If you have just started a business, you’re probably already aware of the impact the Internet has had on all facets of our economy and culture today. You also know how essential it is for a new company to have a strong web presence.
Another security measure is Two Factor Authentication or 2FA. This step helps keep your accounts with different services safe from trespassers who might try using your credentials on multiple sites. 2FA adds an additional layer of security by requiring access to the phone number associated with the account. You can enable 2FA in your Namecheap account by following this guide.
It’s a good idea to use password managers such as LastPass, Dashlane, Roboform and KeePass to securely store and manage your passwords. These programs can also auto-generate strong passwords that meet the above-mentioned requirements.
Since your website uses various software for hosting and management, be sure to keep it updated with the latest software updates, since, with each update, the company fixes reported errors and bugs, and minimizes vulnerabilities.
Despite having updated software, however, there’s still plenty of malware that can infect your website without you being aware. For example, sites that spread malware can implement malicious code on your website to redirect visitors somewhere else. Always schedule regular monthly or weekly security checks to be on the safe side.
Email is an essential part of every business that ought to be protected as well. It is possible to not only secure the connection to your mail server, but also to sign your emails with security certificates, known as S/MIME certificates.
Generally, secure mail ports are used to connect to the mail server, such as 995 (instead of standard 100 for POP3), 993 (instead of 143 for IMAP), and 465 (instead of 25 for SMTP). You may set a secure connection to a Namecheap Private email service using this guide.
We’d also like to take a moment to describe how phishing attacks work, so that you can secure yourself from them as well. Let’s say, for example, you receive an email that claims to be from “Your trusted bank”, and indeed, appears to be from the actual bank where you keep your money. The email may ask you, for example, to visit a link and provide certain critical account information. The email may also claim that they simply need to “confirm” this data, or they may warn that your account may be closed or that you may incur fees if you do not take immediate action. . Regardless of the request, it is important to remember that banks and other credible financial organizations will never ask for personal information via email. You should never share any personal information via links provided in these types of emails... If you click the link, make sure it brings you to the same location it claims to point to. As an example of this, look at the two links below: https://www.namecheap.com and https://www.namecheap.com.
In order to encrypt and secure the traffic between your website and visitors be , we recommend implementing an SSL certificate on your site.
SSL (which stands for Secure Sockets Layer) certificates come in various levels of security to fit the specific needs of your site. . We will briefly take a look at each of these certificates and will describe them in terms of how the validation of the domain name is arranged.
The most basic type of certificate is domain validation (DV. A DV certificate will show who owns the domain name and will provide encryption of site traffic.
To show your customers your domain ownership information as well as validation that your company is officially owned and registered by you, we recommend an organization validation (OV)certificate. OV certs display your company name and address in the certificate details. Additionally, they require you to pass a company verification process with the Certificate Authority (CA) that issues the certificate. This may include requirements such as having your organization listed in a business credit listing like Dun & Bradstreet, or a public database like YellowPages.com. Be sure your business can be validated through channels such as these before choosing an OV certificate.
Extended validation (EV) certificates are a great option for top-tier security. Like OV certificates, EV certs require your company to be incorporated, verified with the issuing CA, maintain a corporate phone number listed in a directory of your country, and be registered in a business credit listing such as Dun & Bradstreet. The verification is more thorough, and the explicit company details will be reflected on the certificate details panel in the browser and on the site seal. We recommend choosing an EV cert only if your business is able to accommodate this rigorous validation process and you require the highest certificate assurance level.
Domains, hosting services, SSL certificates, software, and other services require having a managed account with one or more providers. If your business has only one person managing your account(s), it’s advisable to have a plan for when and if that person is suddenly unavailable.
Let’s assume your company has 30 employees, all of which are pretty familiar with the company’s policy regarding downloads from the internet. Your company manages 1000 payment transactions every day, meaning you’re storing tons of credit card and other personal customer information in your internal database. Let’s also assume you’ve implemented all the security measures recommended in this article up to this point. So, the day comes when one of your employees accidentally downloads an attachment in one of those “You have won a $10.000 lottery!” emails. The email contains a worm that immediately runs and clones itself all over your entire company network, stealing your customers’ personal data and sending it to the worm creator. At this point, all you can do is switch off your office internet to ensure the information does not go further than your internal network, and this is assuming you somehow find out how the virus actually works. Such a worm can also simply delete all the information on all your computers, taking you back to square one. As you can probably tell at this point in our example, this is not even the worst-case scenario.
Last but not least is the most obvious security measure: the traditional antivirus software. Many companies provide this type of software, Comodo, ESET, AVAST, McAfee, and Kaspersky Lab, to name just a few. These companies provide various security features to keep you on the safe side and help avoid critical situations like the one we have described above. We recommend visiting these sites to determine which company’s software best fits your security requirements.
To conclude, the best advice we can offer to keep all of your site security resources optimized is to consult with a professional web-security specialist on how best to secure your site and data. While this may present substantial up-front costs, it will save you time and money in the long run, provide you with peace-of-mind, and allow you to focus on the unique aspects of running a successful business.