Tag: web application firewall (WAF) Page 3 of 4

malware

5 Ways to Protect Your Website From Malware

protect website from malwareThere are over 1 million new strains of malware created every day. One identified infection can get your website blacklisted by Google, who currently blacklists over 10,000 websites each day. Mind you, the malware need not even be on your site.

SMEs (Small to medium-sized enterprises) are unfortunately one of the largest targets of cyber attacks. On average, over 30,000 SME websites are targeted each day, and to make matters worse, nearly 60% of their IT professionals think they aren’t at any real risk of being attacked.

Don’t allow your business to suffer expensive cyber attack damages (which average around $50K per attack) — instead, be proactive in your web security efforts to prevent security threats, protecting you and your customer’s private data. Here are 5 tips to help you protect your website from malware and other cyber threats:

1. Updates and Patches

Is your website running off of a Content Management System (CMS) such as WordPress? A CMS can be an easy and cost-effective way to manage your business’ website, but they’re also large targets for cyber attacks.

Why? Many CMS platforms and plugins are often easy targets for hackers and allow backdoor access to your server and data (a recent example of this vulnerability was the SoakSoak attack that occurred last month). Make sure your system, plugins and themes are always up to date, strengthening your web security. Many CMS solutions will even automatically update files for you, if you choose.

2. Website Scanning

Many web viruses and other malware go unnoticed until it’s too late, due to their elusive nature. They can often be implemented with a simple one-line script, injected into the code of your website – made to look like normal code.

Website security scanning software can scan your website for existing malware and other harmful code that doesn’t belong, and notify you immediately of any threats. Our SMART (Secure Malware Alert & Removal Tool) software takes it a step further by automatically removing anything harmful – similar to what a virus removal software does for your PC.

3. Web Application Firewalls

Removing existing website threats is one issue, but keeping them from coming back is another. With over 1 million new malware strains created each week, your business’s website can potentially to be infected by a new virus every day.

Web Application Firewalls (WAF) can help prevent attackers from even visiting your site. How do they work? Let’s take our TrueShield WAF, for instance – it evaluates traffic based on where it’s coming from, how it’s behaving, and what information it’s requesting. Based on these and other criteria, the firewall will allow “legitimate” traffic (e.g. customers and search engines) access while blocking “malicious” traffic (e.g. spam bots and hackers).

Used in conjunction with a website scanning solution, a WAF can help provide around-the-clock, hands-free security for your business’s website.

4. PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS), or PCI for short, is a security standard that businesses must adhere to if they accept major credit cards. This compliance helps ensure that your business and customers are protected from cyber attacks and fraud by providing a documented, baseline security posture for your site. Failure to comply with PCI standards can result in direct financial damages, lawsuits, government fines and ultimately ruin brand reputation in the event of a data breach.

Fortunately, it’s not difficult to become PCI compliant. There are many solutions that walk you through the steps to help create your own customized PCI policy. Our SiteLock® PCI Compliance program takes it even a step further by scanning your site and network, and you can also add on our PCI-certified TrueShield firewall.

5. Strengthen Passwords

Even now the world is still using weak passwords. A strong password is one that contains over 8 characters, no dictionary words, has a mixture of uppercase and lowercase letters, and includes digits and/or special characters. Unfortunately, many of those boxes aren’t checked – allowing brute-force hacking techniques (repeated attempts to login to your website) to become effective.

It’s extremely important that you create a strong password for your website’s back end, since it can often times be an easy way into your private data. You should also advise your customers who have online accounts to do the same, to help protect them from future attacks. After all, it only takes seconds for a computer to crack a poorly created password.

Want to stay up to date on the latest malware trends and ways to protect against them? Follow SiteLock on Twitter!

Why DDoS Protection Is No Longer Optional

If businesses are to survive the growing threat of DDoS (Distributed Denial of Service) attacks, then DDoS protection must evolve quickly and respond even faster. Hackers have no shortage of options when it comes to launching DDoS attacks. In early October, Akamai warned that hackers are now targeting Universal Plug and Play devices, or UPnP, to launch their attacks. The firm estimated that there were more than 4 million UPnP devices, from home routers to web cams, that were vulnerable to being conscripted by hackers to launch devastating DDoS attacks.

Read More

Shellshock exploit

Shellshock Exploit Exposes Millions Of Servers To Hackers

Remember Heartbleed, that age-old bug that only surfaced last year and left more than half of all internet servers around the world exposed? Looks like we might have yet another Heartbleed on our hands. This one has been codenamed Shellshock.   Experts are already saying the Shellshock exploit could impact millions of Unix systems that operate on Linux or Mac iOS. And may even threaten consumer devices including home routers.

Read More

10 Takeaways From The 2014 Verizon Breach Report

2014 verizon data breach reportEvery year about this time, Verizon comes out with an annual review of the results of its investigations into thousands of data breaches and security incidents from around the world.

The report can be very data heavy and even a little depressing, but we can learn great things from it. Here are just ten:

Read More

malware removal

7 Website Security Myths Hackers Want You To Believe

Learn the top 7 website security myths hackers are hoping you believe…

Myth #1: You’re too small to be of interest to them.

Let’s face it, it’s the most common excuse made by business owners. It seems preposterous to them that of the tens of millions of businesses around the world, many of them very lucrative, busy hackers would have time for them. What they don’t realize is that cybercrime has become automated and the hackers have sophisticated tools that will scour the internet looking for unprotected websites and poorly protected or unpatched computers and networks.

Myth #2: You have nothing worth stealing.

“I don’t take credit cards,” or “It’s all handled by a third-party processor” are common responses, and based on the belief that hackers are only after credit cards. All data, any data, is of value. That can include names, addresses, phone numbers, email addresses, buying habits, purchasing history, employee records, Social Security Numbers, intellectual property, passwords. And often the hackers don’t want to take, they want to give. Like using your unprotected websites to hide malware that will be spread to visitors to your site.

Myth #3: If there is a breach, it won’t be a big deal.

In reality, the smallest security breach can be a really big deal. There have been many cases of smaller firms being wiped out by a single piece of malware accidentally downloaded by an employee. And if the hackers don’t get you, the lawyers might. There is now an army of lawyers whose only focus is to sue businesses on behalf of customers whose data was exposed in data or security breaches. And of course there are all the regulators and the fines they can impose, not to mention the long-lasting damage to your brand and reputation if your customers think they can’t trust you.

Myth #4: Antivirus software and a firewall are all you need to be safe.

Don’t get me wrong, they’re essential, but there’s so much more to security. Businesses that have relied on just the basics have found out the hard way that hackers are way too determined to be deterred by the basics.

Myth #5: A website is really just a flashy billboard to advertise your business.

Your website is so much more. It’s often the only way customers can find your business, so if it’s compromised, blacklisted, or otherwise not available, your customers are going elsewhere and probably not returning.

Myth #6: Your employees pose no risk.

No one would ever accuse Irene in accounts of being a hacker’s best friend, right? But many security and data breaches are as a result of exploitations by hackers of mistakes by employees. If your employees are not trained to be sentries, they’ll be quickly turned into vulnerabilities.

Myth #7: Your password is perfectly fine.

How often do you think about your own passwords, let alone those of every other employee in your business? One weak password is all it takes. But in reality, most passwords are weak and exploitable. And if that include FTP access, a complete stranger may end up owning your web site.

Don’t be fooled by these myths. To learn how you can protect your website and keep hackers out, give the SiteLock security experts a call at 855.378.6200. We are available 24/7/365 to help.

content delivery network

Increase Website Speed with a CDN

We all want faster websites, no matter which side of the site we’re sitting on. Surfers want faster page loading times because they’re usually impatient and will quickly lose interest if the page appears to take more than a millisecond to load. And as a business owner, you should be concerned with speed too. You don’t want to lose valuable customers just because your website appears to be tranquilized.

Read More

Protecting Customer Data

Customer DataIdentity theft is the number one crime in America, a crime that claims an average of more than a million new victims every 30 days. And many of those victims are as a result of businesses that leak their customer information, usually by accident, and often through their website.

Read More

malware removal

Protect Your Website From Hackers

No one likes talking or even thinking about bad things around the holiday season. It goes against the holiday spirit! But you may not have any choice. Bad things can happen to your business at any moment, and may even be happening as you’re reading this. Every day, millions of small business websites are being prodded and probed by automated hacker tools looking for unsecured websites they can hijack. It’s almost like a thief walking along a row of cars and nearly invisibly checking each door handle to see which ones are unlocked. Except hackers have an additional layer of secrecy. They don’t have to leave their homes to check websites, and they can see many of them – all at once.

Read More

How a Web Application Firewall Benefits Your Website

web application firewallDoes your website have a bouncer, and if not, why not? Think about it. Websites are being probed by hackers millions of times every day, using sophisticated and automated hacking tools looking for any vulnerabilities they can exploit. It’s like having a store on Main Street that’s swarmed with visitors every single day, only you can’t tell which customers are going to pay you and which ones are going to shoplift.

A web application firewall, or WAF, is like a bouncer for your website. It stands between you and the street and determines based on a variety of criteria who gets in and who’s kicked out. It acts as a filter to make sure the visitors to your online store don’t mean you any harm.

Read More

To WAF or Not to WAF? Part 3: Types of Website Traffic

Who is visiting my website?

There are two basic categories of traffic that visit your website – humans and bots. An invaluable benefit of the TrueShield web application firewall is being able to differentiate, not only between these two basic groups, but also to separate the good bots from the bad. Bots get a bad rap, since most people associate them with cyber attacks. But if it weren’t for the search engines using bots to index your website, your site would never appear in a search and all your SEO efforts would be wasted. These are the good bots, and if your website application firewall is blocking them you could be hurting your online business instead of protecting it. SiteLock ensures that these bots are able to access your site and do their job for you. Knowing more about your visitors also enables you to spend smarter when it comes to marketing dollars, and to provide your advertisers with the most accurate numbers.  When it comes to your website traffic (and, well, pretty much everything else in life), knowledge is power.

Read More

Page 3 of 4

Powered by WordPress & Theme by Anders Norén