IT Strategy

Three Strategies for Improving Website Security

Whether or not your computers were affected by the WannaCry or Xdata ransomware attacks (that recently hit Ukraine), security is more likely to be on your mind in the attacks’ aftermath. But if actually implementing new security measures keeps falling to the bottom of your to do list, you’re not alone.

New survey data from Clutch, a ratings and reviews firm in Washington DC, found that 80% of website managers are confident in their current level of security - but their websites may not be as secure as they believe.

Though 54% of website managers believed that their websites had not been previously affected by hackers, experts say that hackers can spend months or years observing the inner workings of your business before waging an attack.

Even if you don’t believe your website could ever be attacked, it’s always a good idea to review and refresh your website security before disaster strikes.

Update Software and Plugins Regularly

Just like a car or a bicycle, your operating system, software, and plugins will all require routine maintenance to stay safe and functional.

Depending on the software and applications you are using, you may receive occasional push notifications that it’s time to install updates. Unfortunately, these often require downtime on your website or restarting your computer - not ideal if you are minutes away from starting a major presentation or your website is in the middle of a high traffic day.

For the 50% of website managers who don’t install updates regularly - plus the mere 18% who plan to update software and applications regularly as part of a future strategy - this problem of timing and inconvenience represents a key pain point.

The solution is deceptively simple: schedule time for updates. If you find yourself clicking “remind me later” too frequently, schedule 15-30 minutes each week to check for and install security updates. By taking control of when updates will occur, you can eliminate the sense of inconvenience and ensure that you are staying safe online.

If you have any standing meetings where you know you’ll be able to unplug, you can even increase your efficiency by running an update while you’re away from your devices!

Upgrade to a Password Manager

Password protection is by far the most popular security tool among website managers surveyed. Clutch found that 74% of website managers have already implemented some level of password protection.

But with seemingly endless passwords to remember, many of us are guilty of using the same one or two simple passwords for all of our accounts, making it easy for a hacker to break into multiple accounts in one swoop.

To create stronger passwords, it’s best to use a mixture of upper- and lowercase letters, numbers, and symbols in a longer string of characters.

But without any personal cues, these random passwords are even more difficult to remember, feeding into a cycle of frustration for many users who resort to simple passwords that are easier to remember (and easier for hackers to guess).

You may want to check out: Global DDoS Report 2016

This is where password managers come in. Password managers generate strong, random passwords for all of your accounts and store them securely until you’re ready to access those accounts. You only need to remember one password - for the password manager itself - and the password manager will securely autofill your accounts any time you need to access them.

For under $50 per year, password managers are an affordable tool that you can use to greatly increase your security online.

Turn on Two-Factor Authentication

If you use Google suite, social media platforms, or a cloud storage provider, you may already have access to a powerful build-in feature: two-factor authentication.

Two-factor authentication upgrades your password protection by sending a code to a device of your choice (typically a text to your mobile phone) and requiring that code before access to your account is granted. This means that unless someone manages to steal your physical device and hack into your account, it will be more difficult for them to crack into your personal data.

In addition to adding this extra layer of security, two-factor authentication can also serve as an alert whenever someone attempts to log onto your account. If you know that you haven’t attempted to log on and receive a two-factor authentication alert, you may discover that someone unknown and unwanted is trying to gain access your account.

Although two-factor authentication is likely built into many services you already use, if you haven’t set it up, you are not alone. 61% of website managers surveyed don’t currently use two-factor authentication, and only 26% plan to implement it within the next year.

To transition your organization into adopting mandatory two-factor authentication, start by making a list of the platforms and social media accounts your business uses. Determine which offer two-factor authentication (most sites have information on security features posted in an easy to find, public page).

Then, set a company-wide goal of having all employees set up with two-factor authentication by a date you deem reasonable. In some services, your IT staff may be able to block employee access to accounts if they fail to set up two-factor authentication by your deadline as an added incentive for complete adoption.

Sometimes the most difficult aspect of making a change is taking the first step. With these three suggestions, you can begin to improve your organization’s online security so that you’ll be prepared before hackers come knocking.

Michelle is a Content Developer & Marketer at Clutch, a B2B ratings and reviews firm in the heart of Washington, DC.