used with permission from FTC.gov
by Andrew Smith, Director, FTC Bureau of Consumer Protection
Your website is the online face of your business. Some companies have the in-house capability to manage their web presence. Others hire a web host to handle it for them. When launching a new business or upgrading their site, savvy business owners comparison shop for web hosting services. At the top of your shopping list should be the security features built into what you’re buying.
In our meetings with small business owners across the country, you asked for more advice on selecting a security-conscious web host. As part of our cybersecurity initiative for small business, the FTC has suggestions about what to look for and what to ask when hiring a web host.
Transport Layer Security (TLS). The service you choose should include TLS, which will help protect your customers’ privacy. TLS helps make sure people looking for your business online reach your real website when they type your URL into the address bar. When TLS is up and running on your site, your URL will begin with https. TLS also helps make sure the information sent to your site is encrypted – an important feature if you ask customers for sensitive data like passwords or credit card numbers.
Email authentication. Some web host providers let you set up your company’s business email using your domain name. Assuming your domain is yourbusiness.com, that means your email might be yourname[at]yourbusiness.com. Without email authentication, scammers can send emails that look like they’re from your company. A key defense against fraudsters is a web host that provide three essential email authentication tools: Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC).
Software updates. When it comes to creating a website, you’re too busy to start from scratch. That’s why many web hosts offer pre-built templates or ready-to-go software packages. But cyber risks are constantly changing. Be sure you know how you or your web host provider will keep your site’s software up to date, including the installation of the most recent security patches.
Website management. If it’s necessary to make changes to your site, will you have to go through your web host or is there an option of managing it on your own? Make it clear from the start who will manage the site after it’s built.
When you’re in the market for a web host provider, make it clear that security matters to you. Here are some questions to ask a prospective web host to gauge if you’re on the same security page:
Download the FTC’s web host fact sheet and keep it handy as you comparison shop.
The FBI reported that cyber attacks against government facilities saw an increase of almost 36…
In today’s fast-paced, technologically advanced world, businesses of all sizes increasingly rely on digital systems…
You likely hear terms like "blockchain," "machine learning," and "cloud computing" without considering their real…
In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…
An email signature accomplishes much more than simply telling readers who you are and how…
Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…