Cybersecurity - staying safe with cloud websites

Work with me to get the immediate benefit of 20 years' experience in strategy, copywriting, design, development and publishing.

InTouch24-7 creates affordable sales, training and community websites that work!  We provide fixed quotes for projects, so you don't go over budget. We create prototypes, so you know exactly what you will get!

Let's brainstorm! I offer a FREE 30 minute consultation to discuss your website objectives.

Cybersecurity – risks and actions to take to protect your website

People are nervous of owning and controlling their own website. The assumption is that “the cloud” is safer. It’s run by big companies like Shopify, Amazon, Thinkific and Wix. They are experts who know all about cybersecurity!

The reality is “the cloud” is just a computer that someone else owns. And it’s as safe as THEIR worst employee (which these days seems to be the CEO!)

All websites are “cloud computing” and always have been.  The companies above provide a framework for you to build a website, based on a template. They limit what you can do, to protect their network, and stop you installing malware that’s a risk. They keep the sites on their framework up to date, and so protect everyone. It’s a good process, that protect everyone.

If you have an owned website with a hosting provider, you have the freedom to customize as you wish, but also the responsibility to be aware of the risks, and manage them. That is why I offer my clients a fully-managed hosting service. It’s the best of both worlds.

Table of Contents

Top Cybersecurity Risks
  1. Data Breaches: unwanted intrusion
  2. Data Loss: gone in an instant
  3. Compliance Confusion: navigating rules
  4. Downtime: quiet calamity
  5. Insider Threats: dangers from within
Top 10 Cybersecurity Actions
  1. Backup everything… often
  2. Limit Access
  3. Train people
  4. Check your website… often
  5. Use unexpected usernames, and strong passwords… always
  6. Two ways to guard against viruses and malware
  7. Use a safe, trusted theme
  8. The 4 risks of page builders like Elementor and Divi
  9. Follow legal rules
  10. Fix problems fast

5 top cybersecurity risks for websites

1. Data Breaches: unwanted intrusion

Your customers’ trust is golden, and a breach can shatter it. Whether from mistakes, weaknesses, or unauthorized entry, you SHOULD be worried about data breaches.

2. Data Loss: gone in an instant

Data includes financial transactions, product information, customer records, valuable and irreplaceable content and photos. A website is sometimes the ONLY place where marketing information is stored.

3. Compliance Confusion: navigating rules

GDPR, HIPAA and other data protection codes. Countries like the USA have laws about accessibility for people who are disabled.  The cost and likelihood of being caught for using photos “borrowed” off the internet has never been so high. A single slip can mean big fines and a damaged reputation.

4. Downtime: quiet calamity

Downtime isn’t just a hassle; it’s a hit to your wallet. A pause in cloud services can halt your work and cost you money.  Are you SURE your system is running smoothly?

5. Insider Threats: dangers from within

An employee’s slip, a contractor’s laziness, or an honest error can lead to a security breach from inside the company.

10 things you can do to protect your website

Your web developer isn’t responsible for your website once it is handed over to you. Make sure once the site is published, that any errors or omissions are fixed. Ask about updating plugins, ask what has been automated, and set up a schedule for an in-house staff member to be responsible for monitoring and updating.

The best way to make sure your technology systems stay safe from mistakes, fraud, and harm, whether on purpose or by accident, is by following these steps.

1. Backup everything… often!

It’s not about if, but WHEN.  I use “All-in-One Migration“, a paid plugin that does FTP backups to schedule. If you can find a hosting provider who does nightly backups (that you can restore yourself), it’s worth at least $200 a year – not to mention peace-of-mind.

The reason why I like this plugin is that any admin user can do a backup at any time. So if you are about to do something risky, just take a backup.  So even transactions and updates from 5 minutes before are safely saved.

2. Limit access

While it might seem sensible to delegate web maintenance, that multiplies the training. Use plugins like “PublishPress Capabilities”, and “Admin and Site Enhancements” to hide or block higher-risk functionality.

If you don’t NEED your customers to create an account on the site, avoid it. Getting their details via a form is far safer. Never allow non-admin users to upload documents, photos or files. Use a payment gateway, and let THEM take the risk for managing financial information.

3. Train people

Yes, WordPress is easy and there are many videos. But most people have Dunning-Kruger, and assume they know more than they do, until … oops.

4. Check your website… often

Visit your website regularly as an ordinary user.  Your admin access can skew your view – your website could be in maintenance mode (blocked) and you won’t realize it. Plugins set to update themselves, can cause the site, or sections of the website to fail. Send an email off your contact form, try your quiz.

5. Use unusual usernames, and strong passwords… always

  • Never use Admin or Guest. Avoid job titles and company email addresses. Avoid common first names.
  • One easy password, that’s all it takes. 
  • Add captcha (yes it’s annoying).
  • Prevent people getting to login pages. At least don’t have a visible “Login here” button”.
  • Use plugins to guard against brute force attacks. It saves bandwidth as well.

6. Guard against viruses and malware

  • Small plugins can have big impacts. Use auto-update for plugins that have over 100 000 users. Even if they break, they will be fixed fast.
  • If you aren’t using a theme or plugin, delete it. Every plugin makes “holes” in your security.

7. Use a safe, trusted theme

The easiest way for a hacker to take over the website, is to give away a cool theme. The powerful scripts that give you javascript features, are shells to hide programming. They never launch immediately. The theme is shared for years, and before the virus is executed.

8. The 4 risks of page builders

Powerful themes like Divi and Elementor can achieve professional results using drag-and-drop. With only a few weeks YouTube training, a beginner web developer can take on well paid jobs.

Page builders have FOUR risks.

  1. They incorporate powerful scripts that access your database. They can do a lot of damage by mistake, due to complex underlying codes that conflict with each other.
  2. There are many plugins that provide paid functionalities for free. It looks like a great way to save money, but they can cause damage and leave holes.
  3. When you update the page builder, it can and does break the website. It’s a catch-22 – not updating the theme can leave you open to hackers, updating the theme can break the site.
  4. When you stop paying the annual fee for the page-builder, your website will probably break AND it will be impossible to update. Once you build a website with THAT page-builder, you are locked-in. 

9. Follow the rules

Stick to the rules for using the system.  Don’t hack the core code. Beware of code injectors, and use them as little as possible. And remember that most plugins are code injectors.

Don’t steal photos. Don’t copy content from competitors. Be wary of programmers who give away plugins and themes. Maybe they ARE too rich and want to give things away, but maybe not.

10. Fix problems fast

Know your risks, and have a plan in place to fix them is something does go wrong. (see 1. Backups). Have a contact number for your web specialist, and contact them. 

More on this topic