Websites are compromised all the time – fact. Any network is at risk. Even before we have considered any misuse or security breaches by staff, your server and the site it hosts are your most serious source of security risk.
Websites come in all shapes and sizes, and so do hackers. They may want access to the data you store, but this is far less common than attempts to use your server as an email relay for spam, or to setup a temporary web server for some nefarious goal. You could also be hit by ransomware or be used to mine Bitcoins. Hackers are opportunists, so weaker sites will get hit. Think of it as the digital equivalent of leaving your flat-screen TV next to an open window while you run to the supermarket.
Worms, trojans and malware. They’re all terms we hear regularly, but if we’re running a website they are concepts we need to guard against. Anti-virus software is an essential part of ensuring we don’t get hit. Failure to install effective anti-virus software will result in your computer being affected, it’s just a matter of time. A virus can do anything from diverting the bandwidth you’re paying for to stealing your personal information or sending messages from your server. The importance of anti-virus software cannot be underestimated.
Just as any manager would never leave their office unlocked, so any website should never operate without a firewall. There are two types of firewall; hardware and software.
· Hardware firewalls place a piece of kit between the user and the network and have several advantages. As they come with their own software, it is less likely to be hacked and it can be installed network-wide, meaning it doesn’t need to be uploaded to individual computers. This makes upgrading much easier and centrally controlled – you don’t need to rely on your users for security
· Software firewalls can be used with hardware firewalls for an extra level of security. It allows users to customise their security, and also for different levels of security to be given to different employees.
Just as with a lock and key, no single product guarantees 100% security, but that doesn’t mean you shouldn’t have one for your home or business.
Secure Socket Layer encryption protects all sensitive data as it races through cyberspace. Even if you don’t run transactions, SSL still gives you security and data integrity and most importantly, users will know their data is secure. Be sure to get a Certificate Signing Request (CSR) for your site.
If you want to protect you network from hackers, you need strong passwords. Never use birthdays, nicknames or middle names. Anything obvious give a hacker a head-start. Sophisticated hackers will use software that can generate 1000s of combinations in an hour, using what they know about your identity; phone numbers, dates of birth and so on.
Last but not least, keeping software up to date is vital. Once hackers find a hole in a programme’s security, they will exploit it wherever they find it, so you need to update and patch programmes regularly. This applies to the server you’re operating system as well as any software and it particularly applies to those using Windows.
If you’re using third party software, then be sure to enable any updates you get sent immediately.
If you’re using a hosting company, then they should do this for you, but check the small print.
Good luck with your website, and if you follow these rules you will minimise the risk – and therefore the stress!
Do you need more advice about securing your website? Contact WTS Technologies today!