Is your website safe? 5 security checks you NEED to make
There are, sadly, too many horror stories of rogue hackers infiltrating websites and siphoning data, information or financial accounts due to a lack of resolute security. From the SME looking after its own affairs to a global giant using a host of servers, there is a strong responsibility for security.
IT companies such as 100TB will offer a robust IT infrastructure; such examples include:
Anti-virus
The first stage in the protection process, and installed as standard on most PCs (Apple insists Macs don't need them) in the fight against malware, Trojans, botnets and other digital nasties. There are a huge number of different types, with varying numbers of features, such as malicious URL blocking, on-demand malware scanning, behaviour-based detection and phishing protection. Some are free for non-commercial use, but businesses will need to upgrade to the paid version.
SSH security: Password authentication for websites is risky at best, and potentially devastating if someone manages to infiltrate your system using a programme that bombards a server with password combinations over time until it finally finds one that is correct.
A way of enhancing, if not bypassing, a password-based system is to use SSH, which essentially adds a private 'key' to the connection, adding an extra layer of data security to the authentication. The theory is that the length of time that it would take to crack this extra level would not make it worth it for any given hacker. They're easy to set up for someone looking to do it themselves, and the key itself can be shifted from server to server with ease.
Firewall:
There isn't any excuse for not having some form of firewall for your network, which controls which services can success it.
In a normal scenario, only the ports which should be publicly available like the actual website itself will be allow traffic through by a firewall. However, the content management system/database control panel of the site should usually only be open to administrators, site owners and the like, meaning that this should be protected by firewalls. There are many different types and some are more complex than others, but they do offer a high degree of customisation. In fact, most routers have firewalls built in as standard, within Windows or Mac OS X, so you would actually only need to access them to turn them off
SaaS endpoint protection
Rather than dealing with each individual component of the protection process separately, such as the three above, an SaaS will deal with a huge range of issues from the start to the end of the process; dealing with multiple issues such as accessing information remotely, protecting smartphones and tablets, and many more.
Links/social hacking
A non-technical issue, but more a case of good housekeeping and not panicking in the face of ransomware and phishing emails. Receiving calls asking for personal information, and emails claiming to be someone or offering something that seems to be too good to be true, are extremely dangerous. Betanews gives an example here where a hospital could be exposed by an email purporting to be from a CFO, but with a false email address.
Make sure that employees are familiar with what can happen, and how to raise the alarm if it does. Be diligent in data disposal and administration, and make backups of relevant information.