How To Make Sure Your Website Is Secure

SECURITY CONCEPT

In 2016, the number of websites hacked increased 32% over 2015 and that number is expected to continue to increase every year. While a frightening statistic, there are many things you can do to ensure that your website is as secure as possible. Below you will find the top 10 ways you can decrease the chances of your website being hacked.

Update And Do It Often

If you are not already updating all software and hardware in your business including those that are used for your website on a regular basis then you must face the hard fact that you will get hacked. It is not a matter of ‘if’ but rather a matter of ‘when’. Although updating everything can be a nuisance, especially when you are trying to run a business, not updating will, at best, cause frustration and, at worst, put your company out of business for good.

Did that get your attention? Good! Because according to ITRC Data Breach Reports, 40% of security breaches were targeted at businesses and that affected 185 billion customers and over 16 million records.

One of the best ways to protect your website and business is to make sure everything is updated on a regular, consistent basis! This means updating servers, website platforms and plug-ins, as well as your computer software and hardware, firewalls, and every type of software and hardware that keeps your business running.

Stay Updated On Latest Threats

In addition to keeping your software and hardware updated at all times, it is a wise idea to keep yourself updated on the latest cyber-security crime happening in the world. The best way to do this is to search “IT Security News” and read about the latest and greatest threats being reported.

Although IT security probably is not your forte and you most likely have people who do that sort of stuff for you already, as the owner of your company, it is wise to know what is going on at all times. This way you can discuss with your IT department or the IT company servicing your business the best ways to mitigate a data breach. Constantly staying on top of things and discussing how those new threats could affect your business will go a long way in preventing issues.

Passwords and 2-Factor Authentication

 

White keyboard. Internet browser. Voice-frequency effect.

This one seems like it should not have to be said because it is so simple. However, sadly, people still do not take password security serious enough. Yes, it is a pain to constantly try to create a secure password and it is even harder to remember what it is once you do but it is absolutely necessary to do so.

Hackers are the masters of getting into places they should not be getting into and a weak password is akin to leaving the door open to your house with a note that says ‘Take whatever you want’! So commit to be someone who does not let trouble have easy access. Here are a few steadfast and true ways to create secure passwords.

1) They need to be complex and random. Don’t use your name, date of birth, pet’s name, child’s name, favorite sports team or band, etcetera. These types of passwords are very easy for someone to guess with minimal information about you. Use upper and lower case letters, numbers, and symbols in your passwords.

2) Passwords should be 12 or more characters long. The longer the password the harder it is for a hacker to guess. For instance, a password with only 7 characters would only take .29 milliseconds to crack, a 9 character password would take 5 days to crack, and a 10 character password would take 4 months to crack. Are you wondering how long that 12 character password would take to crack? A whopping 2 CENTURIES!! (For more information password-cracking times click here).

3) Passwords need to be unique. Don’t reuse passwords. Every time you create a new password it should be unique. By doing this you make it very difficult to be a victim of a security breach. Should one of your passwords be cracked it will not affect every account you have. Hackers love when they figure out someone’s password because they then go to all the sites that they can for that same person and try it over and over again. Statistically speaking, because humans are very predictable, they will hit the jackpot on more than one account with that one password they figured out.

Most people do not follow these simple password rules for one reason and one reason alone – they are afraid they won’t remember the password. This is a reasonable fear. We all have it however, it’s one we all must face and overcome and there are some things you can do to help with this process.

1) Use a password manager. There are many of these around and a lot of them are free. Stick to ones that are well-known like LastPass, KeePass, or 1Password. There are many others too so research what’s out there and decide which one will work best for you. These password managers not only store your passwords for you but they also can generate and change a password for you as well.

2) Create a formula for your password creation. There are many different ways to create a formula but it should be one that works best for you. For some ideas on how to create passwords using different formulas click here.

And last but not least, whenever you have the opportunity to use 2-Factor Authentication – DO IT! It will create an added layer of security and make it very difficult for anyone to get into your accounts without access to your phone or email. For more information about 2-Factor Authentication click here.

Only One Website Per Server

If you or your business has more than one website make sure that each website is hosted on its own server. Many people feel that if they have a unlimited web hosting plan they may as well put all the websites in the same place however doing that is very risky. Why? Because if a hacker manages to get into your server they can access all of your websites and databases at once.

Once hackers are on your site they can steal whatever sensitive data they can as well as infect the site with malware. If you have more than one site on the same server, it too will be at risk of being infected. So make sure that each website has its own hosting plan and server. This way should one site be hacked all the others are safe. Also, make sure that the passwords for all your websites are different.

Control Access To Website

The rule of thumb here is that you only give access to your website to those that absolutely need it and of those that are granted access, only give them as much access as needed to do their jobs. This is called the principle of least privilege.

Too many people having access to the website not only makes the site more vulnerable to security breaches but also makes it more vulnerable to human errors. The more people mucking around, the more likely something bad will happen.

Of those that are granted access, make sure they all have their own sign in and passwords and are given permissions to do only the things they should be allowed to do. It is also wise to have a policy in place that outlines regular review of access permissions and removes those that have changed or left the organization. The more accounts that are out there the more potential ‘doors’ hackers have to get in. Close any ‘doors’ that are no longer necessary.

Backup And Do It Often

This one ranks up there with strong passwords. It is something that most people at least know is important to do yet too many don’t do it. If you are one of those people, your chance of recovering your data and getting your business back up and running quickly is practically nil. With frequent backups, your business website and all its data has the potential to be back up and running quickly limiting your business’ downtime.

But it’s not just having regular backups that is important. You also need to test your website backups from time to time to make sure they are complete and not corrupt. In a survey by Barkly, 100% of IT professionals surveyed said they were actively backing up their data and 81% of those stated they were confident they would be able to completely recover their data in the event of a security breach. In actuality only 42% of ransom-ware victims were able to recover all of their data from backups and the biggest reason for this failure was failed  backups and backups not being done regularly causing gaps where data was lost.

Backups will not prevent your website from getting hacked however it will make it quicker to get your website up and running once it has been hacked. Make sure that not only the website files are backed but also any databases that are involved as well.

Get A SSL Certificate (HTTPS)

SSL Connection

While an SSL Certification does not protect your website from being hacked, it does protect information that is sent from your website to your users browsers by encrypting all communications. It is something that all websites should have especially if it is an e-commerce site that takes payment information.

However, all websites would do well to have an SSL Certification in order to keep all communication safe. With all the security vulnerabilities out there savvy users are growing accustomed to looking for ‘https’ at the beginning of a website’s URL as well as the green lock found to the left of the URL to reassure themselves that their communications are safe. Give your website visitors some peace of mind by encrypting communications with an SSL Certification.

Disable Form Auto-Fill

You know that contact form that you have on your website? Did you know that some websites allow visitors, that visit your site regularly, to auto-fill forms with all their information? Well, that form is not really a good thing for your visitors or your business. If their computer or phone is stolen, a hacker can access your website via that auto-fill the victim’s information. So make sure that the auto-fill feature is disabled on your website. Although convenient for lazy visitors to your site, it is a security vulnerability that you should not leave out there.

Limit Or Eliminate File Uploads

Any website that allows files to be uploaded to it is leaving itself open to a security breach and it doesn’t have to be a hacker that uploads a virus-laden file. It could be someone that doesn’t know their file has a virus in it. No matter how much security you have on your system for checking files, viruses can get through and once they do any hacker can gain access to your website and all its data.

Of course, the best practice would be to not accept any uploads to your website. However, sometimes it’s necessary to allow file uploads for various reasons. If this is the case with your website, make sure that any files uploaded to your site are stored outside the root directory. If you don’t know how to do this, your web host can help you get this up and running.

Do Not Store Payment Data On Your Servers

Anything you store on your servers can be stolen in a security breach and there are some types of data you have no choice about storing there. However, there are certain types of information that you do need to take the responsibility for and payment data is one of those.

This is why it’s best to let the e-commerce providers you are using for payment processing store and protect the data on their servers. They are more prepared to protect that type of data. This is why it is really important to use a top-rated payment processing provider so make sure you research well before you choose one.

So now that you are aware of a few of the top things you can do to secure your website make sure you create an action plan and set out to put everything in place immediately. You will never regret being proactive.

Let DataOne Networks help your business protect its data and embrace all that technology has to offer. Click here and contact us today to get started!

One thought on “How To Make Sure Your Website Is Secure

  1. Users may complain about password setting but only then if you will force them to use very long passwords and if it will expire to often. Enforce password history To start building password policy you need to consider how many unique passwords user must set, before it would be possible to go back and use the oldest one. For that “Enforce password history” setting is responsible. You need to define value, how many unique passwords are required to be set by user, before allowing him to use previous passwords. Enforce password history explanation Allowed value is between 0 (no password history) and 24 (maximum) For default domain password policy I would suggest to set value of 10. Changed enforce password history setting This is quite secure and allow much more simple calculation for other setting showed a little bit later in this article. In this case, the setting means that user must set 10 unique passwords before he can go back and use first from the previous list of passwords. There is slight chance that user would not reuse his passwords Maximum password age Another important setting in the policy is how often users must change their password. Maximum password age explanation Maximum password age value must be between 0 and 998 days. Setting value of 0 causes that password expires every 0 days! That means in reality – password never expires You definitively should avoid of using this value in productive environments! Especially that this is not easy to find out, because password never expires flag is not modified and you cannot see this directly in Active Directory Users and Computers console.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>