Website Security, Digital Certificates and Backups
In the heady idealism at the beginning of the Internet, it was a little lost on people that Pandora's Box had been opened. Now it's very clear the online world is not a safe one. There ARE monsters out there and they ARE out to get you!
This is not an understatement, unfortunately. We've been hosting websites since the beginning and today's truth is that websites are under constant attack, all day, every day. And it's not just websites, but everything with connectivity, phones, PC's, pictures, documents, email, even fridges. The intentions of the people doing these attacks are varied, power, money, control, subversion, resources, greed, evil--it goes on and on.
Providing a Safe Environment
Because these bad people are out there the rest of us are striving to provide a safe environment where people can use the internet and visit a website without being under threat. Doing this is hard work and the work is NEVER done because all day everyday hackers are probing and testing for any new vulnerability they can find. They also have the advantage because they only have to be successful once, whereas websites, servers and the software they use have to get it right all the time. They also use automated scripts so they can do their probing at great speed, so for the good guys they have an uphill battle trying to fend them off. This is why even big organisations with lots of resources still get caught out, so it should be remembered that most of the time it's not their fault, it is only the fault of the hackers and their bad intentions.
GDPR-Compliant Secure Hosting and Backups
We can provide you with GDPR compliant hosting, which with the appropriate digital certificate, can ensure your data is encrypted both at rest and in-transit. For client websites, we provide a managed hosting service with some of the top providers in the UK, and between us, we manage software patching to do the best possible to keep up to date with the latest known threats.
We also take back-ups in-depth as a standard part of our hosting and store these in encrypted online vaults. We can also effect bespoke augmentation of these backups where required by a client. With some cloud hosting packages, we also include auto-fail-over and multi-server clustering to provide the ultimate in resiliency.
One of the protections all websites need these days is to deliver the website to users securely using the HTTPS encrypted protocol. This is provided by purchasing and installing a digital certificate for the website, and then ensuring the site can only be viewed and used by using that protocol. There are a wide range of digital certificates available, of differing encryption strengths as well as different coverage, verification, audit and display options. Google and other search engines and browser software will now automatically confirm to users if the certificate is in place, and a negative reaction by them can have a negative effect on search engine rankings.
So having a digital certificate in place is now an essential feature of a website. Not all certificates are alike, and we can help you find the one that is right for your website and its visitors.
Security Audits, Penetration Testing and PCI Compliance Works
With PCI, Data Protection Act and GDPR requirements, for eCommerce websites and others which store or use personal data, it is a responsibility of website owners to ensure their sites are reasonably secure. PCI (Payment Card Industry) usually requires a website, its software and the software used by the server are kept up to date. This can mean monthly, quarterly, 6 monthly or annual reviews and 3rd party audits to ensure everything used is brought up to date, in line with the perceived risks. This can also mean periodic penetration testing is undertaken and amendments made to cover new threats or newly discovered weaknesses. Freetimers can undertake this work on your behalf and liaise with auditors and other security practitioners as required to keep your site as safe as possible.