The first impression most people get of your business is from your website. It is your highly visible public face and how it is perceived in the online world will have a direct impact on how it performs in the real one.
That’s why your web presence is such an important aspect of your business and how you manage that presence is a critical business operation.
Many companies have their own staff to manage their web presence and this could range from a whole IT department to just one individual staff member. Other companies prefer to outsource; hiring a web hosting service to look after everything for them.
Web hosting is a big business today and there are plenty of companies to choose from. When comparing which one to opt for, one of the key features you should be considering is security.
What Aspects of Security Should Your Web Host Provide?
The Federal Trade Commission (FTC) suggests a number of security recommendations for you to consider when selecting a web hosting service.
Insist On Transport Layer Security (TLS). TLS will help you protect your customers’ personal data and privacy and it MUST be included with whatever web host you select. TLS also helps to ensure that people intending to visit your website actually get there when they submit your URL. When you have TLS, your URL will start with ‘https’ giving more confidence as to your legitimacy to users and search engines. Information sent to your website will be encrypted with TLS, giving your customers peace of mind when submitting their personal and financial data.
Your Company Email Authentication. Most web hosting services allow you to set up an email address from your company’s domain name. An example of this would be if your company’s domain is ‘mycompany.com’ your email address could be ‘[email protected]‘. Email Authentication prevents someone from sending fraudulent or scam emails that mimic your address. Three essential tools to insist on are:
- SPF – Sender Policy Framework.
- DKIM – Domain Keys Identified Mail.
- DMARC – Domain-based Message Authentication, Reporting & Conformance.
If these are not offered you should go elsewhere for your web hosting.
Security Patches & Software Updates. Many web hosts offer website templates or software as part of their packages. If you choose one of these, it is important to consider how your software will be kept up to date and how the latest security patches will get installed.
Ongoing Website Management. When you have launched your website who will manage it? Managing it yourself could take time; having your host manage it could cost you. You should be clear from the outset where the ongoing website management responsibilities lie.
Questions You Should Ask Your Web Host
Make sure your potential web host knows how serious you take security. These are the questions our customers ask us; and if they don’t ask, we provide them the answers anyway:
- Does your hosting plan include TLS? You have got to have this; if it’s not included go elsewhere.
- What is the cost of TLS? That is the total cost, installed and ready to go.
- Does TLS come already set up? If not, who, when and how will it be set up?
- What version of software are they running? Be sceptical of companies that do not run on the latest versions of all key software.
- How do they keep software updated? Are you alerted of any actions you need to take? How much notice do you get?
- Do you need to download software updates or are they automatic? Where is the location of the update; is it from a third party; what specifications do you need to run it.
- How are software updates downloaded? Do you receive an email or do you visit a website? How reliable is that website for download stability? What size is the download?
- Can you use your company’s domain for email? This is really important to give your company credibility; ‘[email protected] may be free, but it just doesn’t cut the ice in terms of inspiring others with trust and professionalism.
- Do you offer SPF, DKIM and DMARC? As we mentioned above, these are a MUST have. If your potential web hosting service does not provide them as standard, walk away from the deal.
- Do they set these up for you? If not, how do you get them set up if you don’t have the technical knowledge yourself.
- Do they offer ongoing website management? Most web hosting companies will offer some sort of management facility, whether that is automated or manual. Discuss the details of what you will get and how much it will cost.
- Can you manage the website yourself? This may sound appealing in so far as you will not incur any website management fees. However, you should be aware of how much time this can actually take you. There is a good reason why some companies have large IT departments with staff dedicated to this task alone.
- What is the procedure for getting changes to your site? How do you request a change? How long will a change take to implement? What does it cost to make a change to your website?
- Is there an administrative log on to make changes yourself? Again, making your own changes may seem favourable, but do you have the time and knowledge to make them effectively?
- What authentication is available for administrative log on? Is there multi-factor authentication, such as a 2 step verification sent via text message, available?
Maybe you could print out a copy of the above questions and take them along to the web hosting companies you visit, or tick them off as you trawl their websites for the answers. Alternatively, you could find a company that has already considered these questions for you in advance.
If you would like any more information about web hosting security, or hosting in general, IT Alfa would love to be of assistance. Just click this link to Contact Us Today.
Good luck with your web hosting search and staying secure online.
PS: You can download the FTC Hiring A Web Host Fact Sheet at the following web address: