Cyber Security – Website
How to Keep Your Website Secure and Avoid Hacking
This is as much for you as your customer. I always practice what I preach then I understand my customers and there needs and frustrations more.
They need one because “everyone has one” especially their competitors. In my experience, organizations with this mentality treat their website like cheesy infomercial appliances, and once the site “goes live” little to no resources are spent maintaining it.Websites are like pets. They’re a long-term commitment. They need constant care and attention. And just like your pet, if you neglect your website bad things will happen. Organizations who to not dedicate resources to website maintenance are punching their one-way train ticket toHackedville.
Dedicating boat-loads of resources to your website is no guarantee either, and I argue that no system can be made completely hacker-proof. Even the security experts get hacked. In 2011, a well-known security company which sells hacker-proof technology was hacked, forcing all the major web browsers to release updates to fix the gaffe. So, you ask “What’s a website owner to do?” My answer is three things: take control of your ASSETS, minimize the risk and be prepared for the worst and .
#1 Take control of the assets One thing we have noticed over the last year of implementing cyber security for small businesses is when it comes to their website they have no idea who owns their domain, How to update their own website and have never added any new content let alone check if it is secure.
This is a great opportunity for you to set this right and take over their hosting and website development. Need more help see Web Marketing For Profit Bonus.
#2 Minimize the risk
Do everything you can to reduce your chances of being hacked in the first place. When I was a kid, my mom got her car stolen from the neighborhood grocery store parking lot. (That sort of thing happens when you leave the car running out front.)
My takeaway? Don’t make it easy for an attacker to break your website. Make your site less tempting to hackers, and chances are they’ll go elsewhere. This seems like common sense, but many people don’t do this because it takes time and expertise. Here’s some of low-hanging fruit for you to pick:
- Stay up to date: Even the simplest websites rely on software which was not authored by you. Since software is created by people it is inherently flawed and contains errors or bugs. You should know the components your website relies on to operate, and keep tabs on the known issues, and releases of updates and patches. You can search known vulnerabilities in software here http://web.nvd.nist.gov/view/vuln/search or here http://www.securityfocus.com/bid. Now don’t get to anal about this but good to know.
Your best bet is to follow the security lists and announcements for the software you’re using to run your website, and always stay up to date on the latest stable versions.
- Limit access to resources: Has this happened to you? In the morning, you place your lunch in the company refrigerator and when you come back for it at noon… *poof* it’s gone! Many people are shocked by this, but not me. The fundamental problem is a community refrigerator has no means to granulize access so only you take your own lunch.
Fortunately, software doesn’t have this problem, and its common practice to harden, or lock down the access to only the resources that need access. The Web is chock-full of hardening guides, like this one if you’re running a Word Press site. You should try to harden your site at all three levels: the operating system, the web server, and the web application itself.
- Use strong passwords: You need a username and password to place files on your web server or to update content. Make sure you’re using not using the default password and chose a password which is difficult to guess. Microsoft provides a nice to tool to test the entropy of your password.
If you’re logging in over an insecure protocol like HTTP or FTP then your password is sent “in the clear” making it easy to intercept, especially over public Wi-Fi networks. Yes, you look cool updating your blog from the coffee shop, but it’s become far too easy to get your passwords compromised in such places so avoid it where possible.
#3 Be prepared for the worst
Now that we’ve covered what you can do to reduce the chances of being hacked, let’s talk about what your options are when it happens. First, take a bite of the reality sandwich, and come to grips with the fact that your site will eventually get hacked.
In my 15+ years of administering and building websites, I’ve had a few of them hacked myself. Your plan here is simple – be the first to know there’s a problem, and have a plan in place to get things back. If you knew ahead of time your laptop will get stolen someday, you’d be a fool to not install laptop tracking software like this guy did, right? Why not have a similar insurance policy for your website?
- Monitor your site: You don’t want to find out that your site was defaced from a news outlet, your supervisor or worse yet your high school arch-nemesis (whom for some odd reason you’ve “friended” on Facebook.) You want to be the first to know about it. There are a lot of good tools for monitoring your site including some free ones like http://www.uptimerobot.com. Be smart and use one.To help with those really difficult cases where your site was hacked but does not appear hacked, use Google Safe browsing to detect the hidden malware on your page. (Use the following Url but replace the site you want to check after the ?site= parameter) http://www.google.com/safebrowsing/diagnostic?site=http://youdomain.com
- Backup your site: It goes without saying you should have routine backups of your site. The rule of thumb is everything required to get the site running exactly as it was at the time of the backup should be included. That usually means the files, content and the database. Backups should be stored off site or at least not on the same computer as your web server. Finally, a backup is only useful if you can restore your website. You should test your website restore process at least once a year and write up instructions in case someone else needs to do it. I do a restore to a test site.
If your running WordPress then Updraft is a great plugin for doing this and storing on Amazon S3 which is what we do. Then set it to backup site as often as required. You can also do it to Google drive, drop box and many more but set up your system. If they have good hosting with Cpanel you can also make a full backup in there.
- When the hack comes: Get your site back on line quickly with your restore procedure system. Examine the log files and attempt to find the source of the hack, and then patch or rebuild your system to prevent it from happening again in the future. Be open with your users about what transpired, what you found, what you did about it and what if any data may have been compromised.
#4 Install an SSL certificate.
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol (over port 443) and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites. SSL Certificates bind together.
Cyber Security – Website
- Zoom Training For Online Business
- How to use Skillshare For Business
- Overseas Bargain for Online Business Training
- Start you own Drop Shipping business!
- Start Your Online Business
- Ubuntu For Business
- Web Marketing For Profit Course
- Social Media and List Building Video Course
- How To Use Media for your Business
- Quality Video Training For Online Business