“Sheer Destruction” Is A Powerful Motivator, So Protect Your Website From Hackers
Companies used to worry about their physical assets and whether their stores were locked at night. But now the storefront has moved into the digital space, keeping the bad guys out is a lot more technical than buying an alarm system. It’s a technical matter – one that’s constantly evolving and having to deal with new threats.
The problem with today’s thieves is that they are smarter and more global than they were in the past. This isn’t just a case of working out how to break your way into a van at night to steal some tools to later sell on Ebay. This is about electronic thieves who are invisible, global and largely untraceable.
What’s more, what is actually valuable is changing. It’s not just that thieves want to steal things like credit card data – which they do – it’s also that they want to steal your company’s data, especially if they can sell it or use it as ransom. Worse still, modern companies have a bunch of legal obligations to protect their data, meaning that data theft is a double-whammy. Not only are companies targeted by private criminals, but they are also targeted by the government, and can be open to class-action lawsuits if personally identifiable customer data goes missing.
So the question is, what can businesses do to make sure that they are protecting themselves and their websites from hackers?
Back Up Your Site
Hackers will often try to take your site offline to interrupt your business. One of their objectives may be to extract ransom payment from you in return for restoring access. Because of this very real threat, it’s a good idea to have secondary and even tertiary backup servers to which you can switch instantly in the event of an emergency. Backup servers can be activated the moment your main server is taken down so that your operations aren’t taken offline.
And while we’re on the subject of backups, all data-driven companies need to have a regular backup policy for all the data they hold on their systems. Hard drives can fail without warning, and recovering data is a costly and time-consuming process. Store essential information on the cloud and keep to a backup timetable where content is backed up every day.
Remove Autofill Options From Your Site
Businesses are increasingly using BYOD (bring your own device) to work policies. These arrangements are popular with businesses, thanks to the improved productivity and lower costs that they offer. But they are also potentially dangerous.
One of the problems with BYOD happens when companies use auto-fill options on their websites. If an employee’s device is stolen, a criminal can then use the autofill facilities to enter restricted areas, like the business’s network, without even having to hack the password. It’s a good idea to remove auto-fill and to prevent stolen devices from becoming a liability. If your employees demand convenience, research autofill options that fill out everything except the password itself.
Always Use SSL Encryption
Whenever an employee transfers personal information between your website and your database, they are potentially at risk of being hacked. Criminals can intercept traffic on its journey from one location to another and find out things that you’d rather keep a secret. Because of this, it’s a good idea to make sure that all communications involving your website are SSL encrypted. This will make sure that only those with the proper authority will be able to access and read classified information.
Train Up Your Staff
There should be at least one person on your team with CISA training who knows how to make sure that websites and networks remain secure. Businesses can find out from Simplilearn exactly what CISA entails. In short, it’s a globally recognized certification that says that a person has the skills to audit, control and assess the security of information systems. Businesses that have these people on their teams will find it much easier to push back against malicious threats on the Internet than those that don’t.
Don’t List Admin Pages
One of the key weaknesses of modern business websites is their admin pages. If a hacker gets control of a firm’s admin page, it’s able to make alterations at will, potentially bringing the entire website down.
There are a couple of ways to prevent this: strong password protection is one. But a more subtle way is to hide admin pages from search results.
The best way to do this is to include a robot_txt file in the underlying HTML code of the page. When a search engine encounters one of these files, it ignores the page and doesn’t list it. Thus, to find your admin page, a hacker would have to find it manually, by entering different URLs into their search bar. Since your admin page could be called literally anything, hiding it from search engines is an excellent way to prevent hackers from even finding your control panel, let alone getting access to it.
Store File Uploads At A Separate Location
Many business websites offer users the opportunity to upload their files. But no matter how carefully you check those files, some bugs will still get through. Experts, therefore, recommend that businesses store any uploaded files at a separate root directory. Most web hosts will be able to set this up.
Install A Web App Firewall
The idea of a web app firewall, sometimes called a WAF, is to make sure that no unrecognized data is transferred between your websites and the computers to which it is connecting. It’s like a barrier that sits between the two, filtering all information passing through it and flagging up anything that it perceives as suspicious. The cool thing about it is that is can be either hardware or software based, making it particularly adaptable to different situations.
Modern systems tend to be based in the cloud. Here, businesses pay a relatively small subscription fee, and in return, they get a firewall deployed in front of their server to prevent sensitive information from getting into the wrong hands. According to Entrepreneur, these solutions provide “complete peace of mind” by preventing any and all attempts at hacking and removing unwanted traffic from the system.
Having a system like this in place is a great way to prevent the type of hacking that business directory and advertising platform, Craigslist, suffered back in 2014.
Boost Your Network Security
If you’re paranoid about security, your network protocols are probably already pretty tight. But even seemingly innocent actions by people working in your office can open up your website servers to attack. There is a lot that you can do to bolster your security measures. One thing that a lot of companies are now doing is scanning all devices that connect to their network for malware, every time they connect. In a BYOD world, this is important, since employee devices could have picked up malware while being out of the office.
Another policy is to make sure that passwords are never written down. When passwords are written down, it opens up opportunities for criminals to hack both your website, as well as your other accounts.
Firms are also automatically logging people out of their networks after a short period of inactivity. This is to make sure that they aren’t opening up the company to risk by leaving their devices unattended while logged into sensitive accounts.
Always Install Updates Immediately
Software companies, like your company, are in the business of making money. And so when an update is released, you can bet that it’s because somebody found a hole in their programming and managed to hack one of their customers. Updates cost a lot of money and are usually only created in response to a threat. It’s a good idea, therefore, to immediately update all of your systems, including your website, as soon as updates are available. Delaying an update because you’re worried about the time that it will take puts your company at risk of being targeted and gives hackers a critical window of opportunity to extract data and money from your organization. It’s worth remembering that hackers work in networks and share information with each other instantly. If one hacker is aware of an exploit or weakness in a program your company is using, you can bet they all do.
Get Tough On Access Control
Companies realize that networks in which everybody has access to everything aren’t the most secure. In fact, giving more people the ability to access parts of your network and website actually puts the business at greater risk. When you think about it, there’s no real reason why your sales staff would have access to your website admin panel. What could they ever possibly need that access for?
There are two reasons to prevent certain workers from having access to certain parts of your network. The first is that they might not be trustworthy themselves, and may try to use their access privilege for their own personal gain, rather than the benefit of the company. But second, and more importantly, the more people who have access, the higher the chance that a hacker will gain access to their device. The bottom line? Keep access as restricted as your business model will allow.
Need help with your marketing, PR or business management? Contact us today for a free thirty-minute consultation!
[contact-form][contact-field label=’Name’ type=’name’ required=’1’/][contact-field label=’Email’ type=’email’ required=’1’/][contact-field label=’Website’ type=’url’/][contact-field label=’Comment’ type=’textarea’ required=’1’/][/contact-form]
