Choosing a Secure Web Host: What Your Business Needs to Know

Cybersecurity - web host

​Looking to launch a new website or upgrade your existing one? If you don’t have the technical skills to create the web presence you envision, hiring a web host provider is a smart move. But whether you’re building from scratch or refreshing your current site, security should be a top priority when comparing web-hosting options.

What to look for

1. Transport Layer Security (TLS)

One of the first things to check is whether the web hosting service includes Transport Layer Security (TLS). TLS helps protect your customers’ privacy by encrypting the data sent to and from your website. You might be more familiar with its predecessor, SSL (Secure Sockets Layer). When TLS is properly implemented, your URL will begin with “https://” — a visible sign that your site is secure.

This is especially important if your website collects sensitive information, such as credit card numbers or passwords. TLS also ensures that when customers type your web address, they are actually visiting your real website, not an imposter site.

2. Email Authentication

If you plan to set up business email with your domain name (like name@yourbusiness.com), make sure your web host offers email authentication. Without this, scammers can use your domain name to send fake emails that appear to be from your business, putting your reputation and customers at risk.

Your web host should offer these three key email authentication tools:

  • Sender Policy Framework (SPF)
  • Domain Keys Identified Mail (DKIM)
  • Domain-based Message Authentication, Reporting & Conformance (DMARC)

These tools help verify that emails sent from your domain are legitimate, preventing fraud and phishing attacks.

Email Authentication: A Powerful Tool to Stop Phishing Scams

3. Software Updates

Many web hosts offer pre-built websites or software packages that make it easy to set up your business site quickly. But, like any software, it’s crucial that your website runs on up-to-date versions with the latest security patches.

Make sure you know who is responsible for keeping your website’s software up to date. Does your web host handle this, or will you need to manage updates yourself?

Software Update

4. Website Management

Another factor to consider is how the website will be managed after it’s built. Some web host providers require you to go through them to make changes, while others allow you to log in and manage the site on your own.

It’s important to clarify this up front: Will you have full control over the website, or will you need to rely on the web host to make adjustments? If you can manage it yourself, make sure that multi-factor authentication (MFA) is available for logging in to add an extra layer of security.

What to ask

When choosing a web host provider, it’s essential to ask the right questions to ensure your business data and customer information are secure.

  • Is TLS included in the hosting plan? If not, is it a paid add-on? Will I need to set it up myself, or will you help?
  • Can my business email use my website’s domain name? Will you assist me in setting up SPF, DKIM, and DMARC for email authentication?
  • Are software updates included? If not, how easy will it be for me to manage updates?
  • Who will manage the website after it’s set up? Can I make changes on my own, or will I have to go through you? If I can log in, is multi-factor authentication available?

In addition, do not forget that it is required to have an ICP (Internet Content Provider license), which is a legal requirement for websites operating in mainland China. 

There are two main types of ICP licenses:

  • ICP Filing (ICP备案): This is required for non-commercial websites or websites that do not sell goods or services directly, such as personal blogs, forums, or informational portals. It is mandatory for any website that is hosted on a server in mainland China.
  • ICP Commercial License (ICP经营许可证): This license is for websites that engage in commercial activities, such as selling goods or services online. E-commerce platforms, paid subscription services, and websites with online advertising typically require this license.

Without an ICP license, a website hosted in China can be blocked or penalized by Chinese authorities.

When building or upgrading your business website, security should never be an afterthought. Choosing a web host that provides TLS, email authentication, software updates, and clear management options will help protect your business and your customers from cyber threats. Make sure to ask the right questions and choose a provider that puts security first.

Stay tuned, stay secure, and let’s make Cybersecurity Awareness Month count!

*Article inspired by the guide “Cybersecurity for small business” written by the Federal Trade Commission (FTC).

——————–

We at APIS Consulting can assist you in enhancing your cyber security knowledge and IT security procedures. If you require any trainings, cyber security audits, to boost your IT security, or to outsource your IT security, you can get in touch with us via email at contact@apisconsulting.cn or by adding Antoine on WeChat using the QRcode below.

Antoine Pilarczyk founded APIS Consulting in 2021 to help companies in China to improve their cybersecurity awareness. He is a certified Lead Auditor and Lead Implementer ISO 27001.

Leave a Reply

Your email address will not be published. Required fields are marked *

Popular Posts

Categories