You no longer need to be an expert web developer or information technology wizard to create and maintain your bank website. The wide array of web hosting companies and open-source content management systems (CMS) have allowed small businesses to compete with larger competitors in the digital realm. While community banks and credit unions have benefited from these technological advances, financial institutions have very distinct and heavily regulated security concerns to which their websites must adhere.
How can you ensure that your bank website CMS meets and exceeds minimum security standards? Safeguarding your CMS is a two-pronged process between your bank web hosting service and you.
Because your bank website and CMS reside on the web host, protection must begin with your hosting provider. The first place to start is selecting a provider who will host your site on a dedicated or virtual private server. Sharing a web host increases the possibility that your bank website will be exposed to more vulnerabilities.
Another way you can protect your CMS at the web hosting level is by using hypertext transfer protocol secure (HTTPS). HTTPS adds the security and privacy that your bank website CMS requires. With an SSL/TLS certificate installed, an HTTPS website encrypts all data shared between your customer’s browser and your bank web host.
Most likely, your bank web hosting service will also manage your CMS, such as performing updates and plugin installations. WordPress reports that only 36.9% of websites on the platform use the most recent version. You should also rely on your web management team to install any plugins. CMS plugins are responsible for more than half of CMS cyber breaches. Along with maintaining your bank website CMS, your web host should provide additional security measures like malware scanning and firewalls.
Web hosting security is only half the equation. No matter what protocols your hosting provider has put into place, they won’t matter if you don’t do your part in defending your bank website CMS. Your role in securing your CMS comes down to limiting access by utilizing strong usernames and passwords and requiring two-factor authentication.
When setting up login credentials, avoid common or generic terms, such as “admin” or “password.” Also, resist including your bank or credit union website in the username or password. Another mistake is using an email address that is readily available to the public as a username.
For passwords, use a combination of lowercase and uppercase letters, numbers, and special characters. Furthermore, the longer the password, the more difficult it will be to guess.
Two-factor authentication adds another layer of security. With two-factor authentication or 2FA, once you enter the correct username and password, you must complete a final step to gain access to your CMS.
This could be entering a secondary username and password or personal identification number. You might need to enter a code generated by an external app or sent as a text or email message. Even biometrics, like voice or fingerprint recognition, can prevent unauthorized access to your CMS. Although your web hosting service may be responsible for security on the back-end, ultimately, securing your bank website CMS starts with you.
Content management systems have put the power of creating and updating website content into the hands of individuals who may not have a technical background. With the higher necessity for security and privacy, financial institutions need to make sure their website CMS meets regulatory guidelines.
BankSITE® Services has been hosting websites for financial institutions for more than two decades. Our WordPress-based BankSITE® Builder CMS is user-friendly, and our web developers work tirelessly to keep the system updated and protected. Together we can secure your bank website.