With thousands of attacks daily on websites of all sizes, we thought we’d get your day started with some simple website security tips that should be a regular and central part of your security routine. And here’s why.
As hackers of all sorts constantly probe businesses of all sizes for any kind of vulnerability they can exploit, websites could by far be the biggest hole in security. And just one recent hack should have been a wakeup call for anyone responsible for website security. In the world of security breaches it seems like a lifetime ago, but it was less than three months ago that a company called Hold Security reported finding a stash of more than a billion usernames and passwords, along with half a billion email addresses, on the servers of Russian hackers.
So how did this small group of amateurs steal information on nearly a third of the world’s Internet users? They exploited a frighteningly simple vulnerability on hundreds of thousands of websites. The vulnerability was a SQL injection, something almost every security pro and even webmaster can easily fix with a couple of lines of code.
But it looks like hundreds of thousands of website owners were not aware of that vulnerability or easy fix, or weren’t using a website scanning service that would quickly find and neutralize it.
According to the researchers, more than 400,000 websites around the world were exploited by this one gang alone, and using mainly this vulnerability. And how were they attacked? The attackers used thousands of botted computers, many of them exploited business computers, to search for vulnerable websites.
This and other attacks were reminders of just how much work needs to be done in website security. These hackers could have easily been thwarted if the owners of these websites had taken even the most basic precautions.
So with that in mind, here are seven simple website security tips that should help keep hackers beyond the gates:
Your best decision in website security may be in the service you use to scan and guard your website. What many business owners don’t realize is that many of the cheaper services on the market actually do very little. Some services will help you find and fix any vulnerabilities they find but won’t actually block them or stop them. Others will help identify high risk threats like malware already on your website but won’t help you remove that malware.
It’s like your computer antivirus software telling you that you have a bunch of malware on your computer but it’s up to you to get rid of it. That’s OK if it’s a free service, but unacceptable when you’re paying them to protect you and your customers. So keep a copy of these website security tips handy, check them often, and share them around. Hackers won’t be glad you did, but you will be.
Contact SiteLock today to learn how to secure your website.
Google Author: Neal O’Farrell