Securing an online business involves creating and enforcing security protocols that must be followed by all company employees. The security of a system is only as strong as its weakest link. It is therefore critically important that the entire team understands the consequences of a lackluster attitude towards security.
Other than making sure all company computers are protected as specified in this guide and that access to sensitive data is only provided on a need-to-know basis, there are a few extra things business owners should be aware of as pertaining to the security of their online activities:
If you’re using a Virtual Private Server (VPS) to manage your online business, make sure it is at least as well protected as any other computer in your network.
Start by disabling the default Administrator account and creating a new account with administrator permissions to protect your VPS from bots trying to crack your password using the brute-force method. Remember to use a strong password for your new account and to restrict unknown IP addresses from accessing your VPS.
The next step is to install an antivirus and firewall on your VPS and to make sure they are properly configured. Keep your VPS operating system up to date and enable automatic updates for all software installed on the server. You may also want to consider full hard-drive encryption as performance considerations are likely to take a back seat to top-notch protection.
Finally, it’s important to choose a qualified provider. Never underestimate the role that proper service and network management plays in improving the security of your private server. Check out our best VPS recommendations for details.
Domain name privacy protection
Domain name privacy is a service offered by some domain registrars. It prevents other people from accessing your information using the WHOIS registry. Under normal circumstances, the WHOIS service allows anyone to view the name, e-mail, and address of a domain owner. With WHOIS protection enabled, however, this information is hidden from the public, and a private e-mail address is provided for anyone who may wish to contact the domain owner.
The best domain name registrars offer WHOIS protection for around $10 a year per domain. Note that WHOIS privacy protection is forbidden in certain countries, including India, Switzerland, and Italy.
Cloud data storage
Cloud data storage is a convenient solution for many modern businesses. It allows for theoretically unlimited scaling while providing easy ways of accessing data from any device and any place.
However, cloud storage introduces new security risks.
Business owners who want to store sensitive data in the cloud must remember to encrypt their files before uploading them to the service. They should also introduce several levels of confidentiality to make sure access is only available on a need-to-know basis.
The best cloud data storage services offer complete logs of all account activities including uploads, download, and file access. They also provide administrators with tools for creating rule-sets that limit who, how, and from which device can interact with the data.
Your storage and backup devices should be protected using strong encryption and safe storage practices. Securing a USB device or a DVD is very similar to securing a desktop hard-drive – refer to the general encryption section above for more information or check out our detailed encryption guides.
Keep in mind that external hard-drives and DVDs can malfunction or get lost. As such, it is a good idea to make more than one backup of your most important data. A good strategy is to have one physical backup, and one encrypted backup stored in the cloud.