“There are two types of companies: those that know they’ve been breached, and those that haven’t figured it out yet.” Those were the words of a highly successful venture capitalist behind some of the most successful cybersecurity companies. And while the chances of being a victim of a security breach are very high, it’s not a forgone conclusion. There are steps every business should take in order to avoid falling victim, or at the very least limit the damage.
So many attacks on businesses are exploits of holes the hackers found before you did. And probably because they were looking for the holes while you weren’t. For most businesses, most of those holes are in their websites, and mainly caused by either poor security configuration or a failure to update programs and third-party plugins.
You can bet that even if you’re not monitoring your website, hackers are. And all the time just waiting for you or an employee to make a single simple mistake. Services like SiteLock monitor your site just like the hackers do, sniffing out vulnerabilities and weaknesses and helping you plug them before they can be used by hackers as a backdoor into your website.
I know, that message is getting old. But for all the warnings about passwords, many businesses and their employees are still not getting the message. Even bigger companies may not be. The recent massive security breach at eBay that exposed more than 130 million customer accounts may have all started with the exploit of weak employee passwords. So to repeat: strong, random passwords everywhere, changed often, and guarded closely.
Hackers are never supposed to be in your networks, website, or data. But neither are some employees. Yet many businesses allow their employees to access all kinds of sensitive resources that they have no reason to access. By restricting access to key assets, like your website, you minimize the risk of a careless employee handing over the keys to a hacker.
That’s not just a warning about how you screen your employees, but also making sure they’re the kind of people most likely to follow your security rules, understand their role in protecting their workplace, and not engage in behavior that can put your business at risk.
I’ve said it before but I’ll keep repeating. Your employees can be your best defense or your greatest vulnerability. It all comes down to how security aware and vigilant they are, and that all comes down to how seriously you take their role. Train, remind, test. Train, remind, test. Rinse and repeat.
One of the great things about developing a website today is that you don’t have to develop much. There are thousands of developers who offer great tools at affordable prices that can be plugged in and running in a matter of minutes. But that comes with a downside, if those plugins are not free from major vulnerabilities. Like the recent case of the SEO plugin for WordPress that is used by millions of businesses and was recently found to have a major security hole.
Mobile devices have become the bane of many businesses, particularly as employees use them for both personal and business tasks. The theft of a smartphone or tablet, or an employee who downloads malware to one of those devices, can expose valuable business information or create a backdoor for hackers.
Who would want to breach your business and what would they zero in on? Keep asking yourself that question. Look at your website like a hacker would. Look at your employees and their behavior, your email, the way you protect your information and what kind of information it is. The view from beyond the wall is always different than from your side.
New malware is now appearing at the rate of 160,000 different varieties every single day. If that pace continues, by the end of this year there could be more than 50 million varieties of malware. To add to the hundreds of millions already out there. Most malware consists of smart and dangerous Trojans that get smarter every day. If you’re not proactive about avoiding malware, chances are lots of it will slip past.
If tackling website security sometimes feels overwhelming, we get it. You already have a full-time job. Some things need to be done by you (password policies, hiring practices, etc). But much of the heavy security lifting (malware detection and removal, vulnerability scanning, and threat blocking) can be left to SiteLock. Let us build a security solution to fit your site, because protecting your website is our full-time job.
Google Author: Neal O’Farrell