Website security, data backup, server monitoring, and domain name management are all common tasks for the everyday average System Administrator. Even though you may not be paying an IT person on your own staff, someone out there is probably overseeing the functionality of your website 24 hours a day, 7 days a week. The 4 tasks of system administration I mentioned above are usually included in the hosting of your website. But sometimes they are not, and I'd like to talk about how this stuff affects your jewelry store business.
Website Security:
There are 2 basic topics regarding website security. The first is the complexity of your FTP username and password, and the second is how impervious your website server software is to hacking attempts.
Unless you are paying for specialized hosted website software, (like a Yahoo Pro Shop, eBay Store, etc.) every website has an FTP username and password. FTP stand for File Transfer Protocol and it's one of the common ways your website programmer will access and upload your website.
Most of the time an FTP username is 5 or more characters and passwords need to be difficult enough that hackers can't guess them. The security requirements for the passwords all depend on the policies of your website host. Passwords with less than 6 characters are usually easy to hack with brute trial and error. The best passwords are really long, as in 10 or more characters.
If your password is "diamond" or "diamond1" then you should go change that right now. That's an easy password to guess. Don't use your name, names of family, pets, or important public dates either. Once a hacker guesses your password they can deface your website, or worse, delete the whole thing.
I've seen websites that had their home pages replaced by a hacker, and I've seen websites that had hidden code added to all the web pages without the owner even knowing about it. I've even seen websites where viruses were uploaded and would activate when unsuspecting users clicked on a page they'd been using for years.
Your best defense is long passwords.
On the other hand, the difficulty level of your FTP password won't make a difference if the software installed on your website has other security holes. These security holes are what lead the entire online e-commerce industry to PCI Compliance back in 2003.
Security holes don't often lead to defacing of websites, but instead a very smart hacker can trick a website into showing password protected pages and private information. That private information could include social security numbers, banking information, or credit card numbers.
I've seen security holes that allowed a hacker to trick the website into randomly showing whatever page was in memory at the time. All the hacker had to do was trick the website every few seconds to see the activities of other users that were currently using the site.
Since hackers get smarter every day there is no guarantee that your website is 100% PCI compliant. The only way to guarantee it is to hire a security company to do daily audits on your website. These audits will test your website against the latest hacking techniques and provide instructions to fixing it.
Website hosting does not come with PCI compliance testing. You have to pay extra for peace of mind.
On Monday I'll explain the different types of backup methods for your website.
