Strike Back Against Cyber Attacks

The basics of website security
by : 

Maggie Feeney

August 12, 2013
Strike Back Against Cyber Attacks

Few of us leave our homes unlocked while we sleep or our cars unlocked while we shop. The reason? While most people are trustworthy, criminals are opportunists, and an unlocked door gives them access to our valuable investments. So, why should the Internet be different?

Cybercrime has become serious business. Hackers, identity thefts, and other cybercriminals can wreak havoc on your website, from locking you out of your own site to stealing confidential information (e.g., your passwords, your customers’ credit card information). In fact, a 2013 SophosLabs study revealed that 80 percent of websites labeled as “dangerous” were actually legitimate sites hacked by opportunistic criminals.

Whether you already have a site or are just setting one up, make sure to ask potential service providers about their website security protocols to ensure you are getting the best possible security for your website. Here are a few things to look for:

Malware protection

Firewalls, antivirus software, spam protection, and intrusion detection software (IDS) are must-haves for any website—they are your frontline defenses. Maintaining a safe hosting environment is a complex process, so if you are opting for the cheapest web hosting service, be aware that you may also be opting for subpar malware protection.

SSL (Secure Sockets Layer)

If you plan to sell merchandise or gather personal information such as credit cards on your website, SSL is essential. SSL creates an encrypted path between your website and a visitor’s web browser, securing their sensitive user data. SSL-protected webpages begin with “https” instead of “http.” The higher the encryption bit-number (e.g., 128-bit), the stronger the security level.
Obtain a signed SSL certificate from a trusted source such as Verisign. If you opt for a cheaper, self-signed SSL certificate, visitors will be alerted that your site has an unrecognized security certificate. While your self-signed SSL certificate may indeed be legit, this warning is usually enough to deter visitors from proceeding to your site.

Backups

In the event of a security breach, you will need to rebuild your site. Regular backups ensure your site will be back online quickly and with little loss of data. Look for at least a daily backup. Also, find out where your backup data is stored. Backup data stored offsite from the web servers adds another layer of security.

Updates

New threats and vulnerabilities are constantly surfacing on the Internet, and unpatched programs are essentially open-door invitations for hackers. Frequently updating software, drivers, applications, etc. is crucial to ensure your site is protected against potential hacks and viruses. Check with your web hosting service to find out which updates they perform automatically and which you are responsible for.

SFTP (Secure File Transfer Protocol)

File transfer is the way you upload files to your website. If you’re just using standard FTP, your data (including passwords and other confidential data) is transmitted in clear text, which means a hacker can easily take advantage of stolen data. SFTP encrypts your data so it can’t be hacked.

3 points to remember about passwords

  1. Never keep the default password issued to you by software programs, web hosting sites, wireless routers, and remote-enabled security systems (the ones that can lock and unlock your door, turn on and off lights, change your thermostat, etc.). Hackers are looking for breaches in firewalls, and if you’re using a default password such as “admin,” “password,” or “1234,” you have just handed over the keys to your data.
  2. Change your web hosting server access passwords periodically (all your passwords, for that matter) and use a different password for every program or service requiring one. Set a reminder on your calendar to change them once a month and make sure to create strong passwords. It’s a good idea to make your passwords at least 8 characters long, containing letters, numbers, and symbols, and not consisting of something as obvious as your pet’s name and your birthdate.
  3. Don’t ever store passwords anywhere—online, on your computer, in a paper file—in clear text. Consider using a secure password management service to remember your passwords for you (e.g., Keeper, 1Password, KeePass, or LastPass). Some will even generate strong, complex passwords for you that are much more difficult for hackers to break.

Help—I was hacked!

In the unfortunate event that your website has been compromised, Google offers helpful tips to navigate what to do next. Visit www.google.com/webmasters/hacked for detailed advice and information.

Maggie Feeney is Managing Editor of Retailing Insight.