On Friday, September 27, 2018, the website www.facebook.com was hacked due to an application vulnerability. Approximately 2.5% of Facebook’s more than 2 Billion monthly active users were affected. This equates to over 50 million people. Facebook says that the attackers could see everything in the victim’s profile.
Facebook isn’t alone as many sites were attacked by hackers in 2018. This list includes British Airways, Orbitz, and Under Armour. Complete list can be found at: https://en.wikipedia.org/wiki/List_of_data_breaches Do you think that your website isn’t vulnerable?
So, let’s ask a question. Is it True or False: Cyber Hackers only access large websites. Answer: False. Even a small website can generate a substantial amount of money Cybercriminals and web hackers can make money with your compromised website by distributing malware, spam and can set up e-mail spam servers and phishing sites. Money is the motivation behind the attacks.
Large websites like British airways that had 380,000 records compromised have a better chance for a cybersecurity attack, but they also have the resources to stop an attack quickly. The small business owner does not have the cash resources to stop such an attack and may not know about the attack for several days. For Facebook, the first indication of a cybersecurity attack occurred on September 16th, when the website saw an unusually large increase in the number of users accessing Facebook. It took them over 10 days to fully identify the problem when the issue finally surfaced.
So, what’s in a Hackers mind? They want to steal something from you. It could be money or trade secrets. Sheer destruction is a major motivator. Hackers may want to destroy all of your records, or destroy your reputation. So, what can you do to protect your website using cybersecurity? Please follow these recommendations.
- Have a conversation with your website designer/developer. If you have created the site yourself, reach out to your business associates and find a website professional who can monitor your site and help with proper protection.
- Toughen up access control. The last thing you want a hacker to see is the admin level of your website. Be sure to use complex passwords (not “password” or “password 123”). Limit the number of login attempts within a certain time, even with password resets. Never send login details by email, in case the unauthorized user has gained access to the account.
- Update Everything. Updates cost software companies money. They only do it when necessary, yet many people who use the software do not install updates immediately. If the reason behind the update is a security vulnerability, delaying an update exposes you to attack in the interim period. Hackers can scan thousands of websites an hour looking for vulnerabilities that will allow them to break in. They network like crazy, so if one hacker knows how to get into a program then hundreds of hackers will know as well.
- Tighten Network Security Work with your Information Technology Professional to make sure that logins expire after a short period of inactivity (i.e. computer goes to a screen lock); passwords are changed frequently; passwords are strong (minimum 12 characters with upper lower case letters, at least 1 number, and at least 1 special character) and are NEVER written down (especially with a sticky note on the computer screen or under the keyboard). You need to verify that you have strong security software that scans all devices connected to your network (such as flash drives) before allowing access to these devices.
- Install Website Security Software Talk with your website design professional for the best security software to protect your website. It’s work the extra cost to protect your data and your reputation.
- Install Web Application Firewall Just like with your business computer network, you can install a web firewall. It can be a physical device or a software product. It sits between your website server and the internet and reads every bit of data passing thru it.
- Hide Admin Pages You do not want your admin pages to be indexed by search engines, so you should use the robots.txt file to discourage search engines from listing them. If they are not indexed then they are harder for hackers to find.
- Limit File Uploads File uploads are a major concern. No matter how thoroughly the system checks them out, bugs can still get through and allow a hacker unlimited access to your site’s data. The best solution is to prevent direct access to any uploaded files. Store them outside the root directory and use a script to access them when necessary. Your website professional will help you to set this up.
- Use SSL Use an encrypted SSL protocol to transfer users’ personal information between the website and your database. This will prevent the information being read in transit and accesses without the proper authority.
- Backup, Backup, Backup It’s important to backup your website often. Keep a copy off-site. You never know when something may happen and if your website is an e-commerce site that processes financial transactions, you can’t afford to have the site go down. AND if you don’t have a recent backup of the site, then you have to rebuild the site from scratch. This is the same concept as a computer – you need to back it up and do it often.
Reach out to your trusted Information Technology Professional with any security related questions you may have including who a good website designer/developer would be for your business.
Contact your trusted Information Technology Professional for assistance with password management. Being proactive to protect you and your business against possible security breaches, cybersecurity attack, and computer infections starts with having a good password management program. Your Information Technology Professional can provide Security Software, physical firewalls, and Cybersecurity Vulnerability Scans to provide the proper protection for your business. Your Information Technology Professional can recommend a high-quality website designer/developer for your business, if you are either dissatisfied with your current website vendor or don’t have one. This is the benefit of working with an Information Technology Professional.
Being proactive to protect your business from the unwanted cybersecurity attack can save you thousands of dollars and can save your business reputation.
Founded in 2003, ELIJAH is a multi-award-winning leader in providing expert digital forensic, data security solutions, and managed IT. ELIJAH is owned and managed by former litigation partners and is an efficient boutique digital forensic, cybersecurity and IT solutions provider that makes clients’ lives easier through effective communication and white glove service. For additional information, please visit http://www.elijaht.com or call 866-354-5240.
Elite Networking and Consulting is now part of ELIJAH. ELIJAH looks forward to continuing to deliver managed IT services with the same degree of care and high standards created by Elite. ELIJAH is also pleased to broaden our scope of expertise in providing digital forensic, cybersecurity and IT solutions.