Secure hosting

11.07.2016 |

Episode #8 of the course Cyber security for small business by Cat Paterson


Quite simply, you cannot afford to ignore the security of your website.

In earlier lessons, you learned that sites can be compromised by brute force attacks and redirected to untrusted sites that could permanently damage your company reputation, your brand, and the inner workings of your site.
One of the key considerations when setting up a website is the hosting provider and their attitude and logistics about securing your data.

Too often, we can be tempted to go for the cheapest hosting option as a small business owner, only considering bandwidth, expense, and whether a domain name or site builder is thrown into the package without fully understanding the security implications and impact over the long term if a security compromise were to happen.

On day 10, you will get a list of really helpful resources that includes a thorough explanation of the considerations around hosting, but for today’s lesson (and to get you moving and comparing host providers)….


Here are some questions you should be asking potential host providers:

1. Does the host provider have a security policy? A number of providers provide the bandwidth and server space, leaving security up to you. However, you don’t know what you don’t know, and it may not have been on your radar to secure your site.

2. How does the host provider protect their own network? After all, if they are compromised, you are compromised.

3. If something goes wrong, what actions do they take to protect your data and get your site back up and running? What are the timelines for this? This is particularly important for small business owners of e-commerce sites. You’re not making sales while your site is down.

4. Does your provider offer an SSL certificate as part of their package? This is important for the security of customers purchasing through your website. You want their data transactions to be secure and encrypted.

5. Who is responsible for updating software and other applications? If the host is responsible, make sure you see that in a contract. If not, you’ll need to start thinking about finding a knowledgeable website developer or security expert to keep you safe. We all have a plumber or electrician in our phone book; it’s time to add a developer to the contact list.

6. What is your ongoing security monitoring policy? This could be regular malware checks, firewall checks, or blacklisting suspicious IP addresses or activity.


These are good starting points for considering your security options. If it were a brick and mortar business, you would make sure there was an alarm, CCTV, or shutters, and if the shop window ended up broken, you’d have the glass repairer out in a flash.
Your website is your online storefront—it needs to be just as secure.


Recommended book

“Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications” by Ivan Ristic


Share with friends