Almost half of UK businesses had a cybersecurity breach in 2020. Of those businesses, 32% experienced security attacks at least once a week. Why is this an issue for a B2B brand? Because 81% of people would stop engaging with a brand online following a data breach.
Whether your website is built on a platform like WordPress or a custom-built solution, security is paramount. Taking action to ensure your site’s data isn’t exposed to cybercriminals offers two layers of protection:
- For your website: protection against malware (malicious software), site vulnerabilities (weaknesses), and Distributed Denial of Service (DDoS) attacks, which stop sites from working correctly
- For your visitors: protection against their data being stolen, phishing schemes (that dupe visitors into handing over information), and session hijacking (where a cybercriminal takes over a user session)
Here are some of the ways in which you can add layers of security to help protect your B2B business site from a costly security breach.
Website security
The security provided by your hosting solution protects the server your site is on, but not your website. This means additional security is needed to keep your data and your site’s users safe.
That’s why we refer to the OWASP® top critical security risks to minimise these risks across the sites we develop. The OWASP Top 10 is globally recognised by developers as the first step towards more secure coding. In other words, we safeguard the sites we create against the most critical security risks.
If your site is on WordPress, the platform itself is very secure but we recommend installing security plugins and a firewall to enforce security practices and increase site protection.
Server and hosting security
Your site is only as secure as the environment on which it is hosted. So when choosing a hosting solution, be sure to check what security measures they have in place. Ideally, they should have the latest tools and technology available.
To get a bit more technical, your solution’s architecture should be kept simple with limited access. For example, you should use a firewall to ensure users can only access the areas of your site you want them to access.
If a server component has a known vulnerability it should not be used or should be updated or remedied before being used.
If you’re shopping for a website host, here’s a checklist of things to consider that will ensure a secure environment:
- SFTP: Secure File Transfer Protocol adds an extra layer of protection when uploading files
- SSL: Secure Sockets Layer encrypts the connection between your site and the server (this is a must-have for B2B sites as it gives customers confidence that their data is secure)
- Maintenance: Check the host’s security protocol to confirm how often the server is maintained to ensure it is protected against the latest security issues
Updates are mandatory to remain secure
Updates to your operating system (and software) can be frustrating as they always seem to pop up when you’re busy, but they are absolutely vital as they offer more effective protection against security vulnerabilities.
If a hacker were to exploit a vulnerability in the website framework, library, or component, they could potentially steal customer data or take over your server. So, although the temptation to select ‘Remind me tomorrow’ may be strong, always regularly update.
The same rules apply to WordPress installations and plugins, which should be kept up-to-date to protect against weaknesses found in previous versions.
Bite-sized takeaway
A good way to think of the process of securing your little corner of the digital landscape is that you’re not a website owner, but a website maintainer. It’s an ongoing mission to stay safe in an ever-evolving technical space. You can add secure layers to your site in the following ways:
- Secure your site from potential risks
- Ensure your host has top-level security
- Always perform system and software updates
Our experience building robust, secure solutions and dealing with the security requirements of leading multinational companies means we have extensive experience in ensuring we can deliver to high-security standards.
If you need help reviewing or improving your website security, get in touch with us today!