For those of you who manage your business website yourself, maintaining its security is one of those issues which probably aren’t among your favourite tasks. However, having a website hacked can be a nightmare which can take up days of your time and cost you significant sums of money to fix. I think there are four things I can point you towards, all of which are manageable without being an IT expert.
The first is to ensure you have good password policies for site access. Who has FTP access? Who has CMS access? Do all these people have strong (long) passwords, and are they all forced to change them frequently (at least annually)?
The second is to ensure your website host considers security seriously. There are hosts which will automatically backup data and make it easily accessible, automatically update to the latest versions of underlying software such as PHP.
Thirdly, software which you’re responsible for needs to be kept up to date, and someone should be in charge of that. I’ve been into company Content Management Systems which flag up dozens of updates needing to be made, some of them clearly dating back many months. It’s normally only a click to do them, so they need to be monitored every few days.
Finally, there are some applications which can provide added security in specific Content Management Systems – for example, the Wordfence plugin for WordPress is excellent. Take a look at what’s available.
These things are easy to leave low down on the to-do list. They need to be brought to the top and ticked off.