If you cannot afford, or do not have the skill-set to run, a dedicated private server, then the chances are that you are using web hosting in your business. There is nothing wrong with this, as they both have their advantages. However, they do come with some security problems for a business, particularly any business involved in finance. Last year we had the Dridex virus that enabled millions to be stolen by hackers from bank accounts, and who knows what this year will bring. Therefore, it is important that you know that your web host is taking steps to ensure your site and their server is secure.
Here we are going to look at ways that can be possible:
Knowledge is Power.
The power to control users that is. A web host should be checking the identity of all users; by doing so the web hosts will deter hackers from registering to use their service. This is a simple but effective policy, and one that does not take much time to implement. IP addresses and locations can also be checked as a further measure.
Yes, I am going to remind you all again. Change your passwords regularly, and choose a suitable password. You, as a site owner should change yours, as should employees who have access. Even the people who work at the web host itself should be doing this often. This is so simple, yet it is ignored by many and can cause serious problems.
Don’t Mix Accounts.
Free accounts are attacked much more regularly than paid for accounts, so if you use a company that provides both services, make sure they run off separate servers. You are paying for your service so you should not be exposed to the same risks as those using a free service.
If your paid-for service does not come with a firewall as standard, then find another provider. Without a firewall how can your site (and indeed the server) be protected from attacks from outside? The firewall should be robust enough to identify and deny entry to any threats, as well as being flexible enough to enable the blocking of any known IP addresses that have been shown to be unsecure or threatening previously.
Provider Site Checks.
Your provider should be running systematic checks on all the sites they host to ensure there is no threat to other users in the network. It is possible to warn any site owner of a problem, and it should be the websites responsibility to fix the problem once identified. Obviously, such a site would not be allowed back into the network without being fixed. This not such a problem if using a VPS from a company like bestwebhosting.co.uk, as there is more security with a virtual server, but you should still make sure your host is running any possible checks that they can.
If your provider has the option of SFTP, then make sure you have access to it. This will give you a more secure way to transfer files and stop them being altered when being transferred.
Have a Backup.
Make sure that your host backs up any data regularly; at least once every 24 hours. This will minimize the effect that hackers may have on your data and, though you may lose some, most of it should be retrievable.
Every website owner should be concerned about security, but financial sites have a duty to care for their client’s data. Make sure your web host is playing its part too