How to Secure Your Website
Keeping a website secure is an ongoing project that could make the difference between the success of a business and a catastrophic loss of data. Even with smaller businesses that carry out their transactions primarily through a break-and-mortar store may not realize just how much sensitive information can be lost through their website. For those that are currently maintaining a website or just looking to develop their own site, here is a closer look at the basics of pre-emptive online security.
Updating and Understanding Software
No matter what software is used to create, host, or protect a website, those that are going to have access to these programs need to have a good idea of all of the controls and options. Many times, advanced controls may be needed as the website begins to expand, and no one should ever make any changes that they are not fully comfortable with. Even minor alterations regarding user or admin access could have serious repercussions.
It is also essential to keep all software up-to-date and active at all times. One of the easiest ways for a third-party to attack a website is through outdated software. While the constant reminder of updates may seem like a hassle throughout the years, a high percentage of all updates are going to come down to security issues when they become noticed. As the software manufacturers find exploits in their programming and coding, updates are the only way to patch these holes up.
Logins and Passwords
For many companies, one of the easiest ways to gain access to data is through what is known as a brute force attack. In these attacks, a machine is going to methodically enter user names and passwords as a user or as an administrator in order to gain access. Many times, these attacks can be thwarted or dramatically slowed down with minor changes to logins and passwords. First, all admin accounts should have their login names changed to a more complex alphanumeric series. For failed attempts, as little information as possible should be given to those trying to login. Phrases such as “This password does not match this login” will show that at least half the information is correct and speed up a brute force attack. The best tips for passwords include:
Make them as complicated as possible.
Avoid common phrases and series (abcde, 12345, password or your birthdate).
Purposefully misspell common words.
Avoid personal names and company names.
Use acronyms instead of names.
Security Certificates and Software
There are a variety of security certificates that can be used on a website that will help protect owner, the admin, and any visitors of the website. The most popular security certificate is known as Secure Sockets Layer (SSL). When a visitor lands on a website, this security software will help to create a secure connection between the visitor’s browser and the website. Along with Certificate Authority (CA), this is one of the most effective methods for protecting a website. While not every website owner or admin is going to need this level of protection right away, all companies buying or selling goods online should carefully consider which security certificates they will need.
The final step in this process is penetration testing, or pen testing. This can either be carried out by a company or the admin can use a specialized program that will attempt to break through the security of the website. Any and all exploits that are revealed during the pen test will be shown to the website owner who can then decide on what further security services they will need.