When you're running a website via a web host, but you also have work computers too, then digital security is very important. Security with computers on the company's network is only as good as the users allow it to be. Also, it's easy to make the mistake of believing that the web host takes care of all security aspects for the website. But there are still things that can be done to protect against problems in that area too.
In this article, we cover some prevention tips to avoid a breach and how to respond should it happen anyway.
Protect the WordPress Installation on Your Website
The company's website is probably hosted by a commercial web host. That's fine, but make sure that they perform regular backups. It's also a good idea to backup manually or pay for a premium backup plugin that can store backups of the site in the cloud for you. This way, if the host's backups get lost or corrupted, you can restore a site from company backups too.
Use a security plugin like Wordfence to prevent access to your website's WordPress admin section and to block certain countries that don't need access to the site. This avoids many of the obvious issues with online security.
Use Sensible Security Practices
It doesn't matter what security measures you put in place. This might seem counterintuitive, but ultimately the weakest link is where the problem almost always lies.
A password reset policy every week at the office is a good example of this. Employees will routinely write down the new password and put it in their desk drawer (or in their purse or wallet). While, in theory, regular password changes make the office network more secure, the reality is that human fallibility proves that not to be the case.
Security policies need to be appropriate for the employees to accept and manage them. Otherwise, however sophisticated they are, they'll fall prey to whatever is the weakest link.
Lock Down Software and Network Access
To avoid data breaches, it's necessary to make the existing software as safe as possible. The Wi-Fi network used internally must be protected too.
Also, the laptops that people bring into work from home might not be as secure as necessary. It's important to get permission to check them for security problems, existing virus or malware infections, and a sound security setup. After all, they'll be connecting to your office network which creates a point of vulnerability for the company.
What Should You Do If There's a Data Breach?
Don't try to handle it yourself. You need a team of specialists to help ensure the breach is stopped and to access the damage for you. Using data breach forensics, it's possible to determine what was accessed and how much customer (or other) data was accessed or copied.
Be sure to use data breach forensics specialists to ensure the systems are totally locked down and the situation will not be repeated. You don't want to have to advise your customers about the data breach and then tell them a month later that it's happened again. Most data breaches can be avoided by following best practices for security. However, securing assistance quickly is vital should the worst occur.
