Cybersecurity for Your Small Business: What to Look for in a Web Host
If you’re looking at hosting options for your small business website, then cybersecurity should be one of your top concerns—irrespective of whether you’re interested in a shared hosting environment, VPS, or are even thinking about subscribing to a dedicated server. This is true even if your hosting plan is managed, in which case the host commits to take care of basic server security updates.
In the United States alone, 30,000 websites are hacked with malware every day. A large number of those are small business websites which are targeted because they don’t have the cybersecurity protections that large enterprise IT teams can put up. But there is still plenty that small business owners can do to ensure the safety of their accounts. Check if your hosting provider offers any of the following, all of which can help ensure that your account does not become the next statistic.
Cybersecurity Features You Should Look for in a Hosting Package
Two-Factor Authentication (2FA)
Also called multifactor authentication (MFA), 2-factor authentication adds a second security credential to the login process. If you’re on a managed hosting plan, then you probably know that cPanel is where your technical staff can configure all aspects of their hosting accounts. Because cPanel is so powerful, the risks if a hacker gets in are far more damaging than gaining access to, say, an FTP account or a Wordpress backend. That’s why it’s extremely useful if your host offers 2FA on logins to cPanel.
Free SSL Certificates
If your small business operates multiple domain names, then you’ll find it particularly helpful if your hosting provider offers free SSL certificates with their hosting package. An SSL certificate is a guarantee from a Certificate Authority (CA) that traffic to and from the website will be encrypted by Transport Layer Security (TLS). You might be more familiar with this as https:// rather than http:// before certain domain names. Using TLS gives your customers peace of mind that data they send to and from your website will be encrypted over their local networks. Because your customers’ user credentials could conceivably be used to brute force your own digital infrastructure, it’s in your interests too to make sure this is offered.
DKIM, SPF, DMARC
Email spoofing is a real concern for any small business. To combat this, look for a host that offers 3 email authentication tools on its hosting packages: Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, and Reporting & Conformance (DMARC). These are configured as DNS records in your cPanel and mean that recipients can see that the email was authenticated by your organization and is not the result of a fraudster impersonating you.
Easy Update Manager
If your small business is using some popular web-hosted scripts such as the Wordpress Content Management System (CMS), then you should know that you’re wide open to any vulnerabilities in the code base. Because of how widely these systems are deployed, they’re lucrative targets for hackers. A one-click script installation and manager means that you can ensure that any such cloud-hosted programs are updated automatically and at regular intervals—without having to ask your IT staff for help.
What Web Hosts Offer These Services
We evaluated some of the most popular hosting providers for small business websites on the market to see what kind of security features they offer.
Bluehost is one of the world’s most popular web hosts. It offers tailored managed Wordpress hosting packages that are relied upon by millions of small businesses nationwide. Its cybersecurity measures include:
- SiteLock. Bluehost makes this security tool available for an add-on fee of $23.88 per domain per year. SiteLock automatically monitors for any suspicious activity and will provide immediate user notifications at the first sign that a domain might be under threat.
- Its vulnerability scans monitor for common cybersecurity weaknesses including XSS scripts (cross-site attacks), SQL injection attempts, and common application weakness exploit attempts.
In many parts of the world, GoDaddy is practically synonymous with web hosting. It has a particularly strong focus on cybersecurity and offers add-ons for its shared, VPS, reseller, and dedicated hosting plans.
- A website security subscription service. This is provided in 3 tiers (Essential, Deluxe, and Ultimate). On the Essential tier, business owners are guaranteed a 12-hour response time from technicians and unlimited malware removal.
- GoDaddy’s cybersecurity team will also handle Google blacklist removal. This is a common concern for small businesses as the injection of spam links to a hacked domain can have a hugely detrimental impact upon SEO performance. The Deluxe and Ultimate plans provide advanced DDoS (Distributed Denial of Service) attack protection as well as CDN acceleration and complete backup and restore functionalities.
A2 Hosting has one of the best reputations in the hosting business for its cybersecurity features—in fact several popular cybersecurity websites, including WP WhiteSecurity, use it to host their own websites.
- Free wildcard SSL certificates. These certificates will work on any add-on domains added to a hosting account and—because they are wildcard certificates—will display on subdomains as well as the primary URL.
- Special, security-focused ConfigServer Security and Firewall (CSF) packages. CSF is a popular firewall application suite which runs on Linux servers. A2 offers VPS plans with 20GB-50GB storage which provide easily configurable CFS hosting.
Network Solutions is a popular choice for hosting Ecommerce websites. It offers 4 tiers of shared hosting services which include the following security features:
- SiteLock Premium (available from the Essential tier upwards). This provides basic malware scanning, and malware autoremoval (Professional tier and above).
- On the Professional Plus plan, targeted towards small business owners, unlimited SSL certificates are provided.
WebHostingPad offers some great value Wordpress hosting plans from as little as $2.99 per month. But choosing this budget-friendly provider doesn’t mean compromising on cybersecurity. Its features include:
- An SSL certificate (available on the WP Premium package)
- A Premium monthly backup service (WP Pro, WP Premium)
- Automatic malware scanning and removal (all packages).
Choose a Security-Focused Web Host
Cybersecurity should be a top concern for any small business. Whether your company site is on a basic shared hosting tier or lives on dedicated server space, it’s important that you choose a host which has some strong cybersecurity features. Choose from one of the top providers on the market to make sure that your site isn’t one of the annual hacking victims.