Protecting Your Website From Hackers: Seven Critical Elements
By Paul Fitzgerald for America's Backbone Weekly!-- AddToAny BEGIN -->
Online Hackers want access to your customer accounts addresses and personal info, and, of course credit card information so here's how you can protect your company's website from cybercriminals.
Say No To BYOD
Encouraging BYOD (Bring Your Own Devices), which is also similar to BYOT (Bring Your Own Technology), could have serious consequences for your business. SMBs encouraging BYOD experience increased productivity in the workplace and reduced costs on the resources front, but BYOD can threaten IT security and place sensitive business systems at greater risk. Having employees utilizing in-house technology is a safer bet for any business.
Restrict Access And Stay Updated
Hacker News, a leading social news website, is a good place to stay updated with threats: use the information you gain to put fresh precautions in place when necessary. But the key is the level of admin restriction (only allow employees you want access to the data you covet) so you must enforce secure user names and passwords that cannot be guessed. Change the default database prefix from "DB4" to something random, but if the correct access is employed it won't really matter. Think like a bank: limit login attempts to three within a certain timeframe, even with password resets, because email accounts can be hacked too. And never send login details by email, in case an unauthorized user has gained access to the account.
Tighten Your Security Network
Updating software costs companies money, so the default from management might be 'do it when necessary.' However, the reason to update is to mitigate system vulnerability, delaying an update exposes you to attack in the interim. Hackers can scan thousands of websites an hour for vulnerabilities and they're networking wizards so if one hacker knows how to get into a program then hundreds of hackers will shortly discover it too.
A good thing to keep in mind, regardless of admin access controls is that all computer users in your office may be inadvertently providing an easy access route to your website servers. So, change passwords frequently and never write them down, and ensure that all devices plugged into the network are scanned for malware with each attachment.
Install A Firewall And Security Applications
Many small and medium sized businesses don't have anything more robust than what comes with the software bundle. A web application firewall (WAF) can be software or hardware based and sits between your website server and the data connector, scanning every bit of data passing through it for risks. Most WAFs are cloud based and provided as a plug-and-pay.
Symantec Norton Security Deluxe and Symantec Norton Security Premium are two great choices. The Premium however protects more computers and has more secure cloud storage than Deluxe. McAfee Total Protection and McAfee LiveSafe differ only in their selection of high-end bonus features and complex, yet hard to hack biometric-secured storage is offered by LiveSafe. Then there's Webroot SecureAnywhere Internet Security Plus, which lacks the backup and tune-up components found in Webroot SecureAnywhere Internet Security Complete. A nice compliment to WAF is additional security applications such as Acunetix WP Security which hides your website's CMS identity. This tool makes you more resilient against automated hacking tools that scour the web, looking for sites like WordPress, which has several known vulnerabilities: email, website and administrative file hacking - to name a few examples.
Hide Admin Pages And Limit File Uploads
Don't allow your admin pages to be indexed by search engines robots txt file, for example, discourages search engines from listing them. Unindexed files are harder for hackers to find. File uploads are another major concern. No matter how thoroughly the system scans them, bugs can still penetrate your network, giving a hacker unlimited access. The best solution is to upload and store them outside the root directory and use a script to access them when necessary. Your web host can assist you setting this function.
Use SSL And Remove Form Auto-Fill
Encrypted SSL (Secure Sockets Layer) protocol for transferring users' personal information between the website and your database is important. This prevents information being read in transit without the proper authority. When you leave auto-fill enabled on your website, you're vulnerable to attack from any user's computer or phone that has been stolen. For those businesses encouraging BYOD where employees can access the network with their own phones, you can lock them out should they become separated from their device through loss or theft.
Back-Up Frequently And Remember You Can't 'Hide Your Code'
Keep everything backed-up data and files - for worst-case scenarios. Back up on-site and off-site multiple times a day. Every time a user saves a file it should automatically back up in several locales, such as the server, cloud and external hard drive. If you only run a backup once a day, you risk doubling your workday when your hard drive fails. Every hard-drive fails. There's software out there that claims to 'hide your code' on your webpages but it does not work. Browsers always require access to your code so as to render your pages, allowing simple ways around web-page "encryption."
Copyright (c) 2016 Studio One Networks. All rights reserved.