Business Owners and Practice Managers, who do you think is responsible for keeping your website safe?
A. Your internal IT Department, or Managed Service Provider?
B. Your third-party website Hosting Provider?
C. The person or business you have contracted to build and manage your website?
The primary responsibility for your website security rests on the person or business you have contracted with to build and manage your website. However, that responsibility is not always clearly understood by business owners or website developers. The increase we see in attacks on unpatched and vulnerable websites shows how important it is for you to ensure your website always has the best security possible.
4 Easy Actions to Check Your Website Security
If you are not sure how secure your website is, here’s four simple actions you can use to check your current website security measures. Better yet, use this list to ask the person or business managing your website if they are doing them for you.
1. Ensure your website is fully updated with the latest security patches
Make sure your website developer/manager is keeping all files, themes, software and third-party plugins current with the latest security patches. Updates ensure any exploits on your website are fixed, so security patches are a vital element to reducing your risk to cyber-attack or data loss.
2. Review active user accounts and action accordingly
Be careful what access permissions are given to various user accounts. When it comes to user accounts, your safest policy for protecting your website is, ‘less is more’! Restrict permissions to what each user needs to complete their assigned tasks. We recommend you set an auto prompt to review and action your user accounts annually. Also, it’s never a good idea to hand over total control of your website to an outside party. Always ensure YOU have full access and permissions to your website.
3. Reset any weak passwords in favour of strong passphrases
You should always regularly reset all your business passwords, including your website. Having and promoting a company-wide Password Policy is a great way to keep your passwords secure. For simple tips anyone in your business or Firm can use to improve password security, read What’s a Good Password? by Nathan Warnecke, Director at itro.
4. Enable MFA wherever possible
Do you realise your website password can be easily compromised? MFA (‘Multifactor Authentication’) increases your security by requiring multiple forms of identify verification before allowing someone to log in to your website. That’s why ACSC, the Australian Government’s Cyber Security Centre, promotes MFA as “one of the most effective ways to protect against unauthorised access to your valuable information and accounts.”
Also known as 2XA, MFA is the best way to build a secure layer of defense for your website and devices. It’s definitely something a good website designer or manager will actively encourage you to enable. To see a simple overview of how MFA works, please see itro-MFA-Info-Brochure.pdf on our website, www.itro.com.au.
Keeping Your Business Cyber Safe
A key way to protect your website is knowing who is responsible for it’s security and letting them know you expect proactive security measures to be maintained. We encourage you to reach out to your web developers now to make sure they are implementing what your website needs to be cyber safe. If you have any further questions about cyber security or managing your business IT, please do not hesitate to contact itro on 1800 10 3000 now to see how we can help you.