Two things need protecting: your internet assets and your IT infrastructure. For your website and online software, keep everything updated, use SSL and a web application firewall, validate and sanitise every form, enforce strong passwords, and back up regularly. Each measure closes a gap that attackers routinely look for.
Protecting your internet assets
Your online presence, including your website and any online software, is often the first point of contact for clients and threats alike. A few steps secure it:
- Regular software updates. Keep your CMS, such as WordPress, along with plugins and any other online software, up to date. Developers release updates to patch vulnerabilities that hackers exploit.
- SSL certificates. Encrypt the data moving between your site and its users. This secures the data and boosts credibility, and it is now a basic hygiene factor.
- A web application firewall. A WAF filters and monitors the traffic between your web application and the internet, blocking malicious requests and reducing the risk of a hack.
- Strong form validation. A form is one of the first targets, so validate and sanitise the entered data thoroughly.
- Strong password policies. Enforce complex passwords on every account and change them regularly. Long, local-language passwords are especially hard to crack.
- Regular backups. Back up your site and database, so a recent copy lets you restore quickly after any attack.
Securing your IT infrastructure
Your IT infrastructure is the backbone of your operations, so securing it is essential. The same principles apply beyond the website: keep systems patched, control who has access, and monitor for trouble. Many of the website-side gaps show up in our list of common web security mistakes, which is a good companion to this checklist.
Harden your business against attack
We audit websites and software for these exact weaknesses and fix them, so your assets and data stay protected.
Ask for a security auditQuestions businesses ask about cybersecurity
What are the first steps to secure my website?
Keep your CMS, plugins and online software updated, install an SSL certificate to encrypt data, and use a web application firewall to filter malicious traffic. These three close the gaps attackers probe first.
Why are website forms a common target?
A form is one of the first things a hacker tries, because it accepts input. Strong validation and sanitisation of the entered data stops that input from being used to attack your site.
How should I handle passwords?
Enforce strong, complex passwords across every account tied to your site and software, and change them regularly. Long passwords built from local-language words are hard to crack.
What protects me if I still get attacked?
Regular backups of your website and database. If an attack succeeds, a recent backup lets you restore quickly rather than rebuild from scratch.