Tag: website security

11 steps to create an effective business website

Regardless of the type of small business you have, an effective and engaging website is critical to your brand’s success.

With almost 2 billion websites on the internet and U.S. users visiting more than 130 web pages per day, you have stiff competition to not only attract users to your website but convert them into customers as well.

Whether you’re building a new website from scratch or want to improve your existing site, the following are 11 steps to consider.

Lock in a good domain name

“Good” is subjective, but your domain name (otherwise referred to as your website address) can greatly impact the success of your site. It’s often the entry point to your site, so you want to have a domain that’s easy to use and remember, as well as benefits your search engine optimization (SEO).

In general, this means that you want it to:

  • Be easy to spell
  • Use the proper domain extension, such as .com rather than .net unless it’s more appropriate to use .gove, .edu or .org
  • Be as short as possible
  • Avoid numbers and hyphens
  • Be unique (so that you’re not too similar to another website’s domain or breaching any registered trademarks) and memorable

Dive deeper with our Domain Name 101 guide for beginners.

Purchase proper website hosting

Simply put, a website hosting provider (or website host) offers the technology and services necessary for a site to be viewed on the internet. Ultimately, your domain name gets connected to your hosting provider so that when users visit your website address, they see (and can interact with) your website, which is stored on your hosting account.

Website hosting services vary in cost from about $2 to more than $100 per month, depending on what you’re looking for.

Essentially, there are three server types to consider:

  • Shared server, which can cost the least but can be problematic because you’re sharing a server and its resources with other customers. This can impact the performance of your site. Plus, if another website that’s sharing your server gets hacked, you risk getting hacked as well.
  • Dedicated server, which can be the most expensive but offers the best possible website performance. It’s when the physical server machine is entirely dedicated to your site, so all the resources are yours, which offers more security as well.
  • Virtual private server (VPS), which is somewhat of a compromise between shared and dedicated servers. A VPS is one machine that is partitioned to act as multiple machines, which makes it more affordable (like shared hosting) but with better security and performance potential (like dedicated hosting).

In addition, you’ll likely want phone and/or chat support available from your website hosting provider in case you experience an issue, as well as an easy-to-use server interface. This allows you to more easily view and make changes to your server contents without having to hire a professional server administrator.

Some popular website hosting providers include (but are not limited to):

Clearly describe your business in a prominent place

No matter how dynamic your vision is for your website, don’t forget the basics. Who are you? What is your business about? How do you help customers?

A business description must be prominently displayed on your website so that it’s the first thing visitors see. All imagery should be visual representations of your brand and services or products. While the text needs to be as concise as possible, visuals can really help convey exactly what your business is about.

In addition, ensure that “About Us” web page links are displayed in both your main and footer navigation menus. This makes more in-depth information about your business easily accessible for visitors who want to learn more.

Select your content management system

To put it simply, your content management system (CMS) is a software program or application that you use to create and manage your digital content within your website. A popular CMS that you’ve likely heard of is WordPress. But others include Wix, Squarespace and more.

A good CMS will help you maintain your website without requiring you to have a lot of technical knowledge. Of course, different systems are used for different reasons, such as available features and your budget.

Thoroughly review available CMS platforms that you find interesting. Will you get all the features you need for a price you can afford?

Pick an e-commerce platform (if you’re selling online)

Not all small businesses sell products or services online, but if you do, you need the right technology to do so. An e-commerce platform allows users to financially transact with you online.

Some popular options include (but are not limited to):

Design your website for engagement, efficiency

Designing your website can feel overwhelming at first, but it’s helpful to do your research first. Identify sites that you like. What aspects of their design can you incorporate into your own website? How do your competitors’ sites look?

Once you have a sense of the design features and functionality you want, keep the following best practices in mind:

  • Use compelling visuals and easy-to-read, large-enough fonts
  • Avoid any clutter
  • Compress your graphics for faster website loading
  • Keep your target audience (and what they’ll use your website for) in mind throughout the designing process
  • Maintain your branding throughout the website
  • Keep your menu navigation system simple and intuitive
  • Make it easy for visitors to understand what your business is, how to contact you and where to find you

Optimize for SEO

Once you have designed your website, you’ll want to consider your website’s SEO, which is a set of practices that ensures search engines both index and rank your website appropriately so that it appears when users search for terms (i.e. keywords) related to your business.

The better your website design and content is, the higher your website will appear in search engine result pages.

SEO is an ongoing process. It’s never a one-and-done or set-it-and-forget-it approach, not if you want to be successful. 

Check out our 12 SEO marketing tips for beginners, as well as seven tips to improve your website’s domain authority.

Install key webmaster tools

Being able to monitor the performance of your website is critical to your success. You can analyze traffic data by installing Google Analytics. We also recommend Google Search Console.

These tools can help you understand:

  • How many users visit your website in any given period of time
  • The bounce rate of your website, which is the percentage of users who arrive at your website but leave after viewing only one page
  • How many views the pages of your website receive
  • How long users spend on your website
  • If there are any broken links on your website
  • How long it takes your web pages to load
  • Any keywords that are leading search engine users to your website

See our nine tips to get the most out of Google Analytics. Plus, find out how to check your Google Search rank for free.

Optimize for mobile responsiveness

More than one-third of all American consumers shop online via a mobile device. In addition, Americans spend about 3 hours and 15 minutes per day on their smartphones. These numbers will only continue to grow. 

You must optimize your website to deliver a great user experience on mobile devices. If your web pages take too long to load or if the mobile version of your site is clunky, cluttered or confusing, you will immediately lose your  visitors.

Check out our 16 tips to make your website as mobile-friendly as possible.

Create (and publish) quality content consistently

Content is king, as they say. And the days of a static website with little to no content publishing being enough are long over.

Consistently publishing content that resonates with your target audience matters to search engines. This can be done through a blog section of your website, for example.

Content can include customer testimonials, how-to articles and more.

Check out our seven tips to level up your content marketing on your website and beyond, as well as our 19 tips to drive traffic to your new blog.

Create a maintenance plan for your website

Once you create your small business website, your work isn’t over yet. Not only do you want to regularly publish new content, but you also want to ensure that everything is in working order and that all technology being used is up to date.

Proper website maintenance is important. This can include checking your webmaster tools data consistently, confirming that your software is always up to date, running security scans to confirm there is no malware or hacking and backing up your website regularly.

In conclusion

Your small business website should be a dynamic representation of your business that engages visitors and easily enables them to find key information about your business or even purchase from you.

Remember that throughout any website creation or updating process, you’ll want to collect feedback from colleagues and customers so that you can tweak anything necessary to improve the user experience. When in doubt, put yourself in your customers’ shoes and look at your website with a fresh set of eyes. What can be improved? What can be made more clear?

As you’re creating or optimizing your website, consider leveling up your digital marketing with DailyStory and our 21-day free trial. Features include automating various marketing tasks, dynamic audience segmentation and more. Schedule your free demo with us today.

12-step website security checklist for beginners

Website security matters now more than ever.

In fact, there have been about 300 percent more cybercrimes reported to the FBI since the COVID-19 pandemic began.

It’s clearly not just about building trust with your customers. Data breaches can also result in stolen data and lost revenue due to downtime. The global cost of data breaches averaged about $3.86 million in 2020. While the data breaches for large, national companies are what make the news, about 43 percent of cyberattacks do happen to small businesses.

In other words, no small business is too small to be noticed by a hacker.

The following is a 12-step website security checklist that’s simple enough for even the biggest beginners to work through.

No. 1: Keep all your software up to date

Software updates might be annoying or inconvenient, but they’re critical to ensuring that you don’t have obvious vulnerabilities that can be taken advantage of by hackers.

Keep an eye out for software patch notifications. They’re intended to help resolve any discovered vulnerabilities. 

And in general, make sure you update your software as soon as you get those notifications. Resist the urge to “remind me later.”

No. 2: Tighten up your passwords

Passwords are an obvious aspect of your website security that you must consider. However, they’re often neglected as far as:

  • Their complexity
  • How frequently they’re updated

In fact, it’s not uncommon for people to keep all their passwords written on a Post-It located on their computer monitor. We definitely do not recommend this!

Focus on creating complex, secure passwords. As recently as 2019, the password “123456” was used 23 million times in the UK. You can do better than that. Avoid being predictable. Mix up capital letters, numbers and special characters in your passwords.

To help with your password management, you can try tools like LastPass and 1Password. Tools like these can help you not only create secure passwords but can also keep track and help you regularly update them as necessary. We recommend updating every six to 12 months at least.

No. 3: Prevent spam comments on your website

Especially when you’re maintaining blog content on your website, spam comments can be a top concern. In fact, they’re one of the most common ways that hackers and spammers will mess with your website.

Obviously, spam comments reduce the trust your real visitors would have for your site. In addition, spam comments don’t bode well for your search engine optimization (SEO) either.

There are a number of integrations and plugins that can help you identify and moderate comments on your website with a simple code embed. Refer to your hosting platform to see if they already have an option available for you to use.

No. 4: Prepare for the worst by regularly backing up your website (and all of its data)

By backing up your website regularly, you’ll be able to bounce back quickly should something go wrong.

The “wrong” could be a hacker, but it also could just be a garbled website after a problematic redesign. 

Check with your hosting provider for help with this. If you’re using WordPress, there are several plugins that can automate backups.

No. 5: Use an SSL certificate

SSL stands for Sockets Secure Layer, and it helps keep sensitive transfers of data secure.

Think login credentials, credit card information or any other personal information. An SSL certificate gives you that extra layer of protection.

In addition, SSL boosts the overall perceived security of your website since secure websites have a lock symbol on the side of the URL address bar of your browser. In fact, if you don’t have an SSL certificate, the browser will notify visitors either with a “not secure” label or by blocking the connection entirely.

If you don’t already have an SSL certificate for your website, you can get one by:

  • Verifying your website’s information through the ICANN Lookup tool.
  • Generating a Certificate Signing Request (CSR) through your server, your cPanel or an online CSR generator.
  • Submitting your CSR to a certificate authority to validate your domain.
  • Installing the certificate on your website.

No. 6: Limit both user permissions and access

Spoiler alert: You should not give all your employees and colleagues unfettered access to the backend of your website.

Every user with access translates into natural vulnerabilities for your website, so make sure that you’re setting appropriate permissions that reflect each team member’s role.

Of course, you’ll want to terminate access as soon as an employee leaves your team. But you also should set the standard for secure, frequently updated passwords for all users.

No. 7: Only use a trusted payment provider

If you’re processing payments of any kind on your website, it’s important to only use a trusted payment provider. 

Two of the biggest providers are PayPal and Stripe.

Not only will a trusted provider properly and securely process payments, but their use automatically builds trust with your website visitors.

No. 8: Reduce any XSS vulnerabilities on your website

XSS stands for Cross-Site Scripting and refers to the way that hackers can insert malicious code into your website. That code then aims to capture the private data of your website visitors.

This step of reducing those vulnerabilities actually can require a web developer’s help. However, beginners should still be aware of this threat. In the meantime, use a web application firewall to scan your website. You can also clean your user HTML inputs with such tools as HTML Purifier.

No. 9: Reduce any SQL injection vulnerabilities

If your website stores a lot of sensitive user data (like credit card information), you’re doing to want to consider SQL injection vulnerabilities on top of XSS.

It’s not as common but will steal sensitive data directly from your database.

Again, this is definitely a step that you should discuss with your web developer, but solutions can include setting up a firewall, using a whitelist and so on. Learn more about what can be done to reduce SQL injection vulnerabilities.

No. 10: Use anti-malware software for advanced, extra website security

Anti-malware software aims to prevent security threats by detecting and removing them early on from your website (before they do too much damage).

Of course, anti-malware can cost money to install and use. Take the time to review your budget, and remember that the cost of a security breach (both monetarily and perception-wise) can be so much more.

Many website hosting platforms have anti-malware software that you can subscribe to, but if not, you can check out such tools as SiteGuarding or Quttera and see if either is right for you.

No. 11: Keep an eye out for any traffic surges

Another type of website security attack involves blasting your website with fake traffic to essentially overwhelm your web servers and crash your website.

This type of attack, called Distributed Denial of Services (DDoS), happened more than 10 million times in 2020 alone. 

Fortunately, your traffic analytics tools can help you identify and strange surges. Most web hosting platforms come with DDoS protection, but you can always use external tools, such as Cloudflare or Radware, for additional protection.

No. 12: Get an extra layer of protection with Web App Firewalls

Web App Firewalls, otherwise referred to as WAF, defend against multiple types of website security attacks. Hence why this isn’t our first mention of them.

A firewall essentially monitors your web traffic and guards against any traffic that’s malicious. WAFs use policies to determine which traffic is dangerous.

If you’re a small business, we recommend a cloud-based or software-based WAF due to lower cost and ease of maintenance. That being said, there is also hardware-based WAF that, while harder to maintain and more expensive, can also be more effective.

In conclusion

Website security can feel like an overwhelming topic for any website beginner, but simply go step-by-step to identify what you can do better to protect your business and your customers.

Looking to level up your digital marketing process as you secure your website? Consider DailyStory, which features automation, audience segmentation and more. Schedule your free demo with us today.