Two free website security audit tools for your small business

I recently used a couple of online website security tools that are worth looking at if you have a small business website.

Both tools provide a high level summary the anyone can understand – “high risk”, “medium risk” and “low risk”. However, understanding the specifics behind the risks will require an IT professional – as such, if you are interested in securing your website, I recommend you ask your IT professional to use these tools (after all, the tools are free) – and if your IT professional cannot explain the results, get a new IT professional!

Virus checker

Sucuri checks a site for viruses on your website and potential vulnerabilities created from out of date software.

The test has to be manually run, and is as simple as putting your website address into their online tool at https://sitecheck.sucuri.net.

To get automated regular tests a paid plan is required, starting at $16.99 per month for scanning every 12 hours.

As you can see from the below test results, Securi provides something called a website firewall that is used to protect against certain types of external attacks – for example, traffic that is obviously attempting to compromise your website will automatically be blocked – this isn’t something the average small business will need, but if your website is being overloaded with malicious traffic, it will prove invaluable.

Sucuri SiteCheck

Vulnerability checker

ScanMyServer is by far the most comprehensive free vulnerability scanner I have come across.

To use the setup you, or your trusted IT professional, will need to add some code to your website.

ScanMyServer will then do a daily check for free. Have a read of their FAQ for more details.

The below test results show the extent of the testing performed – as you can see, I have no “high” issues. “low issues” can be comfortably ignored. “medium issues” may need action, and this is where you need an IT professional to interpret if action is actually required.

It is important to note, that often vulnerabilities can be introduced due to installing a plugin, as an example, have a read of this. As such, a vulnerability check should always be part of a post plugin instal evaluation.

ScanMyServer vulnerability test result

By |December 29th, 2015|Security, Website|0 Comments

Step by step tutorial for securing your small business website with https

Summary

This tutorial provides step by step instructions for securing your small business website with https.

The step by step instructions use the technologies we recommend for small business, in this case: a WordPress self hosted site, Bluehost web hosting, and a domain name registered with GoDaddy.

Time required: 2 hours

What will it cost: Depending on the options chosen it will cost around $100 or more per year to have https in place (these are costs from GoDaddy and Bluehost).

Prerequisites: You should complete our tutorial on setting up a WordPress small business website. You will need administration access to your WordPress site, Bluehost and GoDaddy for this tutorial.

Complexity level: Medium

By |December 28th, 2015|Security, Website|0 Comments

Why your small business needs a password manager, and how to pick one

7439446778_bd0bd4017d_z

Photo by ecos systems /CC BY-ND 2.0

Short version: Get a password manager. Without one your small business will be at risk. I recommend using 1Password.

By |December 30th, 2014|Security|1 Comment

Tech Primer: Standards and laws to consider when evaluating online services

scout-certifications

(photo by torbakhopper / CC BY)

This is a brief post on standards and laws to consider when evaluating online services, and in particular the certifications potentially relevant to your online provider. In my evaluations of online services I do refer to standards/ laws, and this post will provide the details behind those references.

For those not familiar, “online”, refers to a service accessed over an Internet connection, and is often referred to using the metaphor “cloud” services. The infrastructure required to deliver the online service is owned and managed by the service provider, which can be very attractive for a small business.

Certifications are obviously important in providing a validation that certain requirements have been met. This is well known in Scouting organisations. Just stating that you have met the requirement is not sufficient. You need some form of check to certify the requirement has been met (even, if that check is a self certification).

So while it is great to trust that your online service providers meet certain requirements, there is no substitute for verifying if they meet the requirements claimed, and certifications provide a pragmatic proxy for that verification.

By |May 4th, 2014|Security|1 Comment

Recommendation: small businesses anti-virus

overload

This is the final, in a three part series, on anti-virus for small businesses. My particular focus is on small business without dedicated onsite IT support.  The first post provided a background on the type of threats and the protection options. The second post provided an overview of the leading solution providers. This final post provides my evaluation and recommendation.

By |April 18th, 2014|Security|1 Comment

Tech Primer: The anti-virus market and independent protection rankings

types

This is the second, in a three part series, on selecting anti-virus and end point protection software. The first post provided a background on the type of threats and the protection options. This post will provide a brief overview of the leading solution providers. Part 3 will provide my own solution evaluation and recommendation.

For a full list of IT protection considerations, beyond anti-virus, please read my post on Small business IT security considerations.

By |April 5th, 2014|Security|0 Comments

Tech Primer: Understanding virus threats and protection options

CryptoLocker

There are people who design software specifically to; hijack and then ransom your computer documents; steal banking information; remotely control your webcam; flood your inbox with unwanted emails; store undesirable images on your computer, redirect your internet searches; and generally any malicious activity that can be imagined.

There is a $19 billion dollar industry developing software to help protect your computer against malicious software, but choosing a solution, and knowing that you have sufficient protection can be challenging.

This is the first in a three part series on selecting end point protection software, which includes anti-virus and other related protection that we will outline. This post will provide background on the type of threats and the protection options. Part 2 will provide a brief outline of the leading solution providers. Part 3 will provide our own solution evaluation and recommendation.

Our guidance is given in the context of small businesses with up to 10 users, and in the context of our other IT recommendations, these include using Microsoft Windows and Microsoft Office 365. For a current overview of our recommendations please follow this link.

By |March 23rd, 2014|Security|0 Comments

Tech Primer: Small business IT security considerations

This post provides examples of IT security threats and protection for small business to consider. In future posts I will expand on the examples by providing specific recommended configurations and setup.

When reading the examples it is important to remember that potential vulnerabilities will depend on your IT environment, and actual protection measures are a balance between risk and cost. As such, not all the examples in the table will apply to all small businesses.

By |March 21st, 2014|Security|0 Comments

Get notified of new content

enter your email below


Subscribe!