Keep software and security patches up-to-date
Keep all your software up to date. Most website attacks originate through the Content Management System (CMS). Popular examples of CMS are WordPress, Joomla, and Magento.
Turn on the alerts so that you know when Microsoft, WordPress, or any software vendor releases a patch or security enhancement. These are often released in response to a newly discovered weakness, so time is a priority.
Add SSL and HTTPS
The MailChimp Web Builder includes an option to add encryption through SSL certificates that protect monetary transactions. HTTPS is an encryption tool that protects data that needs to be secured, like financial or medical records.
Require complex passwords and require frequent changes
Strong passwords that are changed often are one of the easiest and most effective ways to protect your website. When the option is available, use multi-factor authentication. If it annoys you, it annoys hackers and bots trying to hack into your website even more.
Restrict administrative privileges
The fewer people who have administrative access, the easier it is to keep track of everyone. When someone leaves your company – especially if terminated – disable their account immediately. Not everyone working on your website needs admin privileges. Grant privileges according to what the person needs to do. If someone needs temporary access for a special project, you can add the new rights needed, then.
Change default settings, especially default passwords
Default settings are often the same for everyone who buys a software application or hardware product. This means that anyone else using the same apps you do may know your login credentials. So change them as soon as you install a new product.
Backup your files
Backing up your files gives you a way to quickly recover from any type of cybersecurity attack. The MailChimp Web Builder offers the option to automatically backup your files when you set up your website. This is strongly recommended because it is too easy to forget.
It is important to keep backup files in a secure location separate from your website files. This is because if a hacker gets into your web account, they also have access to your backups. Saving your files offline gives you an alternative to paying a ransom because you can restore the encrypted files yourself instead of paying the criminals.
Prepare a recovery plan before anything happens
Cybersecurity attacks can still happen no matter how diligent or careful you are to maintain security on your websites. Prepare a recovery plan just in case. Drill your team occasionally to make sure the plan is current and everyone knows what needs to be done.
Maintaining security for websites is a constant process. New vulnerabilities appear every day. If a breach happens, get your website back online. Once your business is up and running again, look at what happened and take steps to keep it from happening again.