Sunday, June 16, 2024
Are you sure that your website is actually secure, and impervious to hackers intent on doing you harm? Unfortunately, you never can be sure, until the unthinkable happens. But you can reduce your risk significantly, by putting into place security layers… six of them.
The six levels of website security:
- Secure the network: Configuring Cloudflare, which helps prevent denial-of-service attacks, and provides DNS-related protection. A side benefit is that the Cloudflare CDN can also speed up the site dramatically.
- Secure the server: Hosting the site on a commercial-strength hosting provider, such as WPengine or Kinsta, provides both server-level security, and also hourly roll-backs in case of disaster.
- Secure the WordPress application: This means keeping the program and all plug-ins up-to-date, then installing and properly configuring a web firewall and scanner. I would recommend WordFence: it is both well-respected, and powerful.
- Secure user access: Require complex passwords and two-factor authentication. This means that passwords can’t be guessed, nor shared.
- Test the security: Use an automated penetration testing tool, such as Beagle Security. Beagle will probe your site for vulnerabilities, and provide a detailed report of issues that your tech team can address.
- Educate your users: One of the more powerful hacking techniques is “social engineering”, where hackers connect directly with users, convincing them to provide access, share passwords, click on malware links, etc. Training your users – even on security basics – can make a big difference.
There is always a chance of being hacked – but if you build layers of security, and keep each up-to-date, the risk is reduced dramatically.
This week’s action plan:
Most leaders don’t have a clue about website security – and they shouldn’t. This week, ask your team how they are securing your web-based digital assets, and use this list as your reality check.
Security Insight:
Sometimes it is helpful to have a third party help this process. At one end of the spectrum are comprehensive third-party security audits, and on the other end of the spectrum are simpler advisory conversations. The most important thing is not to “assume” anything when it comes to security: trust, but verify. Next steps: While I cannot provide a comprehensive a security audit, happy to make a referral. (I can help demystify the topic for you, and have that advisory conversation though.)
Related posts: Nine Privacy Action Points, When You Get Hacked
Does this topic resonate? Reach out to Randall: he can present it to your group. (More presentation topics)
Download Randall’s professional credentials: Speaker credentials one-sheet or Management Advisory credentials.
Content Authenticity Statement: 100% original content: no AI was used in creating this content.
@RandallCraig (Follow me for daily insights)
www.RandallCraig.com: Professional credentials site.