Cyberattacks can shut down your website, leak customer data and damage your reputation. They can come from anywhere at any time. And surveys show that nearly 70% of small and medium-sized businesses have dealt with cyberattacks at one point or another.
That should be terrifying for any business, big or small. Fortunately, there are ways to mitigate your chances of becoming a victim.
If you have concerns that you may be next to get hit, read on to learn how to beef up your server security.
1. Update Your Software Regularly
Yes, it is annoying. Yes, it takes time away from production. And yes, the computer environment always seems to change after an update.
But each software update includes patches that help prevent hacking by sealing security vulnerabilities. It also gives your computer the ability to continue working with newer technologies.
2. Minimize Access
Assign a specific protocol for each role in your company detailing what an employee can and cannot access on your server.
- When a new employee is hired on, use the appropriate protocol for their roll.
- When an employee leaves the company, remove them from the system so they no longer have access.
- When an employee changes position, change their role so they only have access to what they need to do their new job.
3. Use a Dedicated Server
A dedicated server is dedicated to you and you alone. Because the server is on a self-contained system and is not shared with others, it is far less likely to get hacked.
4. Use VPNs to Work Remotely
A VPN creates a closed network that can only be accessed by designated users and is used to securely connect to a private network from anywhere. VPN’s used to access the same server need matching configuration and security settings to work.
Once established, a VPN protects data from being intercepted while it is transferred over the internet. An easy way to look at it is that a firewall protects your data while it is on the computer while a VPN protects your data while it is online.
Private Internet Access® VPN Service encrypts your connection and provides you with an anonymous IP to protect your privacy. It is used by companies such as Forbes, Business Insider, and CBS News and allows you to connect to the internet through servers in 32 countries.
Curious? Try Private Internet Access® VPN Service free for 30 days!
5. Take Advantage of Firewalls
Firewalls are your first line of defense. They protect you against a whole host of malicious things by:
- Preventing unauthorized remote access
- Limiting access to unwanted content
- Stopping employees from sending sensitive data outside the network
Most operating systems and routers have firewalls built-in, but few people ever configure them to work properly. When configured correctly, firewalls can be a powerful tool that keeps your server safe.
6. Transfer Files Securely with FTPS
File Transfer Protocol Secure or FTPS lets you transfer files inside and outside your server securely by encrypting the data so they cannot be hacked. Examples of FTPS software are WinSCP, Cyberduck and File FTP.
7. Use Two-Factor Authentication (2FA)
In the past, websites have used a username and password to secure accounts, but hackers are resourceful and can often crack the code. This is because many people use weak passwords like “123456”, “Qwerty”, and our personal favorite, “Password”.
Even people who use more complex passwords have a tendency to use the same password across multiple accounts. That means that if someone gains access to the password, they often have the password for many other accounts for the same person.
Enter Two-Step or Two-Factor Authentication.
Two-step authentication uses the standard username and password setup, but adds an additional layer of security on top.
This second layer of security uses something that only the account holder has access to and comes in one of three varieties:
- Knowledge: A second password, a Personal Identification Number (PIN) or answers to security questions
- An Item: A credit card, phone, email address or a security token
- A piece of yourself: A voice imprint, fingerprint, face ID or iris scan
With the addition of 2FA, it is far more difficult for unauthorized users to have everything needed to access an account.
8. Educate Employees about Cybersecurity
The biggest threat to cybersecurity is the human factor. You can have as many bells and whistles as you like, but if you don’t teach your employees how to prevent security leaks, there is always going to be a gaping hole in your defenses.
9. Use Secure Shell (SSH) Protocol
Create and use a Secure Connection with SSH Protocol when you connect to a remote server.
It is common to use port 22 when setting up a connection with SSH. For additional security, use a different port when configuring your connection.
10. Use Public Keys Instead of Passwords for SSH
Using public keys eliminates the possibility of someone hacking into your system with brute force because of a weak password. The server holds the public key and each user has a unique private key. To log onto the server, both keys must match.
11. Enforce Password Requirements and Rotation Policies
If you must use passwords instead of public keys, establish password requirements:
- Minimum character length
- At least one letter and at least one number
- At least one symbol
- Inability to reuse the same password
There should also be a period of time set for when a password must change. Depending on your security needs, this can be anywhere from one week to 45 days. When it is time to change the password, users get locked out of the system until the password is updated.
12. Only Use What Is Required
When it comes to cybersecurity, less is more.
- If your server used to use a program, but it is no longer required, get rid of it.
- Turn off any ports that are not actively in use.
- If a program starts up when you turn on your computer, evaluate it to see if it is necessary.
13. Conduct Regular Security Scans
Keep a record of what your server files look like when everything is fine and scan the system regularly to look for changes. Investigate the changes to see if there are any issues and update what healthy looks like frequently.
14. Get a Fully Managed Server
Unless you are in the business of cybersecurity, you probably don’t have the time to waste on learning how to manage your server. So, instead of doing it yourself, you could opt for a fully managed server and have someone else do it for you.
A service offering fully managed servers will do all of the following and more:
- Setup and configure your server
- Install Operating System patches
- Manage security updates
- Keep up with server maintenance
For a top of the line, fully managed server experience, check out our Fully-Managed Dedicated Servers.
Need Help with Server Security?
These days server security is a must for any business, but it is also a daunting task. There is so much to remember and so many things to configure.
Even with these 15 tips, where do you even begin?
Not to worry.
Maple-Hosting is here to help. We offer high-performance server hosting to keep your business secure. We guarantee 100% uptime on all of our servers and you can expect stellar support 24 hours a day, 7 days a week.
So if you need to know that your server is secure, contact us today!