July 14, 2017

A Beginner’s Guide to Website Security

With ransomware usage on the rise, malware attacks are a serious threat to anyone with any sort of digital presence. For business owners, this means crucial assets, such as your website, are in danger of siege by sophisticated programs meant to disrupt your workflow while costing you valuable time and money to repair. More than ever, website security is imperative to defending your organization from these unwarranted intrusions.

What is Ransomware?

Ransomware is software programmed to take private data and either make it public or block it forever unless a ransom is paid. A hacker breaks into your system, encrypts all of your data and then demands payment for it.

Last month, a ransomware attack that began in Ukraine made its way across Europe and eventually ended up in the United States. Avast reported that it had detected 12,000 individual attacks. This widespread carnage affected dozens of businesses internationally. One of the largest shipping companies in the world, Maersk, experienced outages across its computer system around the globe.

Website Security Tips

Ransomware, malware, viruses: there are too many threats out there to not take website security seriously. However, if you are unfamiliar with its nuances, website security can feel like an overwhelming task to manage. Fear not! With the following website security tips, your digital presence will be safe from harm and you can rest at ease.

  • Update all software as soon as new versions are released. When you don’t take this step, you leave holes open for hackers to sneak in through, leaving your website vulnerable.
  • Anyone accessing your website should have a specific login credential assigned. Sharing login credentials makes it harder to audit any problems that may occur on the website.
  • Use a secure web host. Do your research before you go into business with any hosting provider to discuss security information. It might cost a little more, but a web hosting business that values security will help keep you and your company safe.
  • Encrypt any login pages on your website. Even if the session is encrypted after a user has logged in, that does not ensure the security of the login credentials.
  • Invest in an HTTPS website. There are arguments against this extra layer of encryption but it guarantees that your information is securely transmitted.
  • Implement key-based authentication instead of password authentication when possible. Passwords are far easier to crack than cryptographic key-based authentication.
  • Backup your website regularly. Store backup files in separate places (different cloud accounts, on a hard drive, etc.) so that you can always restore a copy quickly if your data is lost.
  • Secure your SQL database from injections by hackers by establishing a complex set of rules. If an unwanted intruder is able to access your SQL database, your data is vulnerable to prying eyes or could be lost entirely.
  • Only access the backend of your website from a secure network. For instance, if you want to login to your website while you are traveling, it might be prudent to do so when you know the connection is safe rather than using a free WiFi network at a Starbucks.

Password Best Practices

We are all guilty of using a password that someone could easily guess. A birthday. Your phone number. A pet’s name. An anniversary. The street you live on. While these numbers or words might be easy to remember, a hacker can figure out these passwords faster than you can imagine. Lock down your personal information online with these password best practices.

  • Longer passwords (12-25 characters) are ideal.
  • Mix it up. Use lower and upper case letter, numbers, and special characters.
  • Do not use easily guessed words such as password or user. Definitely, do not use the name of your network or business.
  • Create a password rotation schedule for all of your accounts. Passwords should be changed every 90 days.
  • If you are going to use a word that is found in the dictionary, replace letters with numerals. For example, if you want your password to be elmtree, use 31mtr33 instead. This is still easy to crack, so make sure to add additional characters or numbers to your password.
  • Do not use adjacent keyword combinations such as qwerty, asdzxc, or bgt55tgb.
  • Never store your passwords as a plain text on your computer.
  • Avoid using the same password across different platforms or systems.

Concerned about website security? Discuss options for securing your website with experienced professionals. Contact us today to learn how to improve website security for your business.