When they hear the word “hacking”, people tend to imagine a lonesome perpetrator furiously tapping away on a keyboard, trying to steal confidential data or wreak havoc upon the functionality of a website or application. In which case, it may not seem like the average website has much to fear in terms of cyber security threats or hacking attempts. What could they possibly stand to gain by hacking into the website of a local florist, for instance?
Quite a lot actually. However, rather than it being one person targeting one specific website, most web security breaches are caused by an automated script that scours the web for opportunities to exploit weak or poorly protected website servers. And while certain attacks may target sensitive data, more often than not the website server is then used for spam or other illegal purposes. Hackers may also set out to use a an infected device like a web camera or CCTV as part of a botnet – a network of privately-owned computers that is infected with malware and controlled as a coordinated group without the owner’s knowledge or consent. In many cases, the infected website still functions as normal, which means that the activity of hackers often remains undetected.
So, how can you ensure your website does not become an easy target for malicious cyber attacks of this nature? Here are three simple steps to keep any website or web application safe and secure:
Update your software regularly
A little obvious perhaps, though it’s surprising how often website owners fail to download key software updates on a regular basis. All too often, the notification to update comes right in the middle of our work and is swiftly followed by clicking the “Remind Me Later” button.
It’s easy to forget that these updates usually contain important patches that are designed to fix certain bugs or install an additional level of security protection within the software. When you consider that thousands of new threats are detected every single day then updating your software becomes an absolute necessity. Recently a lot of industry talk has centred on the emergence of ransomware, a form of attack that locks a user out from their personal files until a certain amount of money has been paid. But it’s also corporate customers who can be affected, as any data that’s accessible to users, even remote data, is susceptible to ransomware attacks.
Failing to update your software or CMS whenever a new version is released ultimately means that a website is susceptible to new threats such as this, making it a much more vulnerable target for hackers.
Find a robust firewall
Whether you’re a sole trader or a large multinational corporation, if you want to ensure your website remains impervious to all foreign breaches, hackers and viruses, you’re going to need a firewall fit for the task.
It’s also important to bear in mind that, in addition to a central website, any web applications that business maintains face their own distinct range of security threats. And even your standard website might be a web application. Unlike a physical firewall, a dedicated web application firewall must be able to deal with a continually evolving range of threats – from SQL injections and cross-site scripting to illegal resource access and remote file inclusion. This is why cyber security providers, such as Incapsula, have invested in firewalls that are specifically engineered to protect web applications, no matter where your server is physically located.
Get your passwords right
Another simple security faux pas that many businesses fall foul of is using insecure passwords across all of their servers, web applications and programs.
If it’s a choice between a short password that’s really easy to remember, or a more complex password that includes capital letters and numbers, always go for the latter. If you’re still struggling to come up with your own super-secure password, this article from TechRadar offers some useful tips on password best practices. Although it may take a little more effort to remember, it’s certainly worth it to keep your systems as secure as possible.