It goes without saying that securing your clients websites and data, as well as your own is vitally important to the success of your business. There are a number of tasks to perform to help yourself.
Avoid shared hosting
As you are all on the same server, with no separation between your website and another customer, you are ultimately at risk from the least protected website on the server. By choosing VPS/Dedicated hosting, you immediately are in control of your own protection.
It is vitally important to make sure that any updates have been added to your CMS or any plugins you are using, as any vulnerabilities found here, will provide access to the hacker.
Web Application Firewalls (WAF)
Generally used for open source applications, this provides an extra layer of protection against common attacks such as cross-site scripting and SQL injection.
There are also a number of plugins that can be added to your applications to add some additional security, a good example is WordFence on WordPress.
Some forms of attack can go unnoticed such as a website being hacked could have spam links added to the code or your server could be used for sending out spam links, resulting in your IP address being blacklisted. This results in your website suddenly going down and not being rectified until your domain has been removed from the blacklist.
This issue has further reaching problems if you also run your email from the server, as it all runs from the same IP address, hence why we recommend hosting your email and website on separate servers.
Although not specifically for security, having good backups is essential for the integrity of your website. Securing your website by avoiding shared hosting, keeping your CMS up to date, installing firewalls and plug ins will help protect your sites from external threats. Backups ensure that if that fails, or even if you make a mistake that brings the site down then you can restore your site.