March 06, 2018
Many business owners have installed an alarm system to prevent intruders and theft from the physical workplace. But what about website security?
Research has shown that websites are increasingly being targeted by cyber criminals. SiteLock’s Website Security Insider report showed that in the second quarter of 2017 there were, on average, 63 attack attempts per day on websites. A year earlier, there were only 22 attacks per day.
Since nearly every business has to have an online presence today, everyone, from small and medium-sized businesses to large corporations, is a target.
Malware is a favorite weapon of choice for cyber criminals. In the third quarter, nearly 15% of malware attacks targeted personally identifiable information (PII) on websites such as credit card data and password credentials, website traffic, and other assets and resources.
The research showed that criminals also used ransomware to encrypt website content.
Plus, compromised websites were used as a platform for attacks on websites of the company’s business partners too.
When a corporate website is breached, the company’s reputation takes a big hit and the website is often ‘blacklisted’ by search engines like Google, leading to a loss of visitors and potential customers.
According to a recent Ponemon report, the average dollar cost of a data breach for U.S. companies in 2017 was $7.35 million.
Use routine penetration testing and vulnerability scanning to identify flaws before cyber criminals do. Review the website’s file structure periodically for changes or suspicious content.
Privacy laws often dictate security protocols around how data is sent, stored and disposed of. Check what needs to be done in your industry, and ensure the website meets the criteria.
Secure the website with Secure Sockets Layer (SSL) certification. This is standard security technology for ensuring that data being sent and received is transmitted securely.
The admin level of a website can be an easy way in for criminals. Set requirements for strong passwords and time limits for authorization and the number of login attempts. Only employees who need access to do their job should have access. Scan devices plugged into the network for malware each time they’re attached.
Strong passwords (a mix of capitals, lowercase letters, numbers, special characters, and random structures) should be used on all website applications. Never write passwords on a post-it note and leave it visibly exposed in the work area.
Use a web application firewall to identify and block malicious requests before they reach the website.
Whatever website platform is being used, monitor for the latest patches and update applications and add-ons as soon as vendors issue patches. Keep plug-ins and website software updated too.
Back up all website content regularly so you can restore copy if there is a cyber attack. Backups should be kept safely in another location.
Publish a detailed security policy that covers best practices and business continuity plans.
Use video surveillance, and restrict access to servers, network, etc. Be sure to securely destroy legacy hard drives rather than stockpile or recycle them.