Come on, Defense!
You lock your car and your office, password-protect your laptop and turn on your Wi-Fi security. Now it's time to add your website to the list of things that need to be secured. Whether you have a basic page with business information, an advanced system with e-commerce or a special website section for clients to log in to, it's your responsibility to keep your data and customer information safe from potential web threats.
Your first line of defense is your hosting provider. Mike Wilson, president and CEO of IT-consulting firm Comnexia, says, "The first thing I would do is make sure I'm working with a reputable hosting company--someone who understands the basics of security, and not just someone who runs a server for a friend of a friend of a friend." Look for a provider that offers intrusion detection and prevention, automatic backups, firewalls, network monitoring and physical security of its servers. Don't be afraid to ask specific questions about what security measures your hosting provider is taking.
For Jeff Fritz, CEO of SaaS-provider Lighthouse1 in Minneapolis, website security is integral to what his company does. Lighthouse1, which generated more than $1 million in sales in 2006, deals with online consumer-driven health-care administration solutions. The company handles extremely private health data that has to be strongly encrypted and controlled. "Access rights and security protocols are very important--not only from a basic ethics standpoint, but from a regulatory standpoint as well," says Fritz, 38.
You don't have to be involved in health care to take extra steps to keep your site safe. Fritz advises, "If [entrepreneurs] are delivering products or services over the internet, I recommend that they engage a third party to help them put a security plan in place." Lighthouse1 undergoes internal and external security audits that include intrusion detection tests. Companies that don't need quite that high of a security level can still protect themselves by developing a strong website security policy that extends to all of their employees.
"Put policies in place that require you to change passwords every 30 days," Wilson says. "If you fire employees, quickly delete their accounts or make sure that you quickly change the password."
If you have e-commerce on your website, you have to be vigilant about handling credit card and contact data for your customers. A high level of SSL encryption is a must when you're taking orders online. Once again, a reputable service provider can help make sure that you have the right tools in place to help protect your customers' valuable information. It's also a good idea to limit the number of people in your business that have access to your website and the data that comes in through it. "Make sure all pathways to your network are secure, whether it's wireless, internet or even an employee's terminal," says Wilson. A combination of common sense and having the right security technologies and policies in place will go a long way toward protecting your website and, in turn, your business.