blog

6 Key Steps to Protect your Website and Brand

Your website must be included in your security program

 

SIMPLE SECURITY GUIDANCE AND ARTICLES DIRECT TO YOUR MAILBOX

What you need to know to protect your business, de-geeked and accessible to everyone

We respect your privacy and will never share your contact information
by Mike Knapp in Business Leaders

Imagine you’re looking at the website for a supplier you’re considering and a pop-up shows up for some questionable ads, or worse, pornography.  How would you feel about that working with that supplier?

Unfortunately, hackers manage to deface (or worse) websites all-too-often. According to estimates from Symantec, as many as 75% of corporate websites have known vulnerabilities and 40% of data breaches were through web applications.

It even happened to me once, several years ago.  I was running a WordPress-based website and hadn’t installed updates in a while.  Someone leveraged a known vulnerability to insert ads into my website.

Websites have become the welcome mat for new (and often existing) customers.  They provide the first impression of our brand and company.  Yet we risk having that first impression badly tarnished by not properly protecting our websites.

Here are some basics that every company should be doing to protect their websites:

Update your Website Software Regularly

Most modern websites run on an existing content management system (CMS), like WordPress, Joomla and others.  These systems need to be updated with the latest bug fixes and security updates on a regular basis.

The schedule for installing updates is may vary depending on the complexity of your site (and the testing needed), but a good schedule would be:

  • Critical security patches as soon as possible (2 weeks max)
  • Important patches monthly
  • All other patches quarterly

Be sure to include plug-ins when watching for patches – there have been many security breaches due to plug-ins that hadn’t been updated!

Protect Login Information

Logins are a natural target for hackers.  After all, they can write a pretty simple script to try brute-forcing through it!  That’s especially easy if you use the default username and a simple password. . .

The default user name (admin) should always be disabled and usernames provided to each of the administrators.  Passwords should be long (>8 characters) and complex (use a phrase instead of a word).  If possible, enabled multi-factor authentication.

Do NOT Host Your Own Website

… unless you really have to.  Managing the hosting environment – the server, firewall, database and more – adds a massive amount of complexity and risk.  Wherever possible, use a trusted hosting provider and let them manage it – it’s what they do.

Use SSL

SSL provided bank-level encryption to the communications with your website.  This protects anything sent to/from your website, such as personal data or login information.

Also, if someone does hack your site and redirects material (like hosting ads), users will get a warning that a piece of the site isn’t using SSL.

Adding SSL to an existing website is trivial and very low cost (or free depending on the provider).  Our website and Incrementa Consulting’s are SSL only.

Install Security Applications

There are some great security plug-ins for WordPress (WordFence for example) and other sites that validate that your security is in place and working correctly.  They’re inexpensive and worth installing.

For Bigger sites or e-Commerce Sites

Bigger brands or anyone doing e-commerce should be taking extra security steps:

  • Make sure you’re meeting PCI-DSS requirements
  • Have a vulnerability scan done quarterly
  • Use a web-application firewall (WAF)

Your Action Items

Protect your brand and make cyber-criminals’ lives more difficult.  Add the following to your regular security checklist:

  • Update the website software regularly
  • Ensure your login information does not use defaults and the passwords are appropriate
  • Implement SSL on your website

If you need help managing this or reducing your security risk, please let us know and we’ll be happy to help.

Leave a Reply

Your email address will not be published. Required fields are marked *

 

SIMPLE SECURITY GUIDANCE AND ARTICLES DIRECT TO YOUR MAILBOX

What you need to know to protect your business, de-geeked and accessible to everyone

We respect your privacy and will never share your contact information