Hello this is Mikel with Tiny Frog Technologies. I’d like to talk a little bit about GDPR which is Global Data Protection Regulations and best practices for website security. Assuming many of you have heard about this – your inboxes may have been filled up with newsletters that are talking about GDPR, regulations and the importance to adhering to the policies. So essentially, in a nutshell, the policies have been created in very broad terms by the EU and essentially what they’re saying is if anybody from the EU is visiting your website, your website needs to comply with certain regulations. And these again, these regulations are broad.
Are You Protecting Your Visitors Data?
If you’re a US based company you may say to yourself that I’m not targeting the EU, I’m not targeting potential clients or visitors from the EU, so my site is probably not an issue – where in fact the laws are written in such a way that if anybody goes to your website from the EU whether you provoked that visit or not you could potentially be liable. Now that if you’re a small website the chances of getting caught or having legal issues are probably pretty small but it’s probably in your best interest to protect the data of your visitors – in general terms. Because these regulations are not going away they’ll probably expand and broaden beyond the EU at some point. Who knows when when the United States will start to implement some of these regulations. But it’s probably in your best interest to at least comply with or follow best practices from a general data protection regulation perspective to make your website more protective for your website visitors.
How To Protect Your Website From A Security Breach
The thing I want to talk about is website security. It’s really important to protect your website from a security breach in general. So there’s a number of things that can be done to protect your website from a security breach. Since we maintain, develop, host and build WordPress websites, I’m going to talk about protecting a website from a security breach from the perspective of WordPress.
WordPress is the most popular web platform or content management system. Many of you who have websites may have had your website built on WordPress – and WordPress tends to be very vulnerable. In fact, WordPress because of the fact that’s the most widely used web platform is probably the most heavily targeted platform. If you have a WordPress site and stick it on a traditional host and don’t do anything to it, it’s probably extremely vulnerable to security issues and security breaches. That means any data that’s stored in your website is also vulnerable, and you could potentially be liable. So it’s actually very important to make sure your website is as secure as possible.
Here’s a list of a couple of things that can be done to really impact or enhance the security of your website:
1. First thing is where is the website being hosted? Traditional hosts typically don’t do the best job on maintaining and securing WordPress websites. They also don’t do the best job in terms of keeping a website running fast. So if you have your website on a shared host with GoDaddy, you’re sharing that hosts with in some cases thousands and thousands of other websites. If one of those websites gets impacted or has security issues, it could technically spread to your website. So where where it’s hosted is actually very important.
2. Secondly, security monitoring. A lot of websites don’t have security monitoring built in. And there are some plugins that can help with that but most of many of them are not really that great. So security monitoring essentially it gives you the option of seeing if your website has a breach. If it does you should respond to that as quickly as possible. The vast majority of WordPress websites don’t have proper security monitoring in place. So what that means is that if your website does get breached and you don’t know about it, you don’t do anything about it, that if that virus or whatever however it’s hacked or whatever could have long-term consequences if it’s not dealt with earlier. It’s almost like an illness. The earlier you catch an illness the chances of it becoming worse lessened dramatically.
3. Third thing is having your website backed up properly. If your website does have security issues and your website is not properly backed up you could lose all your data, that’s actually very important as well. Having an SSL certificate on your website is very important and it gives a good indicator to your viewers that your website is secure.
4. Last thing, if you have a WordPress website, this is probably the most important thing, is making sure your website is being maintained and all the plugins are being updated with the right frequency and being updated properly. Our recommendation is on a monthly basis having plugins updated and it really should be updated by someone who knows what they’re doing. And it should be done not on a live website but on a staging version of your website. When we are hosting and maintaining websites, we have a live version and a staging version. Anytime we do any updates or maintenance or anything to a website, we do it on the staging version because if it causes any issues to the website, it won’t impact the live version. So once we do our maintenance updates and anything we’re doing to a website we make sure that we test it to make sure everything goes smoothly. And we push those changes live after that. And that’s really the best protocol to protect your website.
If you have any questions at all about GDPR, and/or protecting your website properly, feel free to let us know. This is Mikel with Tiny Frog Technologies. Thanks.