Cyber Security

Cyber Security: Is your website safe for users?

by EditMe Websites

October 12, 2022

Cyber Security: Is your website safe for users?

by EditMe Websites


In this age of WiFi and AI, everything is connected and vulnerabilities allow intruders to exploit just about any system and use it for their own purpose.


Cyber Security

Cyber Security is the measure we take to protect and secure digital technology. Cyber Security covers all aspects of securing and protecting information in hard or digital format. In this age of WiFi and AI, everything is connected and vulnerabilities allow intruders to exploit just about any system and use it for their own purpose. A cyber attack is an attack over the internet, but it could also be an attack on network infrastructure, hardware and personnel.

A more realistic example of cyber attacks that business owners face today is closer to home, i.e. the company website getting hacked. Every day, hackers attack 30,000 websites worldwide and its estimated that around 24,000 malicious mobile apps are blocked each day on the internet. Website hacking and all forms of cyber crime are on the rise!

Website Hacking

Website hackers generally install a small mailing application and then proceed to send bulk email through your website. Other signs your website has been hacked are;

  • the website is partially or completely populated with strange content and links,
  • all website content is deleted
  • hacker messaging is visible
  • all user data is stolen
  • the website becomes unavailable
  • you start receiving more spam than usual

Hackers can be paid to flood your website with traffic, resulting in a Distributed Denial of Service or DDOS attack. And if that is not malicious enough, hackers are also able to install illicit cryptocurrency mining software and make money from your computer.

Some hackers go straight for the root and just redirect your entire website using Domain Name System (DNS) poisoning attacks. Other methods are Malware and Adware; posing as useful software, you install the app yourself, and consequently create a backdoor for the hacker right onto your computer. This process is what Malware is famous for and allows intruders access to much more personal information and the ability to ‘key log’; sending them back every key you type on your keyboard, i.e. your bank password.

Intruders can target users specifically and exploit their desire for “fancy mouse pointer icons” or yet another PDF reader (how many do we need?).  Many people still download malicious software and are vulnerable without even knowing. One should always be careful installing anything and try to follow security recommendations where possible.

Common cyber threats: Adware, Spyware, Malware, Backdoors, Form-jacking, Crypto-jacking, DDoS, DNS.

The simplest way to ensure Cyber Security and most certainly the 1st step to protecting ones personal information is to use a strong password on ALL your devices, website logins and app logins.

Password Security

Many vulnerable websites exist and personal data privacy is ones own responsibility at the end of the day. One cannot assume that the website they just signed up on is legitimate either. One should always use a strong password and try to use different passwords, especially computer login passwords. Hackers can guess simpler passwords using software to perform multiple variations of common passwords until they gain access to your account.

Most applications these days are moving toward Two Factor Authentication (2FA) so when logging in to ones account, one is required to authenticate on their mobile device or other methods set up. This does create another layer of security.

There are also various browser password managers, but all modern browsers offer this built in and will prompt you to save details. Rather use the default password manager for your browser, but then ensure you are logged in securely with your best password!

Website Security

So you’ve reset your passwords, had to login to your favorite social media pages and the company website again, are you safe now? Not quite. The website itself needs a few important things to ensure its security, especially e-commerce websites. Here are some tips you can use or chat to your web developer about:

  1. When last did we do a website security scan?
    Running a security scan on your website every few months ensures there are no new points of entry through files users may have uploaded. If you have admin users managing the website, it is common for users to upload various file types, or make simple errors putting files in the wrong place. A security scan will also look at your websites DNS and ensure all protocols to your domain are secure.
  2. Is my website using the latest software?
    CMS systems like WordPress require updating every month. This includes the themes and plugins used by the website. It is vital that this is kept up to date for security measures and the simplest way to secure your website.
  3. Are all my users using strong passwords?
    A security scan will also outline any issues with user passwords and password resets can be sent to ensure security. The website registration process should also ensure secure passwords are added when signing up.
  4. Are any files in my website vulnerable to attacks?
    A website scan will find files and folders that are vulnerable or accessible to the outside world. Stringent rules are in place on most servers so that files cannot be accessed and run from anywhere, but some applications leave this wide open to attack.
  5. Is my website using SSL / HTTPS.
    Secure Socket Layer (SSL) technology ensures information transferred over http is secure, hence the “s” one now more commonly sees. In browser address bars, a small padlock and information about the publisher of the certificate are evident so one knows they are browsing securely.
  6. Are my website forms using reCAPTCHA
    reCAPTCHA has become mans pet peeve, as we are clearly not “robots”, but we need to prove that we are not a computer program sending email spam through the contact form. A clever form feature every website contact form should have. Each time you correctly pass a reCAPTCHA you’re actually training Google’s AI; preserving books, improving maps and solving hard AI problems.
  7. Does any form contact information get stored on my website?
    Some versions of form software running on your website save form submissions in the website back-end, allowing hackers to gain access to anyone that has used the website form. If you have this, a strict privacy policy should also be evident on your website as well as stringent security. In some countries fines can be given for data leakage.
  8. Do I have a Privacy Policy on my website?
    A Privacy Policy is going ensure to your website users you are using best practices; …and it will also protect you should data be breached. WordPress comes with an example Privacy Policy page by default or one can simply be created here: https://termify.io/privacy-policy-generator

Website Cyber Security is a priority and some basic steps will improve the integrity of your website greatly.

To wrap it up, use the following pointers to secure your personal information and work more securely:

  1. Change your passwords every few months and ensure they are strong, you can use a password generator here.
  2. Check your website; ask your web developer to do a security scan and help you resolve any problems
  3. Ensure you have Antivirus software on your computer and you have a log in password

Tell us about your security problems and lets see how we can assist you.

Contact Us

 

Image by Pete Linforth from Pixabay


SHARE YOUR THOUGHTS