www.fgks.org   »   [go: up one dir, main page]

Geek Speak: Think Like a Hacker

8/19/2015

So many organizations never even consider their website’s security weaknesses.  Much of the reason why is because they aren’t thinking like a hacker.  In 5 easy steps, we’ll teach you how to think like a hacker and be prepared if your website is attacked!

5 Steps to Web Security & Attack Preparedness:

1. Update Your CMS

Regularly update or patch your CMS and all installed plugins or themes to ensure all components are up to date.

Why? Hackers constantly look for security flaws in popular content management systems so they can attack in mass.

How?  If you are using an open source CMS platform, you will need to watch for updates and apply them as they are available.  Unfortunately, the more widely used open source platforms (such as Wordpress or Joomla) are huge targets for mass attack hackers.   If you are an in10sity customer, patches are implemented as needed based on your CMS licensing agreement.

2. Create Strong Passwords

Make those usernames and passwords strong, and change them regularly.

Why?  Hackers like to try to crack or steal passwords for web software (such as a CMS) and FTP servers.  Also, a virus infection can lead to the theft of site passwords!  

How?  Pass on the default admin usernames (e.g., “admin”), and make those passwords strong!  Passwords with at least eight characters, lower and upper case letter, and some letters and numerical characters are primo when it comes to keeping those hackers guessing.

3. Back Up Your Website

Regularly backup the CMS and its underlying database.

Why? This is all about being prepared.  If the worst happens, and your website is hacked, you’ll want a very recent back up to restore the website to its previous state.  Of course, determining the source of the hack and patching or rebuilding the system it is key to preventing a repeat attack.

How? Backups should be performed weekly at a minimum. Test your website restore at least once each year to ensure it works as intended and make a cheat sheet for restoration in case someone else in your organization needs to do it.

4. Secure Your Data

HTTPS (Hyper Text Protocol Secure) is a secure communications protocol used to transfer sensitive information between a website and a web server. 

Why? If you log in over an insecure protocol like HTTP or FTP then your password is much easier to intercept, especially over public Wi-Fi networks. Switching your website from HTTP to HTTPS will add an additional encryption layer of security that will make your data extra secure from hackers.
 
How? Purchase an SSL certificate for your domain and have it installed.  If you have a website provider, they can likely help you with this.  Making sure to only use secure internet access will also limit the exposure of your passwords.

5. Host Securely

Make sure your website is hosted by a reputable web hosting provider.  Cheap or free hosting is usually cheap for a reason.

Why? Not all web hosting providers are created equal and hosting weaknesses account for a large percentage of sites being hacked.  If you use shared hosting, then it is important to know who your neighbors are as their vulnerabilities could put your site at risk.

How? When choosing a web hosting provider, cheapest isn’t always best. A well-established company with a good reputation for strong security measures is key.  It’s worth paying a little more to know your site is in safe hands.  Plus, cheap or free hosting will not attract the safest “hosting neighbors”.

Fast Fact  

Each day, Google identifies nearly 10,000 malware-infected websites, about 4,000 of which are legitimate websites compromised by hackers.

Back to Blog Posts

Categories