Most smaller businesses have a web presence of some kind. We have to. In 2016 it is a key part of the marketing mix. But is it secure? Would you trust a stranger with access to your bank account?
Internet security for small businesses
I like to think that I am security conscious. I am aware of my online security (even this site is SSL). I only grant access to my accounts with great caution. Change passwords often. Not using the same passwords in lots of different places.
But today whilst launching a new small website I came across a risk that stopped me in my tracks.
Do you ever share your passwords?
Well I hope not.
For the last 14+ years, I have been a customer of 123-reg. I use them for holding all of my domains. I like to have things all in as fewer places as possible.
Generally my hosting (the actual place where the website sits) is with a different company depending on they type of hosting needed. For example this site is on WordPress, so a specialist high volume hosting platform was used.
I needed to host a new small site. It needed very little processing power. Just a small database. For just a few $$ a month 123-reg had a simple package. Great I thought, keep everything in one place. I bought a new domain. Bought the hosting and waited for it all to be configured.
When it was ready I looked for the login data for my developer. He could add files easily, but he needed access to the database.
The only place to access this is in the main account panel. If I granted the developer access to this main panel, he (or she) would have access to ALL my domains. This was crazy and worse a major security risk.
No one should ever give their account details to a developer where access to the billing and control part of a site exists.
If your web hosts need you to give your account details to a 3rd party – change your provider.
All sensible platforms have a developer access. Sometimes it is not easy to find, so talk to your provider.
Be careful who you give the keys to!
No owner of a domain should have to grant their developer access to the financial part of their account. Do not be lazy and give your developer full access. they do not need it!
If your developer asks for full access – then change developer!
In 2016 all business people need to be tech savvy. This also included internal people. For if they leave the business and have access to the financials and the tech part of your site – goodbye reputation!
Be an intelligent purchaser and user.
Internet security for small businesses – look after your passwords and bank details. Only give your developer the access they need, not the keys to everything!