Unless you’re a
superspy in an action movie, you shouldn’t be taking unnecessary gambles with
the success of your business. Whether your website is a portal to your business
or the business itself, it’s your job to take the steps to make sure it’s still
there tomorrow.
That means beefing up
the security beyond the defaults. Hackers and other e-criminals make a game out
of turning your livelihood into theirs, and you need to be prepared for the
latest threats. Protecting your website, no surprise, comes down to investing
in the right forms of software and coding.
So what are you up
against and what can you do about it? Let’s take a look at challenges you may
face and their solutions.
Account Theft
Perhaps one of the most
common ways for criminals to sabotage your website is by stealing access to
your accounts. There are many ways this can be accomplished, but there are just
as many ways to prevent it from happening. Before you get the right software,
make sure you’ve also got the right practices in place.
Login Details
Be sure the login
details for your service are never their defaults, often “admin” and
“password.” Be sure that the login name is unique to your web service, and that
the password is difficult to guess, but easy to remember.
A good rule of thumb is
to keep passwords at least 8 characters long, with a good mixture of uppercase
and lowercase characters, numbers and symbols. It’s important to do this for
all of your accounts because having your email stolen, for instance, might
allow someone to steal your other accounts, especially if they share details.
Here’s where software
comes in; use a password manager such as LastPass
to store your passwords for different accounts. This will keep you from having
to juggle different password rules and will secure your passwords from theft
since they use an encrypted service.
Keyloggers and Malware
I’ve met countless
people who’ve had accounts stolen not because they had bad passwords, but
because they encountered malware that stole their account details. Malware is
usually acquired when someone visits a compromised website (we’ll get to that
later for your own site) or is tricked into handing over their details.
You can deal with
malware by installing an anti-virus program such as Avast. There are many
different options available, depending on your needs. The best are free with
the option to upgrade to premium services should you need additional
protection.
Network Intrusion
Another security risk
you’ll encounter is when someone sneaks into your local network. This can
happen at home, or when you’re accessing from a public WiFi point. At home,
you’d do well to install a firewall to make sure only the necessary ports are
open. A firewall can be software or hardware, with a router being an example of
a hardware solution.
With your ports closed,
your firewall will monitor incoming traffic to screen against intruders.
Another option is to use a Virtual Private Network (VPN) to hide your IP address and encrypt your internet connection. In this way,
you’ll avoid the main risks of public WiFi because your data is being routed to
a remote server and encrypted.
Scripting Vulnerabilities
Clever hackers have
found other ways to exploit vulnerabilities you may not even realize you had. A
website put together without having screened for weaknesses in the scripting
may become a broadcasting point for malware or phishing scams.
Cross Site Scripting
(XSS) is one way someone can take a regular looking website and create trouble
for its visitors. When someone visits a website that has been modified by XSS,
they can wind up visiting pages you never created or downloading malware
without even realizing it. It being your site, you’ll be the one responsible.
SQL injection and other
forms of script injections can allow hackers to modify elements of your page in
order to steal or modify data, such as transactions. If your page is making
sales, you could quickly find yourself missing a full day’s worth of tickets.
Acunetix is a handy service that can scan your pages for
these sorts of vulnerabilities. They help you stay on top of the latest
security holes in web applications and websites. Assuming your page is updated
frequently, it’s a service you’d want to use fairly regularly.
Back Your Data Up
In the event of a major
data breach (perhaps some new threat appears that no one was ready for), you
need to be sure your website data is backed up. A service such as Carbonite can make restoring your page to its most recent
version painless and maintain customer confidence in your business.
Lawsuits and Liability
While there’s no
“lawyer program,” you should be acutely aware of the liabilities your website
can expose you to if the proper steps aren’t taken to secure it. If someone’s
financial information is stolen, the blame might not fall solely on the thief;
you can be responsible because adequate steps weren’t taken to secure that
data.
Consider the class
action lawsuits against Sony and other big corporations who experienced
security breaches in the past few years. The criminals were truly the ones
responsible, but the company was not absolved. The lawsuit claims that they
didn’t do enough to secure their clients’ information.
Save Yourself the Work; Invest in Security
Between calling banks,
restoring your pages, dealing with legal problems and all around wasting time,
it should be obvious why security software is important. A poor foundation for
your website can lead to financial disaster, especially if your page is
actually pushing a product.
Don’t make the same
mistake far too many other companies have already made. Keep yourself from
being a victim and invest in security software that protects you and the
elements of your website. Doing so may be one of your cheapest investments;
ignoring the danger could be one of your most costly mistakes.