Successful Blog

Your Company’s Data Can’t Be Breached

by

Search Seo Online Internet Browsing Web ConceptYou’ve likely seen the stories in the news in recent years about company’s having their personal and customer data breached.

Whether it is major players like Sony and Target or smaller businesses that you have never heard of before, the financial damages have been staggering at times. Worse yet, a company’s trust with consumers can be severely crippled, leading it to have to try and win back many of those customers.

So, have you taken a look at your Internet security procedures, reviewing where you are strongest and where you need to do some work?

If not, think about how just one data security breach against your company could impact how you go about doing business in 2016 and hopefully beyond.

Security System Reviews

In order to lower the odds of your brand falling victim to a data breach, remember these key tidbits:

  • Security protection – First and foremost, do you have the proper security system in place to better thwart identity theft thieves? If not, look to see what is available on the market that will best suit your needs. Just as consumers can turn to an ITP Bureau or other such providers who can offer them critical information to protect against identity theft, business owners must do likewise, especially those who run online stores etc. Such a provider has a rating system in place to assess important factors that individuals would take into account when looking for a service to signal warning signs and ultimately thwart identity theft attacks;
  • Employee awareness – Given the fact those you employ (consider yourself the employee if you run a one-person small business) are your first line of defense against identity theft thieves, it is crucial that those on the frontlines stand guard against any data breach attempts. Yes, identity theft thieves are some of the smartest criminals on the lot, but they can be thwarted with the right security plan. Employees must be aware of and report any suspicious attempts to hack company computers. From questionable emails asking to download attachments to leaving company and customer data exposed in public places when employees might be working in a library, café or while on the road traveling for work, there are myriad of options for hackers to try and break-in to a company’s computer system. It is important that you have the same rigid standards regarding data protection in place for your mobile employees, including those you outsource work to. Whenever any of those employees leave your employ, make sure you change-up username and password entries into your system. While most of those who leave your employ are not ones to worry about, remember, just one identity theft thief can do a world of damage, including those who once might have been on your payroll. Lastly, properly assign customer and company data, so that not all employees have access to the most sensitive items. For example, there is no reason for someone on your marketing team to need access to customer financials, log-ins to customer sites etc. Be sure only those with a need for such data have access to it, along with making sure they do not share it with others in the company;
  • Are your providers truly secure? – Never overlook the importance of partnering with secure web hosting providers and others in the technology chain of your business. Any third parties you do business with should be required to sign a form indicating they have necessary security in place to oversee your company’s pertinent data. Also look at data encryption, including the idea of encrypting your company’s email when sensitive information is being passed around;
  • Review and remove – Finally, it is imperative that your company reviews its security procedures and those you do business with on a regular basis. Just like you should be reviewing your company culture from time to time, the same holds true for your company’s security procedures. Search for cracks in the armor, with the plan to fix such holes. Also remove any online data that is no longer of use to your business. This also means properly discarding any and all paper trails as it relates to company and customer data.

With all the different avenues that data breaches can come from, it may seem at times a tad overwhelming for you and your business to stay one step ahead of hackers.

Given all you and your brand stand to lose if a data breach is successfully committed against your business, make sure you’re prepared to stop hackers in their tracks.

Photo credit: BigStockPhoto.com

About the Author: Dave Thomas covers business and technology topics on the web.

Take Your Web Browsing to New and Safe Heights

by

Safety Vs Risk Choice ConceptWith all the concerns in recent years over website security, you would think more businesses would make it their number one focus.

Sadly, however, there are still too many companies who fail to put the right time and effort into thwarting hackers at the front door of their computer systems.

As a result, these businesses leave themselves open to an attack, an attack which oftentimes has devastating public relations and financial repercussions.

As 2016 enters its second month, is this the year that you and your brand take a stand against hackers? If so, what are some means by which to do just that?

Have a Plan and Execute It

In order for your business to improve its odds of keeping hackers away from your brand, you must have a plan and execute it.

Part of the plan is regularly checking to see where your business might be most vulnerable (your website, in-house computers, social media etc.) and knowing how to limit the odds of being hit.

To start with, having total freedom in web browsing does come with a price, a price that you must be willing to pay.

Look at the size of your company and exactly how many employees (you might be the only member) are actively engaged online on a daily basis. With that, see where the cracks and holes may be, problems that could lead you to being the most vulnerable to hackers.

Among the potential problem areas to explore:

  • Working with a web hosting company who does not put an emphasis on security;
  • Allowing employees too much freedom on social media;
  • Falling victim to scams that compromise your computer network’s integrity.

In looking at just these three potential problems, first know who you are working with.

If your web hosting company is lackadaisical when it comes to protecting your website, it is time to find a new provider.

Ask them if they regularly do security checks to see what the latest tactics hackers are trying to implement. Does the provider also monitor your website on a regular basis, looking for anything out of the ordinary? Finally, what protocols do they have in place in the event your website is hacked? A provider that acts right away instead of when they get around to it is the one you want to opt for.

Next, how much freedom do your workers have when it comes to surfing the web during the business day?

Should Your Business Be More Social?

Some companies allow for a reasonable amount of time on social media and other approved sites, while other businesses all but forbid it.

You have to decide early on if your employees will be allowed certain Internet freedoms in the office or if they will be asked to focus squarely on their jobs. Keep in mind that social media usage by your workers can actually help promote your brand, so don’t be too fast to discount how it can help you.

On the flip side, social media can pose a danger to you and your business when used improperly.

For example, if one or more of your employees are using social media to discuss company operations, client data etc., a hacker can easily manipulate the conversation and gain access to your computer system.

The same holds true if someone with ill intent sends you a job application/resume. They could post a fake social media link on their resume, hoping you or someone in your office will download it. Once that happens, malware could be installed in your system, allowing hackers to gain access to company and/or client data that should never go public.

One final area to look at is the sites you and/or your employees browse.

Some sites may look innocent, but they in fact can be downright dangerous for your computer/s.

If you are the least bit suspicious about a site you or an employee comes across or someone proposing you download an attachment that just doesn’t feel right, plot the safer course and just avoid it.

Building and refining your brand takes time and effort.

Staying one step ahead of hackers should never be something you take lightly, especially in a day and age where the web is full of people with misguided intentions.

Photo credit: BigStockPhoto.com

About the Author: Dave Thomas covers business and technology topics on the web.

Guidelines for WordPress Security

by

By Charles Mburugu

With the increase of hacking incidences, security has become a major concern for most website owners. Fortunately, there are several precautions one can take to lower the risk of attack. Here are some tips which will help enhance the security of your WordPress site.

1. Avoid free themes

WordPress offers numerous free themes that you can choose from. However, using such themes is generally not advisable since many have been found to contain malicious code which would make your site vulnerable to all kinds of attacks. If you must use a free theme, make sure you select one which has been developed by a well-established company. This also applies to WordPress plugins.

2. Choose a secure host

Web hosting plays a major role when it comes to security matters. Therefore, when selecting a web host, don’t make the mistake of settling for the cheapest option available. Instead, take time to do your research and identify a provider that is well known for secure hosting. Though it might cost you a little extra, you won’t have to worry about your website’s security.

3. Update regularly

In an effort to enhance security, WordPress releases regular updates which are aimed at dealing with potential or real threats. Therefore, it is very important to keep your site updated with the latest WordPress version. Failing to do so will leave your site vulnerable to hackers who target outdated WordPress versions. Always be on the look-out for ‘Update now’ messages on your dashboard. Plug-ins and themes should also be updated immediately a new version is released.

4. Use a strong password

Using a weak and predictable password such as ‘123abc’, ‘wordpress’ or ‘password’ will make your WordPress site more vulnerable to attack. Therefore, you need to find a more complex password, but one which is easy to remember. Combine symbols, numbers and letters to make it harder to crack. However, avoid using the same password across different accounts.

5. Don’t use the default ‘admin’ username

Many people have ‘admin’ as the default username on their WordPress sites. Having such a username, combined with a weak password, will expose your site to all kinds of security risks. It is therefore very important to alter your username to something which is more unique. In addition, you need to ensure that the username is hidden from author archive URL.

6. Limit login attempts

Hackers and bots try to access your site by making repeated login attempts using different variations of usernames and passwords. WordPress offers great plugins which can help you limit the number of login attempts on your site. In addition, you can choose how long the specific IP address will be locked out before they can make another attempt.

7. Use security plugins

WordPress offers a wide range of plugins which can help enhance the security of your site. Some of the most popular include Bulletproof Security, Better WP Security, Wordfence, Sucuri Scanner and Website Defender. Most of these plugins are free and can easily be downloaded and installed on a site.

8. Backup frequently

Backing up frequently is something that should not be overlooked. Even when you have taken all the above security measures, your site might still fall victim to a malicious attack. If your content is backed up properly, it will be easy to recover your files and restore your site. There are several WordPress plugins which can help you schedule frequent automatic backups.

Author’s Bio: Charles Mburugu is a HubSpot-certified content writer/marketer for B2B, B2C and SaaS companies. He has worked with brands such as GetResponse, Neil Patel, Shopify, 99 Designs, Oberlo, Salesforce and Condor. Check out his portfolio and connect on LinkedIn.

Five steps to fully optimising your website against hacker attacks

by

By Brittany Thorley

Cyber attacks have been a growing trend and an ever-growing challenge for organisations of all sizes with the financial loss as a result of cyber attacks and the cost of resolving such threats costing billions worldwide. Whilst the global price tag of cyber attacks is staggering and hackers by no means defeated, organisations across the globe are taking steps to optimise their websites to avoid hacking disasters.

Prevent hackers from using your server as a transmitter of spam and illegal files using these five steps to a website that is safe, secure and ultimately uncompromised.

1. Update regularly to close hacker loopholes

Updating software and backing up files should be the mantra of every online business and this regime is an important step to protecting your site from hackers. Updating all software on your server and any web applications on a regular basis is essential and will close loopholes that leave your site vulnerable to attacks. Exercise particular diligence when using any third party software (e.g., CMS) by regularly running security updates. CMS software (such as WordPress) informs you of any available updates when logging in.

2. Use parameterised queries

Preventing SQL Injection vulnerabilities is a developer’s nightmare when it comes to web application security, and many have quite the battle on their hands to ensure the code they write is secure and a number of other factors are controlled to inhibit compromise. Despite developers’ best efforts, SQL Injection, whereby the hacker uses a URL parameter or web form field to access and manipulate databases, is all too common but you can do your bit in protecting your website from unauthorised changes, data collection and deletion.

Parameterised queries can be used in collaboration with many web languages and will prevent the hacker from changing URL parameters to add their additional query to the SQL statement.

3. Censor error messages

Unbeknownst to many, error messages can give away essential information that leaves your system compromised. One area in particular where hackers can use error messages to attack and gain access to your website is the admin login form. For example, they use vague error messages such as ‘Your username or password was incorrect,’ implying that one of the two fields is correct. This will give the hacker the information they need to launch an attack on the incorrect field and gain access to your system even quicker.

4. Use strong passwords server and browser side

The importance of strong passwords may be an obvious one, but many organisations still fail to make their password as complex as they should, especially when protecting their server and admin area. Follow the principles and create a password that will outwit the most persistent hackers and defend your website appropriately.

  • Ensure your password is at least eight characters in length
  • Regularly update your password and ensure it is dramatically different every time
  • Do not include your username, company name or real name
  • Use a mixture of uppercase letters, lowercase letters, numbers and symbols
  • Avoid using complete words or phrases

The use of memorable information in a password can make it easy to remember, but apply the principles above and the following example to form a stronger alternative. If you’d like to use your husband’s birthday as the basis of your password, use the values in the following example: ‘My husband’s birthday is 25 November 1987’, opt for this password – ‘Mhbi25/Nov,87’.

5. Assess your website security with penetration testing

Penetration testing (or pentest) uses similar scripts as hackers to simulate a hacker attack and highlight and exploit vulnerabilities within your IT infrastructure. These weaknesses can be found and remedied before hackers have the chance to abuse them in a bid to compromise your website. Internal, external and hybrid penetration testing can provide organisations across all industries with a level of certainty and reassurance when protecting their website from hackers.

Have you taken steps to secure your website?

Author’s Bio: Brittany Thorley is a business and security blogger, she works with a range of organisations to enhance their security online with advice on penetration testing, security audits, source code review and training.