According to the Chinese Calendar, 2019 is the Year of the Pig, and there are thousands of website owners out there who will be squealing with anger the first time their website gets hacked in the 365 days to come.
2018 saw a lot of ugly acts committed online, from Orbitz losing private data to Under Armour having 150 million records swiped from its diet and exercise hub.
It’s not just data exposure that’s damaging companies and their reputations, but also Distributed Denial of Service (DDoS) attacks, trojans, ransomware, spyware, and all sorts of nasty malware designed to degrade your system, loosen your security protocols, swipe your information to be resold on the dark web, and generally make all sorts of trouble inside your system.
How can you and your company stay safe in the year to come? To be honest, the best way isn’t some high-profile threat intelligence firm that’s going to walk around your office building wearing headsets and dark sunglasses. Rather the surest ways to stay safe are the basic ones that are completely under your control. These basics are often overlooked by computer users and thus exploited by hackers, thieves, and cybercriminals who count on novice computer users to not grasp the concept of in-house security until it’s too late.
By taking these simple steps, you can dramatically reduce the likelihood of your company being hacked and keep your website safe in 2019.
- Use a web application firewall. This can be software or hardware, just make sure you have one. It protects against large-scale attacks in which hackers try to overwhelm your website with bogus traffic like bot attacks, SQL injection, and sensitive backend data exposure. The firewall also gives you a bird’s eye view of what’s going on with your website and how it is performing.
- Use SSL security, especially for financial transactions. The little ‘s’ at the end of the common “http:” is a symbol to consumers that you are taking their business seriously. SSL security means everything communicated between client and server is encrypted against third-party access. No eavesdropping from unwanted observers.
- Backup your system regularly. It seems most thoughts about backing up the system occur about 20 minutes after something crashes. In all seriousness, backups are vital to websites, particularly in case of an emergency – either artificial or the effect of a natural disaster. Disaster recovery should be a plan every company has and can reduce your offline time to mere seconds or minutes if done correctly.
- Change your passwords frequently. You might believe no one will ever guess your flawless password that combines your favorite Star Wars character and your favorite Italian sandwich (Obi-WanStromboli), but the longer you keep it, the more you risk it being discovered, even if it’s by a coworker who decides to tuck it away in their pocket for a rainy day. If someone has hacked your system, they may do nothing for a long time other than gather information. If they do so and you don’t change the password in the next six months, you’re giving them half a year of free data to steal.
- Use antivirus software to scan your website for vulnerabilities. If you’ve ever read the novel version of Jurassic Park, you’ll know the big moment comes when they scan the park for total number of dinosaurs, instead of the expected number. The result? 29 extra velociraptors nobody accounted for. Scanning your website for vulnerabilities is a much different search then making sure everything is working. Do this regularly to avoid nasty surprises.
- Update your website regularly. Use the latest version of every software you can think of to ensure you are up-to-date with the latest security patches that keep the bad guys on the outside.
Photograph by Pixelcreatures