security audit

When was the last time you conducted a website security audit?

Cybercrime is the single biggest risk to the modern company. It can lead to catastrophic consequences: lost revenue, stolen data, damaged reputations and even criminal liability.

And yet many business owners have no idea of the risks they face. Managers leave up unsecured websites and just hope for the best. With hackers now very sophisticated, this is like leaving the office unlocked when you go home every night.

The good news is, a lot of hacks are preventable. They are caused by silly basic mistakes that you should be able to fix on your own. So, in this article, we’ll explain how to conduct a basic website security audit.

Check Your SSL Certificate

Every website in 2020 should have an SSL certificate. It creates an extra layer of security that protects the information shared with a website. This means your data is secure and, crucially, any data shared by customers or visitors.

SSL certificates have a number of additional benefits (you can read all about them in our article on The Positive Effect of an SSL Certificate):

  • Great for SEO (search engine optimisation)
  • Builds trust
  • Improves user experience

If you don’t have an SSL certificate, you can get one for free when you sign up for a managed security service from CyberAlpha. If you do have one, make sure it is:

  • Correctly installed
  • Valid
  • Trusted
  • Not expired

Make Sure Everything Is Backed Up

A lot of business owners adopt a “it won’t happen to me” mentality. They don’t backup their files properly. Then, when their website runs into problems, they have to face the terrible consequences of lost data.

These consequences can include:

  • Problems with financial reporting
  • Lost client information
  • A very expensive repair/clean-up job

It’s important to think about redundancy when it comes to backups. If you store your backup in the same place as your original files, they can both be corrupted or stolen at the same time. Keep the backups away from the originals!

Make Sure Everything Is Up To Date

Many website owners fail to take the simple step of keeping everything up to date. With most modern CMS, it’s usually just one or two clicks to stay on top of updates.

First step is your CMS. For a lot of people, this will be WordPress. They update every few months and it’s usually pretty easy to follow the steps (you can do it via the backend). Just make sure you take a full backup (see above) before you make any changes.

You should also make sure your theme, plugins and extensions are kept up to date. Again, your CMS will usually make this easy for you by flagging up when things need to be updated.

It’s also a good idea to remove any plugins, widgets or extensions you don’t use. Plugins are great, but they are a site for attack from hackers. Older plugins in particular (once they are no longer maintained) are especially easy for hackers to target.

Website Security Audit – Key Takeaways

  1. Make sure your SSL certificate is up to date. If you don’t have one, get an SSL certificate now.
  2. Backup your website frequently. Store some backups remotely.
  3. Check everything is up to date: CMS, plugins, themes, extensions etc
  4. If you keep client data, or just for complete peace of mind, use a managed website security package.

If you have any concerns about your website security, and would like to discuss how CyberAlpha keeps you safe, please get in touch.