Successful Blog

Five steps to fully optimising your website against hacker attacks

by

By Brittany Thorley

Cyber attacks have been a growing trend and an ever-growing challenge for organisations of all sizes with the financial loss as a result of cyber attacks and the cost of resolving such threats costing billions worldwide. Whilst the global price tag of cyber attacks is staggering and hackers by no means defeated, organisations across the globe are taking steps to optimise their websites to avoid hacking disasters.

Prevent hackers from using your server as a transmitter of spam and illegal files using these five steps to a website that is safe, secure and ultimately uncompromised.

1. Update regularly to close hacker loopholes

Updating software and backing up files should be the mantra of every online business and this regime is an important step to protecting your site from hackers. Updating all software on your server and any web applications on a regular basis is essential and will close loopholes that leave your site vulnerable to attacks. Exercise particular diligence when using any third party software (e.g., CMS) by regularly running security updates. CMS software (such as WordPress) informs you of any available updates when logging in.

2. Use parameterised queries

Preventing SQL Injection vulnerabilities is a developer’s nightmare when it comes to web application security, and many have quite the battle on their hands to ensure the code they write is secure and a number of other factors are controlled to inhibit compromise. Despite developers’ best efforts, SQL Injection, whereby the hacker uses a URL parameter or web form field to access and manipulate databases, is all too common but you can do your bit in protecting your website from unauthorised changes, data collection and deletion.

Parameterised queries can be used in collaboration with many web languages and will prevent the hacker from changing URL parameters to add their additional query to the SQL statement.

3. Censor error messages

Unbeknownst to many, error messages can give away essential information that leaves your system compromised. One area in particular where hackers can use error messages to attack and gain access to your website is the admin login form. For example, they use vague error messages such as ‘Your username or password was incorrect,’ implying that one of the two fields is correct. This will give the hacker the information they need to launch an attack on the incorrect field and gain access to your system even quicker.

4. Use strong passwords server and browser side

The importance of strong passwords may be an obvious one, but many organisations still fail to make their password as complex as they should, especially when protecting their server and admin area. Follow the principles and create a password that will outwit the most persistent hackers and defend your website appropriately.

  • Ensure your password is at least eight characters in length
  • Regularly update your password and ensure it is dramatically different every time
  • Do not include your username, company name or real name
  • Use a mixture of uppercase letters, lowercase letters, numbers and symbols
  • Avoid using complete words or phrases

The use of memorable information in a password can make it easy to remember, but apply the principles above and the following example to form a stronger alternative. If you’d like to use your husband’s birthday as the basis of your password, use the values in the following example: ‘My husband’s birthday is 25 November 1987’, opt for this password – ‘Mhbi25/Nov,87’.

5. Assess your website security with penetration testing

Penetration testing (or pentest) uses similar scripts as hackers to simulate a hacker attack and highlight and exploit vulnerabilities within your IT infrastructure. These weaknesses can be found and remedied before hackers have the chance to abuse them in a bid to compromise your website. Internal, external and hybrid penetration testing can provide organisations across all industries with a level of certainty and reassurance when protecting their website from hackers.

Have you taken steps to secure your website?

Author’s Bio: Brittany Thorley is a business and security blogger, she works with a range of organisations to enhance their security online with advice on penetration testing, security audits, source code review and training.

Is Your Career Better Off From a Year Ago?

by

As you sit in your cubicle or wherever you call home to your career, are you better off today than you were a year ago?

While that question should not be too hard to answer, you may in fact find many people who have trouble quickly saying yes or no. In many cases, they may need time to add up all the factors that go into answering such a direct question. So, let’s take a minute to look at some factors that could influence your ability to answer such a question. Among them:

* Are you making more money in your job than you were last year at this time?

* Are you putting in the same amount of hours, less, or possibly more hours?

* Are you advancing up the career ladder at work? If not, what do you see as a reasonable timetable for such a move?

* Are you being given more responsibility in the workplace? If so, do you feel it could lead to the above mentioned career move?

* Are you feeling more secure in your role or do you think a layoff or even firing could rear its ugly head?

Many Workers End Up Being Complacent

With a number of factors to consider, just where is your career today from where it was a year ago?

For many workers, they are just happy to have a job in today’s challenging economic climate, worried that even asking for a raise could lead them to an early exit to the unemployment line. Many of those same workers also fear that complaining about conditions at work could also land them in trouble.

In the event you have been self-employed for a year or more, how does your business stack up today to where it was last year at this time?

Have you taken on additional clients? Have you been able to either break even or even make a degree of profit from a year ago? Lastly, have you gotten to the point where you’re not having to put in 60 to 80 hours a week to get the job done?

Whether you work for others or yourself, it is a good idea from time to time to conduct an assessment of just where you are in your career.

To just go through the motions does you no good, nor will it do anything positive for your employer.

Be cognizant of where your career is going, not afraid to ask if you are better off now than you were a year ago.

Photo credit: indigoheron.com

About the Author: With 23 years’ writing experience, Dave Thomas covers a variety of business topics, including how to find the best used cubicles for your office space.

 

Are You Secure in the Employees You Hire?

by

One of the biggest challenges that small business owners have is finding the right employees to help take their company to new heights.

In order to find the right pieces to the employee puzzle, it is important that those running businesses take an ample amount of time to research all prospective employees, especially in a day and age of a struggling economy, not to mention numerous cases of identity theft.

According to a number of corporate security experts, some 25 to 40 percent of all workers swipe stuff from business owners, with the U.S. Department of Commerce (DOC) estimating that employee theft involving cash, property, and merchandise may cost American companies upwards of $50 billion on an annual basis.

While some business owners are on top of the matter, others find themselves so busy that they can easily miss theft going on right under their noses.

So, how can you as a small business owner better prevent yourself and your company from being crime victims?

Among the things to look at:

* Screening applicants – First and foremost, make sure you do a thorough screening for each and every employee you consider hiring (see more below). While their qualifications for the job may be outstanding, they could have a skeleton or two in their closet that could end up costing you more than just time missed on the job. Even though many job application forms ask applicants if they have been in trouble with the law, don’t be naive to think that everyone fills them out truthfully. If your suspicions are raised about a candidate, follow through on them to make sure this individual will not cause you trouble should you hire them;

* Social media chatter – One of the ways to screen employees is to follow their chatter on social media. While most are probably smart enough not to brag of any past thefts involving employers, some folks just can’t help opening their mouths. If you see any such behavior on social media that indicates this applicant may be a troublemaker should you hire them, move on from them to the next person;

* Change in routine – In the event you hire someone and notice a change in their habits, don’t automatically dismiss it as no big deal. Most people have a schedule they follow on a daily basis. If someone has been coming in normal hours for several months, then does a 180 and comes in unusually early or stays later than normal, there is nothing wrong with questioning them on it. While the change may be to personal scheduling needs, it could also be to access items at work such as financial records, computer passwords etc. that could be a precursor to theft;

* Financial freedom –  Depending on the size of your small business, you may have one or more people handling finances, i.e. who cuts the checks, who has access to the company credit card to make office purchases or travel to meet clients. Make sure the individual or individuals in charge of such tasks are trustworthy enough to have in this position. It never hurts for you or someone outside the finance department to check the books from time to time, looking for any inaccuracies or large withdrawals during the year;

* Secure your business – Even though you may be watching every dollar you spend, having a security system in place at work is not only to keep the bad guys out, but also to make sure you don’t have any thieves right there in the office. Having an employee take a pen or two from the office supply home with them is a far cry from taking money out of the payroll box or making out checks to themselves for supposed “work-related” expenses. Whether you go with obvious security like cameras on the ceiling or closed-circuit cameras, locked boxes for money and other financial items, or having a log that all employees must sign in and out with to remove any items from the office, have a secure plan in place;

* Let them be warned – Lastly, make sure EVERYONE under your employ knows there are consequences if they are caught stealing from the business. With the economy still struggling to gain sound footing, it is not uncommon to pick up the newspaper or read online of another employee arrested and charged with employer theft. If you don’t point out the severe consequences that can happen with such decisions, you set yourself and your business up for trouble.

Employee theft happens more often than you may realize, so don’t be the next victim.

Photo credit: martinpi.com

About the Author: With 23 years of experience as a writer, Dave Thomas covers a wide
array of financial topics, including finding the right home security system.