The following is a guest post by Tia Wood of TiaWood.com

 Nothing is more disappointing then to spend time and money on a site development project for it to go to waste. One of the unseen dangers domainers face with developed websites is security. These basic steps will help protect your investment.

The Web Developer’s Role

First, let us take a look at what role web developers play in site security. It is the responsibility of a web developer to install, custom code or tweak scripts with security in mind. They should not only prevent against known vulnerabilities but they should be aware of the server environment, the importance of your data and what privileges different groups of users should have.
Beyond this it is the customer’s overall responsibility to protect their website and data from unauthorized access, modification and failure.

What Are The Needs?

Is your data or website worth protecting in the first place? If so, how secure do you want your environment to be? Security is time consuming, expensive and restricts user access. The government has different security needs than site owners with a five page informational website that never changes. Myspace has different security needs than Google. Personal bloggers have different needs than professional business bloggers.
Since we are domainers, most of us probably have multiple sites. Decide which ones need a simple backup and which ones need higher levels of security.

Data Audit

Begin by auditing your data. Even public data has consequences if not secured properly. For instance, consider basic user information such as location and interest. While location and interest may not lead to crimes such as identity theft, they can be sold as a niche list to marketers not to mention the reputation damage it would cause.

Server Security Audit

Especially if you own a dedicated server, it is important to know what security measures are taken to prevent unauthorized access and conflicts. Most companies who provide dedicated servers do not provide “managed solutions” which means they will not monitor or update your server. 3rd party server management solutions such as Platinum Server Management (platinumservermanagement.com) is will inspect your server for known security vulnerabilities and assist when conflicts arise.  

Using Strong Passwords

Weak passwords are the most common mistake that leaves a site open to an attack called “dictionary attack”. Malicious users will utilize a dictionary list (along with most commonly used passwords) to gain access to a site or server.

Always use passwords mixed with uppercase/lowercase letters, numbers and symbols.

Bad Password Example: ilovemycat
Good Password Example: M37_gTh#89

Who are you working with?

Who you choose to work with is important. Typically, it is okay to have freelancers sign a non-disclosure agreement if needed. In addition, changing passwords after a freelancer has access is a good idea. Always perform due diligence before choosing a freelancer: review their portfolio, Google their name/business/url, contact past clients and review customer testimonials, etc.

Updated Scripts

Keeping scripts up-to-date is exhausting. Either have your web developer install updates and/or keep yourself informed by subscribing to various security newsletters. For instance, Joomla.com has a newsletter security subscription base just for security alerts. Many companies have similar options available.

Backup Options

How you backup your website varies from project to project. A five page static informational site that never changes might only need to be backed up once via FTP while a busy user community might need a daily backup with special software. Barracuda Networks (barracudanetworks.com) provides this service and has served clients such as the U.S. Department of Homeland Security and various educational universities.

Emergency Plan and Disaster Recovery

We can never fully prepare for the worst. What is your protocol during a fire or flood? Will someone have access to your critical usernames/passwords in case you die? Properly store backups in a fireproof box away from your server’s location. Make sure trusted individuals have access to the needed information in case you are unavailable to make decisions.

Links/Resources

•    Website Security Strategies – http://www.netshinesoftware.com/security/website-security-strategies.html
•    Common Security Vulnerabilities in e-commerce Systems – http://www.securityfocus.com/infocus/1775
•    Barracuda Networks – www.barracudanetworks.com
•    Platinum Server Management – www.platinumservermanagement.com
•     http://www.computerworld.com/printthis/2005/0,4814,99981,00.html
•    Security Focus – www.securityfocus.com
•    Google Your Site For Security Vulnerabilities – http://www.oreillynet.com/pub/a/security/2004/10/07/googling_for_vulnerabilities.html