Page 54 of 62

7 Website Security Tips You Can’t Afford To Ignore

With thousands of attacks daily on websites of all sizes, we thought we’d get your day started with some simple website security tips that should be a regular and central part of your security routine. And here’s why.

As hackers of all sorts constantly probe businesses of all sizes for any kind of vulnerability they can exploit, websites could by far be the biggest hole in security. And just one recent hack should have been a wakeup call for anyone responsible for website security. In the world of security breaches it seems like a lifetime ago, but it was less than three months ago that a company called Hold Security reported finding a stash of more than a billion usernames and passwords, along with half a billion email addresses, on the servers of Russian hackers.

Read More

USB exploit

Nasty USB Exploit Makes Malware Detection Tough

USB exploitWho would consider the possibility of a USB exploit?  Whether it’s malware prevention, detection, or removal, the sneaky critters are now getting so clever the challenge of dealing with them just seems to get harder. And sometimes people just get in the way.

You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer.

Story Of A USB Exploit

A couple of months back, a fellow security hack told me the story of a simple but effective way hackers had found to break into a business simply by exploiting the curiosity of a CEO.

Read More

Shellshock exploit

Shellshock Exploit Exposes Millions Of Servers To Hackers

Remember Heartbleed, that age-old bug that only surfaced last year and left more than half of all internet servers around the world exposed? Looks like we might have yet another Heartbleed on our hands. This one has been codenamed Shellshock.   Experts are already saying the Shellshock exploit could impact millions of Unix systems that operate on Linux or Mac iOS. And may even threaten consumer devices including home routers.

Read More

PCI compliance

Protecting Your Business From A Data Breach

It’s been a good time for malware and its authors, but a very bad time for businesses and especially those that have suffered a data breach. A variety of point of sale (PoS) malware has run rampant through thousands of business and retailers in just the last few months, creating a massive haul of stolen credentials for hackers worldwide. And making consumers a very nervous bunch.

The Home Depot Data Breach

The latest victim is Home Depot, which only just announced that it had lost at least 56 million customer credit and debit cards to hackers who used a variant of PoS malware that’s growing in popularity amongst criminals — because it apparently works very well.

Read More

ddos protection

Deny, Deny, Deny. DDoS Protection For Your Website

When Did The Need for DDoS Protection Begin?

It’s been a while since the world first started hearing about Denial of Service attacks. It was February 2000, and in the space of just one week, major websites like Yahoo!, eBay, CNN, E-Trade, and Amazon were experiencing inexplicable outages that lasted for more than an hour in some cases. And those outages were costing them millions of dollars in lost revenues.

A little investigating, combined with loose lips on the part of the offender, eventually pointed law enforcement to a 15-year-old Canadian high school student going by the handle MafiaBoy.

Read More

PCI compliance

PCI Compliance: A Piece of Website Security

If you think for some crazy reason your business is too small, too obscure, or simply just too uninteresting to be of any value to a busy hacker, be prepared for a rude awakening. The one thing the all of the recent major data breaches had in common is that all the businesses involved were probably PCI compliant. And it was still no guarantee.

There has been a seemingly endless parade of massive data breaches in just the last few weeks, including UPS, Dairy Queen, Community Health, Apple’s iCloud, the 1,000 businesses the FBI said were just hacked, and, oh yes, the suspicion that Home Depot just suffered a data breach even bigger than Target’s.

Read More

PCI Compliance: Rules Stiffening

pci complianceAs yet another series of data breaches unfolds, there’s been more focus on PCI compliance than ever before. And for good reason. Apparently the PCI Standards Council, the body that overseas PCI, thinks that too many companies are failing in their obligations.

In just the last two weeks we’ve seen major data breaches announced at firms like JP Morgan Chase, Community Health Systems (4.5 million Social Security Numbers exposed), UPS, Dairy Queen, and more than 1,000 retailers.

Read More

10 Ways To Keep Hackers Away and Protect Your Data

moneydownthedrain1. Don’t Keep What You Don’t Need

Most businesses hang on to too much data for too long. And it’s often data that they don’t need. Or worse, didn’t realize they even had. So do a spring-cleaning. Do an inventory of all your data and everywhere you keep it. Identify what you don’t need, then get rid of it forever. And not by simply hitting the Delete key, but overwriting it to military standards or shredding it. When it comes to data breaches, you can’t lose what you don’t have.

2. What You Do Keep, Know Where It Is

So many data breaches result from data being in the wrong place at the wrong time. Like highly sensitive customer or employee information being carried around town or across the world on an unprotected laptop. As part of your inventory you need to know where your data is at all times so that you can protect it at all times. That means checking servers, desktops, laptops, websites, tablets, phones, removable storage, filing cabinets, storage lockers, warehouses, third parties and anywhere else it might be hiding.

3. Classify Your Information

Not all information is created equal. And understanding that you can’t protect all data all the time, you have to focus on the stuff that’s worth protecting. That’s where data classification comes in. There are a number of different ways to classify data, but they’re usually a series of three to five categories of importance – from top secret to simply private and confidential. By assigning a security classification to your data, you make it easier for employees to instantly understand how they need to handle that data.

4. Encrypt

In most states, you get an almost free pass on data breaches if the breached data was encrypted. That’s how good encryption is at making data useless to hackers. Encryption is getting much easier to implement and afford. Encryption isn’t just for credit cards and online transactions. In any business you can easily encrypt files, folders, hard drives, texts, phone calls and emails, photos and videos, and just about any kind of data.

5. Comply With PCI

The credit card companies are pretty good when it comes to protecting information, which is why PCI compliance is a great baseline. It’s not perfect and not a guarantee, but you should never be without it.

6. Lock Down Your Website

Many of today’s breaches start with the exploitation of poorly protected and patched websites. Which is really a shame because it’s so easy to protect your website. Make sure you’re using some kind of web scanning or monitoring service that will find and fix security holes before hackers do.

7. Turn Every Employee Into a Data Sentry

Technology only goes so far when it comes to preventing data breaches. People fill that gap, and the most important people are your employees. Every employee needs to understand the value of data, the risks of breaches, and how their choices can make all the difference

8. Try Not to Move It

If you know where your data is and you don’t plan to move it any time soon, then it’s very easy to lock it in place. But data is at its most vulnerable when it’s on the move – like stored on a traveling laptop or phone, sent on tape to a third party like a payroll processor, or even being emailed between employees.

9. Don’t Forget Paper Records

It’s estimated that one in every five data breaches involves paper records. That means documents stolen from a briefcase or in a burglary, dumped without shredding, or simply mislaid. So as part of your inventory you need to go through the piles of information in every office, pick what you have no more need for, and shred it.

10. Use Layers of Security

While antivirus software is important, it’s not enough. While website security is essential, it’s not enough. While good passwords are a must, still not enough. Hackers after your data are relying on the fact that you might be relying on just one or two layers of security between them and your data. Good security is about creating multiple security perimeters that convince hackers that you’re just not worth their time and energy.

Securing your website can be a daunting challenge. Contact a SiteLock consultant today to learn how to quickly and easily secure your site.

Google Author: Neal O’Farrell

10 Ways A Data Breach Will Cost You

There’s no such thing as an easy security breach. Unless of course you’re a hacker — all too often they seem to easily breach the security of way too many websites. (Check out the OWASP Top 10 to learn more about common exploits)

But if you’re a business owner, being the victim of a data breach is certainly costly. Just how costly is a data breach? Well, that depends a great deal on circumstances and luck.

But here’s just a selection of some of the costs you might be facing:

Read More

Russian Hackers Caught With 1 Billion+ Stolen Passwords

Russian hackersSeems like just about everyone thought that the massive Target data breach earlier this year would be the biggest for a while. Yet only a matter of weeks later, eBay announced a data breach that was even bigger.

Now we’re learning of a hacker haul that makes those earlier breaches look like chump change. Security researchers in Milwaukee revealed that they’ve been monitoring a hacking gang operating from a small Russian town, and found the gang had managed to amass a database of more than 1.5 billion stolen credentials.

Here’s just a sample of what the investigators learned about the hackers, and the implications of their haul:

Read More

Page 54 of 62

Powered by WordPress & Theme by Anders Norén