It’s a wild web…and it’s only getting wilder. How well-protected is your company’s website?
In today’s Internet age, attacks on our web assets come from all angles, especially those we least expect. No matter who you are or what position you’re in, you have a role to play in keeping the web safe.
As a branding agency, we understand how a potential hack has the ability to really mess with your brand reputation. Your website is one of the main ways your audience interacts with your brand, and part of building brand trust is a secure website that keeps each user’s information protected.
Here’s a hot tip on how to get started: an audit. Review the following questions with your team.
Start by taking an inventory of your CMS, including contact form submissions, user accounts, orders, user-submitted files (résumés, photos, etc.), contest entries, event signups – anything that was given to you in trust by your users.
Now imagine if that data was made available to the general public, or worse, those with nefarious intentions. Would you be in serious trouble?
If your answer is yes, it’s time to get serious about protecting your website. There is inherent risk to maintaining a website, and you should mitigate that risk to the best of your ability.
Let’s go over some ways your users’ data can be exposed, then we can get into mitigation techniques.
Attacks can come from anywhere. A big one being used lately is what’s called a “supply chain attack.” These happen when malicious users go after the weakest entry points of an overall system – sort of like poisoning grapes before making wine to make the person who drinks it sick.
In the website world, this attack can come from the plugins that provide some specific functionality or the software running your database. If bad code is injected into those smaller pieces, the entire system is vulnerable.
Here are some of the attack vectors:
Let’s continue that audit and revisit your website.
It might be time to clear out some old accounts or change your password. Again, fire up that password manager so you can use high-quality passwords without having to remember them. If available, you can also enable two-factor authentication (2FA) to make your administrative accounts even more secure. Ask others on your staff who have access to do the same.
Think about what kind of data you’re requesting from your customers, how important it is to you (and more importantly, to them), how long you keep it and how often you remove it. Consider automatic deletion if it’s available to you.
Is your hosting provider taking the necessary measures on their end to keep your environment secure? Ask and find out! You should inquire about their use of a firewall, data retention, who on their staff has access to your server (and therefore your data) and if their user accounts are sufficiently safeguarded.
Whether you’re an officer, on the administrative staff, a member of the IT department or a stakeholder, you can be involved in this effort. Keep your finger on the pulse of the website and ear on the ground to listen for potential trouble.
Once you’ve audited your website, ensure your team understands the necessity of keeping your website secure.
Non-IT folks: This means you need to review or create company policies related to protecting your site and user data. Develop and display comprehensive privacy policies on your site. Research best practices and work with your IT group to find out what capabilities you have or need to implement. Budget for the tools needed to live up to those policies.
If you’re IT: You’ve got the responsibility of making sure all these practices are in place. Subscribe to services that alert you to problems with your site or provide real-time lists of vulnerabilities detected in the wild, even if they don’t apply directly to your site. Monitor exploit databases for zero-day attacks. Work with your hosting company to implement corporate policies.
Website security can be daunting, especially when you know what’s at stake. But many hands make light work, and with everyone on board and rowing in the same direction, you and your users will have confidence that your site is safe and secure in the world wild web.
If you still have questions or need help with your website’s security, drop us a line.