Websites can be vulnerable to security threats, such as malware and hackers. Is yours really protected?
Running a website is becoming an increasingly dangerous affair for companies and businesses. Every day, over 30,000 pages experience security breaches — from simple websites selling gifts to the data networks of big name companies, such as Sony and JPMorgan. These cyber-attacks are cheap and relentless as well; Automated bots and scripts can be utilised to execute massive hacking attempts that do not require any form of human action or supervision.
It goes without saying that getting hacked is a terrifying affair for any webpage owner. However, exposure to cyber-attacks is unavoidable due to their widespread activity today.
According to the fourth annual Bot Traffic Report by Imperva Incapsula, a cloud-based security application delivery firm, humans and good bots (e.g. search engine bots) made up 79 per cent of web traffic last year. While this combined figure is close to four times the activity of harmful bots, the amount of bad bot activity has also kept steady at around 30 per cent for past years.
So the question is, how can businesses do to secure themselves against cyber-threats? Here are some suggestions to keep your website safe.
Stay up to date
While this is a common piece of advice, keeping your server and website software updated is probably the most important step in ensuring a site stays watertight. One way site owners can accomplish this is by simply installing the latest security patches and version updates; They help prevent malicious bots and hackers from taking advantage of any safety loopholes.
In addition, it’s also useful for site owners to keep abreast of the latest news on IT threats and scams. Websites like Threatpost and SecurityWeek cover the latest trends in cybercrime, as well as access to a repository of detailed articles. After all, it’s always wise to keep your friends close and your enemies closer.
Imagine your web page as a fortress that is constantly jeopardized by armies of invading threats. Having a steady, well guarded entrance definitely makes it much harder for attackers to get in. Be sure to bulk up on security measures at your webpage’s access point; One sure-fire way to reduce breaches is to implement two-step verification for logins, which requires the user to input another layer of information besides the username and password.
Hackers are also able to systematically obtain login details through trial and error. Thus, enabling restrictions to access, such as setting a time limit or capping the number of login attempts keeps bots from staying on the website for too long. Similarly, changing your login information regularly reduces the chances of bots successfully guessing into your site.
However, all that effort will come to naught if your passwords are as easy as pie. Creating strong access details should be the top most of any site owner’s priorities. Classic password pointers are still effective, such as:
- using a mix of upper, lower casing
- using numerics and symbols
- ensuring your password combination is at least 12 characters
- ensuring your password are not dictionary words
Layer your Security
Installing security widgets for your web hosting page should be sufficient to keep hackers at bay right? Wrong. Granted, these applications can effectively monitor and protect your page from being compromised, but there are many ‘backdoors’ through which malicious content can infiltrate. For example, a user logging into the website from an unprotected computer might run the risk of unwittingly transferring malware or other viruses existing in the device’s data.
Many companies are therefore implementing a layered security strategy, in which multiple security systems are utilised to fully monitor, protect and resolve issues. Beyond web protection programmes, that includes:
- Introducing network controls (e.g. Web Application Firewalls, Intrusion Prevention Systems)
- Anti-malware/ anti-virus programmes for accessing devices (e.g. admin computers )
- Analysing data activity
- Threat removal
Having a slew of preventive measures drastically reduces the success of any attacks.
Security threats have become increasingly adaptable, and hackers are resourceful in finding new ways to break into the system. For instance, 2015 saw a rising occurrence of malvertising attacks, which appear on ad-supported websites by spamming infected links to users. Plugins on web hosting services such as WordPress have also been targeted, especially those that have weak security controls.
Despite best efforts in staying vigilant and proactive, sometimes websites might still fall prey to ever-changing, advancing security threats. That’s where thinking ahead comes in handy. Keeping regular backups of your website’s data is vital in preparation for the worst. As much as it sounds like a chore to do, it won’t be a laughing matter when your entire page is wiped out. There are multiple ways around backing up content; manually via a portable storage device, through cloud solutions like Dropbox or Amazon S3, or automated services such as Dropmysite.
Protecting your content is just as important as creating them, have you propped up your web security today?
Written by: (www.script.com.sg)
Edited & Illustrated by: Script Consultants Pte Ltd