Hacking. Malware. Virus. Phishing. Web Attacks.
In today’s highly technical world, these words are more than threatening - they’re downright scary. It’s no surprise that web security is among the hottest topics everyone is talking about.
With so many relying on email servers, social media, web systems like WordPress, Joomla and Drupal and other web-based applications, it’s more important than ever to ensure account security and protect sensitive data from attack. The good news is you can help keep your web accounts secure with a few simple tips:
1. Latest and Greatest
When a website becomes outdated or uses insecure software, it becomes more vulnerable to compromise. Automated bots commonly scan sites for weaknesses in the CMS and will hack into outdated systems.
Website upgrades often include fixes to these vulnerabilities that can help protect sites from security breaches and keep a site running smoothly. When a new plugin or CMS version becomes available, coordinate upgrades with your web developer to avoid data loss, corruption or scripting errors. Learn more about upgrades in the article “Web Upgrades: Is it time to upgrade?”
Web browsers can also become subject to attack if not regularly updated. Check for updates on your browser – whether Google Chrome, Mozilla Firefox, Opera or Microsoft Edge. If your browser is no longer supported, install the latest version. Your best defenses against security and privacy issues are to ensure you’re using the most current version and to keep automatic updates enabled.
2. The Secret Word Is…
One of the most common security vulnerabilities for websites, emails platforms and social media are passwords. Today’s users struggle to memorize the large volume of passwords they need for their accounts, so they resort to writing down passwords, reusing them or using variations of common phrases – all practices that can leave accounts open to cyber attack.
To keep your passwords safe from phishing scams, automated bots and other scams follow a few simple rules: 1) always change the default password; 2) avoid commonly used words or phrases; 3) take care with where you store passwords; 4) if one account is breached, update passwords for other accounts and never use that password again; 5) use reputable password management software like LastPass, Dashlane or Sticky Password.
3. Set Permissions
Create user roles and define privileges for each role to increase site security. Limit the number of administrators to protect against threats to the entire system; standard users should have a separate set of permissions. Configure your user rights so that only the people that absolutely need access to files and objects have them – follow the Principle of Least Privilege
4. Encrypt It
Security protocols like Transport Layer Security (TSL) and its predecessor Secure Socket Layers (SSL) offer privacy and data integrity between two applications – like connections between a client (e.g. web browser) and a website server (e.g. greenleafmedia.com). TSL and SSL protocols encrypt data during transfer to ensure connections are private, authenticated and secure.
However, encryption does not protect websites against malicious attack, it simply helps prevent hackers from being able to intercept data and communications via Man in the Middle attacks. E-commerce websites should make sure SSL certificates are in place to protect sensitive user information like credit card numbers during data transfer. Check with your developer or web host to ensure your site is secure.
5. First Defense
A firewall is your network’s first line of defense, typically set up by your web developer or IT staff. Firewalls monitor and control network traffic and act as a barrier between a secure internal network and unsecure outside networks, like the Internet. Firewalls limit access to your server – you can block specific services like FTPs or specific IP addresses for added security.
If your company provides products and services over the Internet, a web application firewall (WAF) may be important to have in place for your site’s security. A WAF monitors, inspects and analyzes HTTP traffic and data packets as they travel to and from a web application. By filtering out or blocking potentially harmful traffic, WAFs are an effective control against common security attacks like impersonation, SQL injections and cross-site scripting (XSS).
Having regular or automatic backups an integral part of your security policy is a good idea. Should security become compromised, organizations can restore site content, files or databases and return to normal operations quickly when a recent backup is ready to go. Keeping backups offsite is the best way to protect files and ensure their safety.
Individuals should back up their computer’s local documents regularly to a secure location, like their organization’s server. Cloud-based hosting is available for IT professionals to back-up an organization’s entire server. And, many web hosts will offer back-up services for your website and content. In most cases, your IT staff, a web developer or your website host should be able to help with appropriate back-ups.
If you’re concerned about web security or think your data might have been compromised, consult your IT staff or web development group. They’ll know the best security practices and how to apply them to your web systems. For more information on web security, reach out to the team at Greenleaf Media. We’re here to help.