Online security is an ongoing challenge. Hacking techniques evolve as quickly as technology does, so it’s important to regularly update your web protection measures. Protecting your site means safeguarding your data as well as that of your visitors and clients. Here are a few statistics on cyberattacks:
- 978 million people affected by cyberattacks each year
- 1 in 2 French companies targeted by a cyberattack in 2021
- Cybercrime costs $6 trillion annually
- 30% data theft
- 29% denial of service
- 24% data encrypted by ransomware
- 23% identity theft
Even the largest companies fall victim to these attacks. In 2021, notable examples include Axa Partners, Microsoft Exchange, Acer, and more.
There are many types of cyberattacks, including phishing, spear-phishing, exploitation of vulnerabilities, scams, illegitimate domain acquisitions, SQL injections, DDoS attacks, etc., and the security systems designed to counter them are just as numerous.
In this article, we provide a checklist of security systems to integrate into your showcase site or e-commerce site to minimize the risks of these cyberattacks.
Blocking Spam
What is spam?
To enhance user experience, some websites invite their visitors, community members, or clients to leave comments. These can include customer reviews, blog comments, or any other messages that visitors often consider very important. Hackers are aware of this and are increasingly active in posting fake comments and reviews to disrupt the site, its sales, and its reputation.
Although comments are not recommended for assessing a website's reliability, they are often a factor considered by users and have a significant impact on the level of trust. In addition to users, search engines like Google also pay attention to these comments. Therefore, your organic SEO could also be affected.
How to combat spam on a website?
Moderating your content is essential, and you should establish a spam handling policy. Many tools and integrations allow you to manage this content. To limit spam on your Webflow site, you could, for example, use Disqus. This tool serves as a primary spam filtering system, utilized by many webmasters and cybersecurity professionals.
Protecting Your Site from DDoS Attacks
What is a DDoS attack?
The goal of a DDoS attack is to render a service unavailable. Through a cyberattack, hackers can proceed in several ways, such as:
- overloading a computer network to disrupt its operation
- interrupting connections
- restricting access to third parties
Typically, this involves sending enormous amounts of information to a site all at once, causing its servers to crash. Initially, the site will go offline, but this can also open vulnerabilities in the security system.
As a result, hackers can inject malicious code, leading to a significant impact on your organic search rankings.
How to protect your site from DDoS attacks?
The best way to protect your site from DDoS attacks is to choose a reliable hosting provider. This means selecting a host that offers the main security standards, such as an SSL certificate, a rapid service with a global CDN, etc. A quality host will also conduct regular tests to identify vulnerabilities in its service.
A website hosted by Webflow benefits from the full protection of Amazon Web Services Shield (AWS). The AWS security system is known for having one of the highest levels of protection in terms of hosting. Whether it’s regarding vulnerability assessment, authentication security, infrastructure protection, or data security, AWS is a trustworthy provider for a website.
Having an SSL Certificate
What is an SSL certificate?
The SSL certificate, or Secure Sockets Layer, is the most recognized protection system. It appears as a closed padlock in the URL of the (secured) websites you visit. SSL security is not mandatory, but it has almost become a standard on the web. Google has announced that it penalizes sites without an SSL certificate.
SSL will create an encrypted and therefore secure channel between two devices or servers communicating over the internet. The most common use of the SSL protocol is to secure communications between a web browser like Google and Webflow servers. A secured website will see its URL change from HTTP to HTTPS, with the "S" indicating "Secure".
SSL security has significant implications. Most websites today have it, as it protects your data as well as that of your visitors and clients. Sensitive data such as credit card information, addresses, etc., are thus safeguarded.
How to obtain an SSL certificate for your website?
An SSL certificate can be added to your domain by inquiring with your certification authority, or it can also be configured on your web host or your own servers. Some certification authorities like Let’s Encrypt offer free SSL certificates.
Content Management Systems like Webflow also offer, by default, a free SSL certificate for all sites they host. You can configure your Webflow SSL certificate with just one click.
Use HTTP/2
What is an HTTP/2 request?
HTTP/2 is the new version of HTTP requests. Developed by Google, this new standard allows for accelerated data exchanges between the server and the user. Data now travels through multiple TCP (Transmission Control Protocol) connections and is encrypted by default in HTTPS. Moreover, search engines like Google highly favor the SEO of sites that implement the HTTP/2 protocol.
How to use HTTP/2?
Check with your web host, as not all provide HTTP/2 hosting. Webflow, however, offers the use of the HTTP/2 protocol by default for all its sites to optimize speed and security.
Prevent Brute Force Attacks
What is a brute force attack?
A brute force attack is a method that involves testing numerous combinations to find a password or an encryption key. The goal is to obtain login information or display encrypted data.
How to block brute force attacks?
Similar to DDoS attacks, the hosting provider is again at the forefront of protecting you. Webflow adds an extra layer of security by tracking IP addresses that make repeated connection attempts during form submissions.
Protection Against XSS (Cross-Site Scripting)
What are XSS scripts?
Hackers use this method to insert malicious code into your website, causing harm. These XSS scripts are also employed to infiltrate users' computers and access their private data.
How to block XSS scripts?
Amazon Web Services (AWS), the host for Webflow, has implemented numerous security measures to block these XSS scripts. A Webflow site is thus well-protected against this type of web threat.
Limit SQL Injection Attacks
What is an SQL injection?
SQL injections, or SQLi, are a method used by hackers to exploit numerous security vulnerabilities to interact with databases of a site or web application. SQL queries are programming languages used to access databases, and hackers employ fraudulent SQL queries to gain access. Servers often struggle to differentiate between legitimate and illegitimate SQL queries.
How to block SQL injections?
Using safe code, securing the server, and employing intrusion detection systems (IDS) or intrusion prevention systems (IPS) are means to limit these attacks. AWS has established a security shield to protect against this type of attacks and block malicious SQL code.
Backup Your Web Data
Why back up your website data?
Despite all the precautions you may take regarding security, no system is invulnerable. We therefore recommend backing up your web data.
How to back up your website data?
Backing up your web data doesn’t necessarily require manual action, as many web hosts offer this service. Webflow, for example, provides automatic backups of your website. You can access your entire web history by day and hour. The premium version of Webflow offers unlimited history for your website. Therefore, all your previous data is also secured.
Secure Your Online Payments
What is a secure online payment system?
A secure payment is an end-to-end encrypted payment: credit card numbers, expiration date, and security code.
How to ensure secure online payments?
For this, we recommend going directly through a trusted third party like Stripe or Paypal, the two leaders in online payments. Stripe is also certified as a Level 1 Service Provider, thus meeting all payment security standards.
Choose an ISO/IEC 27018 Certified Host
What is the ISO 27018 standard?
The ISO 27018 standard is a set of measures that a web host must implement to protect the data it stores in the cloud. This standard is partly based on the ISO 27002 standard, which relates to information security in the public cloud. It serves as evidence of adherence to good international practices regarding the protection of personal and confidential data.
Choosing an ISO 27018 compliant web host
Inquire about your web host's certifications. Amazon Web Services has been certified ISO 27018 by the EY CertifyPoint organization, accredited by the Netherlands Accreditation Council and a member of the International Accreditation Forum (IAF). By default, all Webflow sites therefore benefit from these protection standards.
