When it comes to the security of a company’s website, most people think that the responsibility relies solely on the IT department. This couldn’t be further from the truth. In reality, every single person who has a login for your site, from admins to authors, all have a part to play in website security.
You don’t have to be a technology expert or a seasoned software coder to keep your website safe. Just by using the following tips, every team member who contributes to your website can assist with strengthening its security, no matter what their job role is in the organization.
Password Managers and Passphrases
I know, I know. You’ve already been preached to on the importance of a strong password. That hasn’t stopped people from using passwords like “123456,” “qwerty,” or any variant of “Pa$$w0rd!” So I’ll say it again, a strong password is vital.
Writing your password down on a piece of paper stuck to the back of the monitor is a no-no, too. But you knew that already, right?
“I’ll never remember a really long, complicated password,” is an argument I’ve heard several times. I have two recommendations to get around this.
- Invest in a password manager. Consider setting up accounts with Last Pass, or my personal favorite, 1Password. With a password manager, having a 30+ character random password for a website is no problem. When it comes time to log in, you simply copy/paste it from your password manager rather than having to recall it from memory.
- Use a passphrase. Maybe you prefer to keep your password memorized. That’s fine. But I urge you to consider using a passphrase. I tend to use full sentences comprised of song lyrics or a quote from a movie. For example, “Carry on my wayward son. For there’ll be peace when you are done.” or “You want the truth? You can’t handle the truth!”
Staying Protected While Using Public WIFI
When we travel, or even if we’re just working from the local coffee shop, we typically don’t think twice about connecting to the free WIFI and diving into work. While you may think it’s far fetched, having your login credentials stolen while on public WIFI is a very real possibility. And while there’s no way to 100% guarantee it’s not going to happen, one thing you can do to limit the risk of hacking is to make sure you are connected to your site using a secure connection.
In the screenshot above, the Chrome browser has displayed the word “Secure,” and the URL starts with https://. This lets us know that the website we’re browsing has a Secure certificate, and the data passed between the browser and the website’s server is being encrypted prior to being sent. If you do not see the word “Secure” and the URL starts with http://, data passed between the two is being done in plain text. If that’s the case, I would think twice about logging in over public WIFI, and encourage your IT team to set up an SSL Certificate right away.
Another option for those who frequently use public WIFI, you might want to consider investing in a VPN (Virtual Private Network).
Question Everything
Criminals, hackers, and ne’er-do-wells are always looking for new ways to steal sensitive data.
I’m sure you’ve heard the term phishing, and if you’re like me, you probably think that you’re too smart to fall for a phishing attack. But under the right set of circumstances, I don’t care how careful you are, it can happen to any one of us. Don’t think so? Check out this post and let me know if this makes you think otherwise.
Not all security attacks happen online. In one of my favorite books, The Art of Deception, the author explains the art of Social Engineering and how it can be used to trick somebody into simply handing over their login credentials. Again I say, if you don’t think it can happen to you, I strongly suggest you read the book.
Keeping your website safe and secure is a team effort. Staying on your toes and always being alert is the key!