10 Questions to Ask Your Web Host About Cyber Security

Not everyone who owns an online business is a techie, let alone a cyber security expert. In fact, most of us know two basic things; our website must be online and it must be secure. We understand we have an ethical responsibility to protect consumers, just as we expect to be protected when we shop on other websites. How that’s accomplished is up to the experts. Some of those experts are our website hosts.

Cyber Security for Online Businesses

There are two main categories of security for online businesses:

  1. Security for customers (such as secure transactions and privacy protection)
  2. Security for your website (like hacking and fraud)

There are relevant Canadian laws that we have to consider too. Even the search engines judge sites based on the security measures they have in place, such as SSL/HTTPS encryption.

The dynamic digital environment makes it a challenge to stay on top of the latest online security threats. Having a website host that understands and addresses these threats can make a huge difference.

Ask Your Website Host About Cyber Security

Virtually all hosts will have some level of security available, but they may charge extra for it while others include it in their basic price. My experience suggests some of them create security issues or take sites down in order to upsell security ‘solutions’. The best way to avoid that is to find a host that includes these measures for every website they host.

If your web host doesn’t offer the following critical security measures, you should be able to find software or plugins that will provide similar protection. Personally, I expect my website host (GreenGeeks) to take full responsibility.

Whether you already have a website host or are looking for one, ask them the following questions so you’ll be aware of your security status and any further action you must take.

1. Do You Provide an SSL Certificate?

Secure Sockets Layer (SSL) is a must for the secure transfer of data, from payment information to delivery addresses. You’ll know a website has it if the address begins with https, and it usually has a lock icon as well.

Google decided every site should have it (whether they actually send data or not), so every host now offers an SSL certificate. What differs is if it’s included in the hosting price or if they charge extra for it. Some hosts offer a choice between the standard SSL certificate (free) or an SSL package that you can pay for (which may include a warranty or special security badge for your site).

2. Do You Provide Brute Force Protection?

You might be surprised to learn most websites aren’t technically hacked, they’re logged into. Rapid, repeated attempts are made by software to guess the username & password.

Long, random passwords make it more difficult for this malicious software to succeed, but additional measures can be provided by your website host. For example, SiteGround recently announced an upgraded, AI-driven system to help prevent brute force attacks by reducing malicious traffic by 95 percent, as well as measures that stop hackers at the door.

If the host doesn’t provide this level of service, look for plugins like WordPress Limit Login Attempts.

3. Do You Have Protection Against DDOS Attacks?

Hackers can attempt to bring down your website with a DDOS attack for several reasons, ranging from ransom situations to vicious competitors. Website hosts can use several methods to defend websites from DDOS attacks, diverting and stopping them before they do much harm.

4. Do You Provide Automatic Software Updates?

Content management systems (CMS) like WordPress and their plugins can bring their own cyber security risks. Additionally, program scripts residing on the hosting servers require regular security updates. A common example is PHP which, by the way, was originally created by Danish-Canadian programmer, Rasmus Lerdorf. If (like most of us) that level of updating scares you, you’ll want to ensure it’s managed by your website host.

5. Do You Have a Web App Firewall?

Basically, firewalls monitor website traffic and block hackers trying to exploit security vulnerabilities. The better website hosts provide this protection by default and some pride themselves in developing superior protection.

6. Do You Offer Malware Scanning?

This is a service that many charge extra for, but you can find a few who believe it is a basic security feature that hosts should care enough to provide by default.

7. Do You Have Daily Backups?

If hackers do manage to access your website or you experience other errors, a host that provides backups and free restoration is a life saver.

8. Do You Offer Geographical IP Blocking?

If your target market doesn’t reside in a specific country and/or the country is known for security threats, you can block visitors from those countries. It also conserves your site resources for traffic you actually do want. For example, this website primarily targets Canadians so we could block all IP addresses from other countries without negatively impacting our target market.

9. Do You Have Data Centres in Canada?

A critical data security consideration is where the host’s website servers (data centres) are physically located. For example, you are protected by the Canadian constitution if your hosting server is in Canada, either physically or on “the cloud”. If the data centre, server or cloud service is outside of Canada, you may be open to data seizure or mass surveillance by international security agencies.

To ensure your data is protected by Canadian law against foreign laws or policies, your website must be hosted on Canadian soil. If not, you have to inform your customers and visitors that their information may be processed in a foreign country.

Ask your website host if your site is (or will be) on a Canadian server. For more information, please read Canadian Website Hosts and the Legal Reasons to Use Them.

10. How do you Protect Online Sellers From Fraud?

Website hosting that actively prevents hacking and offers free scanning for network viruses is a must for safe ecommerce sales. In addition to this barrier, most ecommerce software, platforms and online marketplaces come with some level of built-in fraud protection. How extensive it is can vary, so it pays to read the fine print and ask specific questions.

Often, transaction security is provided via the payment processor or payment gateway. Check their website or send them an email to find out details. Many ecommerce platforms, like Shopify Canada, support a number of third party payment gateways as well as their own.

The Government of Canada is Serious About Website Security

The Government of Canada Get Cyber Safe Guide for Small and Medium Businesses echoes the need for increased security at the hosting level.

They suggest finding a web host that does the following:

  • Scan their web servers and your website for potential issues and then fix those issues to further protect the server and your site.
  • Monitor your website (and any systems) for intrusion or attempted vandalism.
  • Protect your website from intrusion and disruption.
  • Will restore your site to service in the event of a failure or disruption by cyber criminals.

“Be prepared in case your business website is compromised,” suggests the guide. “You may need to reduce service, switch to a backup server or service provider, or even take your site offline temporarily. Consider all of this before a security incident takes place so everyone in the business knows what needs to be done.”

You can lose everything in an instant if you ignore cyber security and spend thousands of dollars recovering. It’s important that your website host takes that threat as seriously as you and your visitors do.


© CanadiansInternet.com – Content on this website may not be used elsewhere without expressed permission. Thank you for respecting the effort that we have put into our original content.

DISCLOSURE: We may receive compensation for links to products on this website. As an Amazon Associate, we earn from qualifying purchases. Our content is provided for informational purposes only and does not guarantee results.

COMMENTS ARE MODERATED – Legitimate comments will be published after a short delay. Spam will not be published.

Digital Business & Marketing Manager at Online Business Canada | Website | + posts

Melody McKinnon's formal education is in business management, which she enhanced with more than 60 certifications revolving around business, marketing, health, general sciences and writing. In over 20 years of working online, she has owned or managed both educational and eCommerce websites.

Melody has worked with many businesses & brands in a multitude of capacities. She can often be found on CanadiansInternet.com, CanadianFamily.net and AllNaturalPetCare.com, as well as other quality digital publications. Her content has earned reference links from highly-respected websites, magazines and university textbooks.

Notify of
Inline Feedbacks
View all comments