Building a website for your business is fun. From choosing the most engaging copy to selecting the perfect graphics, your website tells your story and connects you to your customers. But you also need to keep you and your customers safe.
We’ve all seen the headlines: global corporations suffering at the hands of cyber criminals and left to deal with the enormous data breaches and reputational damage that ensues – not to mention the hefty fines. But it’s not just the Yahoos of the world that are at risk. Small businesses face the reality of cyber attacks every day. In fact, Verizon’s 2019 Data Breach Report shows that 43% of all cyber attacks affect small businesses.
As a business owner, keeping your customers’ data safe is crucial. Protecting against all types of cyber security threats is the only way to do this: from phishing and malware, to brute force attacks and DDoS, cyber criminals have a number of techniques at their disposal. Having a clear list of security measures keeps these attackers at bay and you and your customers protected.
Here are 10 steps you can take to ensure that you're armed against security threats.
1. Stop spam comments
If you allow user comments on your website, the last thing you want is the comments section to be filled with spam. Not only are they annoying, they can also present a security concern as hackers can use the comments section to attack your website. Your customers are also less likely to trust your website if they see spam comments infiltrating your website. And it’s not just your customers that don’t like these comments; Google crawlers can recognise spam and dock SEO relevance in response.
Protecting your website means being equipped to stop the spam. There are several integrations and plugins you can utilise that can help you monitor any rogue comments. Depending on the hosting service you use, your provider should be able to help you identify the best integration for filtering out fake user comments.
If your site is built using Webflow, using Disqus or similar integrations can help you identify and moderate comments with a quick code embed. Disqus does a great job of filtering out spam, and many webmasters and cybersecurity experts rely on it for its protection.
2. Safeguard against Denial of Service (DDoS) attacks
A Distributed Denial of Service attack works by bombarding a website, network, server or service with internet traffic. The aim of the attack is to route so much traffic to the target, that the target becomes overwhelmed and can no longer function. A DDoS attack would take your website offline, either temporarily or even permanently.
Using a trusted hosting provider is one simple way to avoid this type of attack, as these companies carry out regular network monitoring and pen testing, exposing any chinks in the security armour. While no internet service is completely safe from attacks, Webflow has Advanced DDOS protection measures in place to alleviate the most common attacks.
3. Stop brute force attacks
Brute force attacks are similar to DDoS attacks in that they both involve a barrage of server requests. However, while DDoS attacks are against a network or website as a whole, brute force attacks are more targeted. For example, a brute force attack may involve a hacker making repeated attempts to guess a password in an attempt to gain unauthorised access.
A reputable web hosting provider can help. When you choose your provider, make sure to check they provide some form of protection against these kinds of attacks. Webflow does this by tracking the IP addresses on form submissions and monitoring them for repeated attempts.
4. Protect against from XSS cross-site scripting and SQL injection
Cross site scripting (XSS) works by placing malicious script onto unassuming websites. This means that users of the website may have harmful code inserted into their browser without their knowledge, and their private data may therefore be accessed.
An SQL injection is another way hackers can access private data. SQL is a database management language and by injecting a malicious SQL statement, hackers can take information from the database, or corrupt the original entries.
Webflow adheres to state of the art web application security practices, with on-going, third party audits on their hosting infrastructure to screen against these and many other kinds of attack vectors.
5. Install a SSL security certificate
A Secure Sockets Layer, or SSL, is a global security standard. For a page to be secure, it must have an SSL certificate which ensures an encrypted link between a web server to a browser. A secure website will have the padlock icon visible in the website address box. The encrypted links means that personal information such as customer’s login and card details are kept safe.
An SSL certificate offers peace of mind to your users that your website is safe and secure, and Google also tends to rank these websites higher. SSL comes as standard on every Webflow site, so you enjoy better SEO and your site visitors never have to see those unnerving security warnings!
6. Keep your website and its data backed up
Most web hosting services include this feature as standard, meaning you don’t need to manually back up your website and all of its data with every change of heart.
Webflow allows you to preview and restore your site from ongoing, automatic backups, or manually create save points to mark progress and track changes.
7. Follow ISO 27018 compliance
ISO27018 is a code of practice to protect personally identifiable information (PII) that exists in public clouds, and keeps the data safe and out of reach of hackers.
All websites hosted among the thousands of others on Webflow gets this layer of protection, with Amazon Web Services’ (AWS) shield imparting ISO 27018 compliance to every website that falls under it.
8. Use HTTP/2
HTTP/2 is an update of the HTTP network protocol. HTTP/2 enables faster transportation of data by allowing it to flow both ways. As it’s also in line with SEO best practices, Google gives HTTP/2 websites an automatic SEO boost!
It’s worth checking if your web hosting provider offers HTTP/2, as many reputable ones do. Webflow meets HTTP/2 standards out of the box, ensuring your site loads as quickly as possible.
9. Use a reliable provider for online payments
When customers go to pay on your website, they will have greater peace of mind if they trust the online payment provider. There are many options of payment gateways you choose. For example, Stripe is a well-recognised and trusted payment provider, so it may be worth considering using their service.
Webflow allows you to accept payments from 200+ countries via credit card, PayPal, Apple Pay and Google Pay, with security and fraud protection powered by Stripe and PayPal.
10. Password protect important pages
If any pages or content on your website are sensitive, it’s a good idea to protect these behind a password. Only share your login and password credentials with those that need access, as this will ensure you maintain control over any changes that are made. Most websites have the option to protect pages and folders using passwords, so make sure yours has this feature.
Webflow allows you to set passwords on individual pages or folders of your site. You can also customise the design of your password page.
As cybercriminals continue to become more sophisticated, your website must stay up to date with security requirements. With Webflow comes zero maintenance – no updates to run, packages to install, or headaches to deal with. Get in touch with us today to learn more about our services.