When it comes to security, the impact on businesses is far greater than that of normal website owners. Any issues arising from security breaches and the like can turn out to be a nightmare. From stolen data to exploited servers, there can be lots of security concerns.
Businesses need to know clearly the key security concerns to look into when comparing their web hosting service provider. This also applies to those who already have web hosting but have not looked into the potential risks to their sites.
Shared hosting is a popular choice not only with individual site owners but also many smaller businesses. The key advantage of using shared hosting that it is usually much cheaper than dedicated solutions.
Unfortunately, sharing the space means that you don’t get to choose your neighbors and if the sites hosted on the same server as yours are giving problems, you might get rolled into the same dust ball. For example, if a site on the same server is infected by some form of malware, it might try to exploit yours as well.
The typical concerns for shared hosting involve the harmful data uploaded in the other sites, in the same server with you, putting your site at risk. Most often than not, clients of shared hosting solutions also share an IP address with others. This can be bad if the IP is being placed on a spam blacklist due to the activities from your neighbors.
Of course, much of this can also be mitigated by the host such as through improving file and directory permissions. To avoid occurrences like this, try to look for hosting which offers account isolation even for shared hosting. Alternatively, you can also consider looking towards VPS hosting plans.
2. Keep an Eye on Backups and Restore
As a business, you know that carrying on your activities are vital for both cash flow as well as customer assurance. Any potential downtime can affect you both financially and reputationally. This is where the often-overlooked backup and restore features offered by good web hosts come in to play.
Take Siteground for example, they offer free automatic daily system backup in all of their plans. You can also choose the things you want to backups such as files, database or email accounts. And, all the backups will keep for 30 days.
Ensure that you are using your hosts’ backup facilities but also make sure that you regularly download your backup files and store them locally or at an alternative location. In case of emergency, these will come in handy and add points to your contingency plans for business continuity.
3. Firewalls and CDNs
Firewalls and CDs are one of the important parts of web hosting. The technology not only promises you the security of your website but also ensure the fast delivery of your content.
Most web hosting providers will likely tell you that they make use of firewalls and other security measures for intrusion protection. However, try to ask them more on these items to give you a sense of what level of intrusions those firewalls are likely to stop. Will they have additional security measures in place in case of intrusion and how comprehensive are their network monitoring activities?
If you are going to buy into a dedicated web hosting plan, also try to find out how the management of your own server gels with the security measures their company has as a whole. How quickly will they be able to notify you if there are network-wide breaches and the like?
On external threat bases, Distributed-Denial-of-Service (DDoS) attacks have been occurring in increasing frequency and lethality. What will happen when a DDoS attack tries to swamp your site? Will you have to deal with it alone or does your host have a partnership already with a Content Distribution Network (CDN) like Cloudflare to help mitigate this?
4. User Permissions and Other Access
Physically, only your hosts’ personnel or their official data center partner should be able to access your equipment. Digitally however it is a little more complicated. As far as possible try to ensure that you use Secure Socket Shell (SSH) or a similar protocol when you need to log in to your server.
For business purposes, fixed IPs are your friend and it is a good idea to maintain one specifically to whitelist for server access. This can be done through your hosting control panel – also make sure to disable root logins.
Always be cautious of what privileges are given to accounts which have access to your server. This includes file permissions. Assigning permissions haphazardly can result in not an only security risk but also errors which may be hard to locate and fix.
5. Always Keep Updated!
I have seen so many people suffer from security issues because they overlook one simple thing and that is to keep everything updated. From individual patches to entire version updates, almost without fail these are used to address known security issues.
While it is true that a patch may cause problems on occasion, they are still vital to fix issues that are known. Security is difficult enough when hackers try to exploit unknown vulnerabilities, but it is compounded when we fail to address known weaknesses.
Almost all attacks against websites are automated and known to target known weaknesses. If an automated scanner even catches a whiff of a single element of weakness on your site, it will strike. Updates should be carried out as quickly a possible – don’t wait a month or a year before you decide to do it.