Staying Safe on the Internet
Keep Your Websites Online
Last Updated: July 2022
In addition to protecting your ability to access the internet safely, it is also important to do what you can to ensure others can access your organization’s websites or web properties. For social media pages, this means protecting those accounts with strong, unique passwords and two-factor authentication. For your website, this means protecting it against hacking and denial of service attacks. Distributed Denial of Service (DDoS) attacks are where a large group of computers simultaneously drown your server in malicious traffic. If you are a civil society organization or other non-profit organization, you can most likely qualify for free DDoS protection - which makes it much harder for an adversary to take your website down. A few options include Cloudflare’s Project Galileo, Google’s Project Shield, or eQualitie’s Deflect service.
Hosting Your Organization's Website Securely
Websites are hosted on computers - and those are vulnerable to hacking just like your own devices. If possible, your organization should take advantage of existing hosting services like Wordpress.com, Wix, or others that manage all the site security for you. If you are reading this handbook, your organization also likely qualifies for free secure hosting of a Wordpress site by eQualitie through their eQPress Hosting service. This is a great option for civic organizations with existing WordPress sites or if your organization is looking to build a new site.
If your website needs are more complex, or if you need to host your website yourself, then be sure to focus on keeping your operating system and web hosting software up to date, just like you would for your personal computer. Consider using well-established cloud hosting providers such as Amazon Web Services (AWS), Microsoft Azure, or Greenhost’s eclips.is, which provide enhanced security options for hosted websites. Regardless of what tools you use to host your website, ensure that any accounts used to access content editing and configuration settings are protected with strong passwords and two factor authentication.
If your organization has the technical savvy to host its own website, you should consider choosing a so-called “static-site” or flat website. As opposed to dynamic websites, these types of sites reduce the attack surface for hackers and will make your website more attack resistant.