Whether you have a personal site that you use simply to blog on occasion or a global, large scale business, security is of utmost importance. Security is likely the aspect of web hosting that is most important to everyone, and if it is not, it should be.
Lack of security can be devastating to a business if these problems result in loss of income or identity theft. Thus, it is important to understand what aspects of security you should look for and how to determine if your host provides security adequately.
Why is security such a growing problem?
The Internet is accessible to everyone and it is becoming the preferred means of conducting business. Whenever there is a possibility of exploiting a system for the gain of disreputable people, it will be attempted. The Internet is ripe for the taking and criminals will try many approaches to get what they want.
There are literally billions of dollars that go back and forth on the Internet and if these funds can be diverted to a thief, then they will attempt it. This is why consumers are so concerned with security and why you should look at security as a primary concern when choosing a host.
Who are you protecting your site from?
There are essentially two types of people who are out to do harm to your site. The most common and most threatening is the identity thief. This is the person who looks for an opportunity to gather information for personal gain. This sort of criminal is often an operating in a stealth capacity. They try to continue unnoticed for a long duration to maximize the number of victims they can access.
Not everyone who is out to harm your site is trying to steal from you. There is a significant group of hackers who are simply looking to cause disruption. When you are the victim of one of these hackers it can cripple your site causing prolonged down time and a loss of revenues. They typically wreak havoc for the sake of their own fun or to prove to themselves they can disable an organization and they usually work in a hit and run mode. They often put “graffiti” on the site, changing the page to let you know they were there.
What security issues should you consider
Luckily most web hosts are aware that there is a demand for robust security and they are listening to the demands of their customers. However, if you are not sure what to look for you may think you are not at risk. There are two things to consider. First, you need to be sure your web host is taking care of their servers to provide a secure environment. Next, they should provide the necessary tools to ensure you can secure your site and its functionality.
When searching for a new web host or evaluating the security of your own host here are some things to consider:
- SFTP – If you have ever uploaded files to your hosting account you are likely familiar with FTP (File Transfer Protocol). You use an FTP client to drag your files to where you want them uploaded and they will be published to your account. SFTP is the same concept but it is more secure. SFTP stands for Secure File Transfer Protocol and it provides an additional layer of protection. FTP, while fairly secure, is still vulnerable. Files can be intercepted and even modified with little to no indication. SFTP closes this vulnerability. Check to make sure this option is available to you via your web host.
- SSL – SSL stands for Secure Sockets Layer. SSL provides an encrypted path between the browser and web server. You can tell if an SSL certificate is being utilized with the indication of a locked padlock symbol on the address bar along with the use of https:// in the address as opposed to http://. If you run an Ecommerce site an SSL certificate is a necessity. It will help prevent customer information from being stolen. Credit card or banking numbers, name, address and other personal information will remain secure. Whenever you need to gather personal, sensitive information an SSL certificate is a must.
- Backups – Backups should be performed regularly in order to protect your site in case of a problem or disaster. Most hosts provide a tool in the control panel that allows you to back up your own site. This should be done and you should not rely on your host to do so. However, a host that has sound back up procedures is a plus. Check to see how often the host backs up their servers, what method they use and where backups are stored.
- Server maintenance – The web host should make sure the server is adequately maintained to ensure attacks are limited. Check to see if the host has a published security protocol which is a good (though not guaranteed) indication that they are on top of upgrades and patches.