1. Strong, unique passwords.
The first line of defense against hackers is a strong and unique password. We ensure passwords are a minimum of 15 characters in length and include a mix of letters, numbers, and symbols. It's also important to never reuse passwords--if one account is compromised, all of your other accounts are at risk. If a hacker does obtain access to a website account, they should not be able to use the same information to access other accounts due to password duplication.
2. Software updates, aka "patching."
Outdated software is one of the most common ways hackers gain access to websites. Several free and open websites regularly publish the latest vulnerabilities in various software products, ranging from server operating systems to website content management systems such as WordPress, Magento, Joomla, Drupal, and OpenCart. The intention is to aid website owners, technicians, and hosting providers in quickly mitigating the announced vulnerabilities with software updates. Unfortunately, hackers have access to the same information, so software updating or "patching" is a race against the clock. We ensure all the software on our hosting servers and your website platforms are up to date.
3. SSL certificates and HTTPS-based browsing.
HTTPS is a mechanism by which traffic is encrypted between the visitor's computer and the website hosting server, thereby preventing eavesdropping or "sniffing" information by unauthorized parties. SSL certificates also validate the identity of the website being visited, to ensure the visitor has not been directed to a fake copy of the intended website. Our hosting services come with free SSL certificates for basic websites, and we can implement high-end paid SSL certificates for high-traffic eCommerce sites.
4. Site and database backups.
Recovery is perhaps the most critical element in any IT system, including websites and eCommerce. Any damage to the website, whether by malicious hackers or well-meaning web authors, can be reversed by restoring a recent backup. Tiered backups that allow restoration from various points in time are a requirement for any content management system, be it WordPress, Joomla, Magento, OpenCart, or Drupal. We log all backup jobs and provide the status thereof in a monthly maintenance report for each website or eCommerce system.
5. Monitoring for suspicious activity.
Hackers use the "RSGMC" cycle, short for Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Cleanup. For various reasons, the Cleanup phase is often incomplete, leaving clues as to the nature of the attack. We regularly check websites for suspicious activity, such as unusual file changes or rogue user accounts, as a part of our routine maintenance.
6. Security plugins.
Today's website security regimens must include a security plugin that helps monitor website access, provides two-factor authentication, scans for malware, and provides a web application firewall. Both WordFence and Sucuri offer excellent solutions in this area.
7. Secure hosting servers.
Your website's security is only as good as the security of your hosting provider. Fortunately, Tactical Web Media provides excellent secure hosting for mainstream websites and compliance-based systems such as high-traffic government and eCommerce sites.
8. Optional security awareness training (SAT).
Phishing simulations and other awareness training will prepare your staff to be a "human firewall," arguably the most critical security layer in your organization. Phishing scams can steal credentials ranging from your bank account login to your website author login, the latter of which will allow the hacker to steal your data and inject malicious code to attack your users, among other payloads. We offer SAT services to keep your staff trained and ready to avoid phishing scams.
9. Performance measurements.
While the speed of a website does not directly relate to security, a slow-performing website can mean malicious activity. This is why our periodic maintenance reports come complete with performance statistics.
10. Quarterly or semi-annual reviews.
Communication between your team and ours is vital in meeting security, performance, and uptime expectations. We recommend quarterly or semi-annual meetings to address upgrades, concerns, and questions concerning your website or eCommerce system.