March 06, 2018

10 Ways to Protect your Website from Cyber Criminals

Many business owners have installed an alarm system to prevent intruders and theft from the physical workplace. But what about website security?

Research has shown that websites are increasingly being targeted by cyber criminals. SiteLock’s Website Security Insider report showed that in the second quarter of 2017 there were, on average, 63 attack attempts per day on websites. A year earlier, there were only 22 attacks per day.

Since nearly every business has to have an online presence today, everyone, from small and medium-sized businesses to large corporations, is a target.

Malware is a favourite weapon of choice for cyber criminals. In the third quarter, nearly 15% of malware attacks targeted personally identifiable information (PII) on websites such as credit card data and password credentials, website traffic, and other assets and resources.

The research showed that criminals also used ransomware to encrypt website content. 

Plus, compromised websites were used as a platform for attacks on websites of the company’s business partners too.

When a corporate website is breached, the company’s reputation takes a big hit and the website is often ‘blacklisted’ by search engines like Google, leading to a loss of visitors and potential customers.

According to a recent Ponemon report, the average dollar cost of a data breach for U.S. companies in 2017 was $7.35 million.

10 Ways to Prevent Cyber Crime

1. Routine Website Vulnerability Scanning

Use routine penetration testing and vulnerability scanning to identify flaws before cyber criminals do. Review the website’s file structure periodically for changes or suspicious content.

2. Data Security Compliance

Privacy laws often dictate security protocols around how data is sent, stored and disposed of. Cheque what needs to be done in your industry, and ensure the website meets the criteria.

3. SSL Certification

Secure the website with Secure Sockets Layer (SSL) certification. This is standard security technology for ensuring that data being sent and received is transmitted securely.

4. Network Security

The admin level of a website can be an easy way in for criminals. Set requirements for strong passwords and time limits for authorization and the number of login attempts. Only employees who need access to do their job should have access. Scan devices plugged into the network for malware each time they’re attached.

5. Strong Passwords

Strong passwords (a mix of capitals, lowercase letters, numbers, special characters, and random structures) should be used on all website applications. Never write passwords on a post-it note and leave it visibly exposed in the work area.

6. Block Suspicious Requests

Use a web application firewall to identify and block malicious requests before they reach the website.

7. Regular Software Updates

Whatever website platform is being used, monitor for the latest patches and update applications and add-ons as soon as vendors issue patches. Keep plug-ins and website software updated too.

8. Backup the Website

Back up all website content regularly so you can restore copy if there is a cyber attack. Backups should be kept safely in another location.

9. Develop Effective Company Security Policies

Publish a detailed security policy that covers best practices and business continuity plans.  

10. Physical Security Controls

Use video surveillance, and restrict access to servers, network, etc. Be sure to securely destroy legacy hard drives rather than stockpile or recycle them.

 

Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.