Your business website is a vital portal for getting your company and its products or services the recognition and reach it deserves, but protecting it from hackers is a challenge faced by businesses of all sizes.
More and more small to medium enterprises are being compromised by hackers and every day search engines like Google and Bing identify some 9,500 malware infected websites, which if encountered could leave your website, its customers and sensitive data vulnerable. But how can you ensure your website is safe from hackers?
Update Software Regularly
Keeping your software up to date is a simple yet highly effective way to ensure your security is up to scratch when defending against the latest and greatest malware threats online. Hackers and their techniques are continuously evolving and the latest versions of your anti-virus, anti-spyware and firewall software must be applied to ensure your website is protected and any vulnerabilities within your system are resolved.
Content management systems such as WordPress are particularly vulnerable to hacker attack so don’t ignore messages to update!
Amazingly 75%-80% of security breaches occur due to weak passwords on administration panels, which means it’s time to toughen up your password policy on both the front and back end of your website.
Make it compulsory that your employees and customers follow a few rules when creating and renewing passwords to ensure your website and its sensitive data are given a fighting chance! Insist on passwords being a minimum length (the longer the better) and contain a combination of symbols, numbers and mixed case letters. In addition to this, enforce a password duration policy so that passwords are renewed by employees and customers on a regular basis. It is recommended that password changes take place every 30 to 180 days.
Enlist Penetration Testing
Recruiting an ethical hacker to fine tune the security of your IT infrastructure is highly recommended and can quickly close the loopholes hackers and fraudsters aim to exploit to gain access to data and other information. Penetration testing is a particularly important service offered by information security companies, and using the latest hacker techniques specialists simulate a cyber attack to expose your network’s weak links. Measures can then be taken to resolve these vulnerabilities and reduce the risk of a security breach once more.
E-Commerce Supported Platforms
Utilising a platform that supports your activities as a merchant and online business is an essential part of protecting your website from its development onwards. Whilst there are a variety of open source platforms that allow developers to add e-commerce functions, finding one that provides an optimum level of security when handling sensitive data at the point of sale is vital. Supported platforms that conceal the administration panel from public view are also commended.
Storage of Sensitive Data
As we aim to learn from the mistakes of the Target security breach in recent months, where around 70 million customers’ credit and debit card details were targeted by hackers, many businesses are thinking twice about how they store data.
In the UK, merchants are advised not to store ANY sensitive data to enhance information security and any merchant that fails to follow the strict guidelines of the PCI Security Standards Council face fines, penalties and even service termination. Take a leaf out of this book and store only the bare minimum data for use on chargebacks and refunds.
The lack of authentication on e-commerce websites also presents a major threat and SSL authentication is a must for the secure transaction of goods and services. SSL actually encrypts sensitive data such as credit / debit card details and user passwords to make it illegible to everyone other than its intended recipient, meaning hacker and fraudsters don’t get a look in!
The author of this post is Brittany Thorley. She is a business blogger who regularly shares her expertise about ethical hacking and penetration testing so business owners everywhere can find the security solution they have been searching for.