Consider using a professional penetration testing firm to test the defences on your ecommerce server.
If you use a third-party hosting provider:
- Review its security and availability policy and arrangements.
- Check that the service level agreement is adequate for your needs.
- Consider using a professional penetration testing firm to test the defences on your hosting company’sserver.
.
