At AlbanyWeb Ltd, we take the security of your website seriously. Because of the precautions that we take, there's nothing you need to do other than keep your password safe. Here are some of the measures we take that keep your own security precautions simple:
- We always use private servers. That means we have full control and know that no one else can log in. If you purchase your own hosting, it is most often shared hosting, which means dozens of other users have access to the same server. Industry regulations for online payments (PCI security standards) disallow shared hosting because of the security risks? With AlbanyWeb, you will share with the server some of our other customers, but no customers have direct access to the server, only to their own website.
- We house our servers with a company we trust. The hosting company that provides our servers are experts, and we've known them personally for a long time. They use a firewall to keep out unwanted traffic and ensure that no one else has access to our servers.
- Our servers are always up to date with operating system patches. Every hour, day and night, the server automatically downloads and installs any updates. If a reboot is needed, that happens automatically too, but it waits until the middle of the night to avoid disrupting service.
- We keep Drupal CMS up-to-date too. We monitor for security updates to any of the packages, and get notified by email if we need to take action. The update itself is manual, as we need to check it doesn't break our websites, generally within 24 hours.
- All our servers require secure log-in over HTTPS. Any attempt to log in over HTTP is automatically redirected, thus keeping your password safe.
- We configure our websites conservatively. This means that you, our customers, don't have permission to things that aren't relevant to updating your content. We've thought very carefully how to give you enough freedom to do what you need whilst keeping you safe from unintended actions.
How you can improve your own online security
In a nutshell, it is really about keeping your password safe. Here are a few more specific guidelines:
- Don't store your password on a device that is shared with other people.
- Try to change your password regularly.
- Don't share your login details with someone else - if you have another person who will be editing your website, please ask us to set up a separate user account instead.