You may have seen a ton of information in the news and on the web about strengthening cyber security and thought to yourself, ‘how do I know if I’m secure or whether I need to change anything for the safety of my organization?’. If you landed on this article, you’ve already completed the first step which is seeking out information on best practices!
We take web security very seriously because we know our partners trust us to deliver a safe and secure product that will last for many years to come. We’ve put together a combination of Fastspot’s web security best practices and recommendations you and your team can take action on today. If you’re interested in reading more about how you can further secure your website, check out the Cybersecurity and Infrastructure Security Agency (CISA) Tips on Website Security.
Securing Your Passwords
Change default passwords. If a system administrator or IT personnel has set up an employee with a default password, we strongly encourage that employees update the password once they are logged in for the first time. Default passwords are not considered secure as they may be easy to guess or hack.
Create a strong password. Ensure each member of your organization that helps manage and maintain your website uses a strong password that is difficult to guess or hack. At Fastspot, members of our team use the Password Generator. To increase protection against attacks, we recommend that employees do not reuse passwords across multiple systems. We also recommend updating your strong password regularly.
Utilize safe password storage. While there are numerous ways to store your passwords, it’s critical they are stored somewhere that cannot be easily stolen or hacked. You may be asking yourself, Are Password Managers Safe To Use? In short, yes. Password managers allow you to remember one login or master password that, when combined with a multi-factor authentication, provide an extra layer of protection to keep your passwords safe. Our team has experience using 1Password, however there are other options your team can look into including these 4 Best Password Managers in 2022 provided by Zapier.
Set up multi-factor authentication. When possible, we recommend setting up multi-factor authentication which will provide an extra layer of protection against unwanted sign-in attempts from bots or individuals trying to gain access to your accounts.
Protecting Your Website
Practice good user permission hygiene. Take a moment to review your website users. Are there users who have permissions that they do not need such as ‘admin’ when they only need ‘editor’? If so, update them! Taking the time to limit the number of people who can access and modify your site will help you maintain control of your CMS.
Remove outdated users. Are there old site users with access to your website who are no longer with your organization? Time to disable and remove them! We recommend adding a step in any termination checklists your organization has to help keep this top of mind and ensure your CMS is protected.
Update plugins, add-ons, etc. We recommend keeping your CMS and any plugins up to date by installing the latest versions. Outdated software can leave your website vulnerable to attacks. Taking a moment now to see which plugins are out of date and taking action to update them will help secure your website for the immediate future.
Control comments. Disabling comments, whether on a blog or other area, is one way to protect your site from vector attacks. If your organization requires comments to be enabled, we recommend creating a process for approving comments by an internal user. This will help block anyone leaving comments with a goal to ultimately infiltrate your site as well as block any bot or spam comments that are not relevant to your article/content.
Implement HTTPS for your website. When looking at urls, you may notice that most websites have HTTPS rather than HTTP at the beginning of the url. HTTPS provides an added layer of security that, using TLS or Transport Layer Security, protects a user’s connection to your website. Read more about How to Secure Your Site With HTTPS in the Google Search Central.
Select a reputable hosting provider. When getting ready to launch a website or if you need to switch hosting providers on your current website, we recommend selecting a provider that comes highly recommended and/or has positive reviews, plus a support process and response timeframe that works for your team.
Invest in a support partner. If your website ever goes down, you’ll want to have a strong support partner with system administration skills on your team who will help to get it back up and running. Your trusted support partner should also be able to enable backups, either automated or manual, in your hosting environment so that in the event your website does go down, you will be able to push the latest saved version live with the knowledge that it is relatively up to date.
Implementing Regular Maintenance
Having access to update and maintain your company’s website is a great responsibility. To help prevent a cyber attack or hacker from gaining access to your CMS, do your part to ensure your passwords are strong and that your login credentials are secure. Creating a plan for regular maintenance and implementing software updates as needed can go a long way to keeping your company’s site safe. Work with your team to generate a plan and come up with a timeline for maintenance that works well for your organization and those that maintain your website.