Importance of Website Security

Introduction to website security

Website Security is an important factor when hiring an agency to design, develop, and maintain your professional business website.  Every website owner, from small marketing sites to large eCommerce sites, should prioritize security when choosing a website vendor.  Concerns range from a little embarrassment of a defaced website, to going out of business due to costly lawsuits involving credit card or personal information resulting from a data breach.

 

Why is website security important?

A compromised website can negatively impact your business in the following ways

  • Embarrassment on business brand
  • Increase liability as business is responsible for content published on their public facing website
  • Negatively impact search result rankings
  • Incur costs from data breach lawsuits
  • Loss of business and trust of consumers

 

Common attacks on websites

Below are a few vectors an attacker could use to cause harm to your website

  • Defacement
    • Offensive/inappropriate content added to your website
  • Phishing
    • Stealing personal information from website users and exfiltrating to a third party server
  • Content Injection (scripts and styles)
    • Altered links/buttons that lead visitors to malicious websites or steal data
  • Data Breach
    • Accessing private/confidential information

 

Techniques to secure your website

Securing your website requires a mult-faceted approach including 

  • SSL Certificate - encrypt website traffic from browser to server
    • This is a foundational requirement for all websites that impacts SEO, user trust, branding, and security of submitted visitor data.
  • Properly configure web server
    • Prevent an attacker from gaining access to the server that is hosting your website.
  • Website files developed using best practices
    • Prevent an attacker from using known code vulnerabilities by keeping all software up to date throughout your technology stack, including software that is used to maintain and serve your website. (ex. WordPress)
  • Add a strict Content Security Policy
    • Prevent an attacker from executing malicious scripts on your website or maliciously manipulating website content, design, and functionality.

 

The nerds at w3 utilize many security protocols and practices to protect our websites from many types of attacks.  This article only includes a small percentage of topics involving the realm of web security.  Trust the nerds at w3 with your business website - Click here to request a no-cost website security audit