The word “hacker” strikes fear in the heart of many businesses and web hosting companies, and rightfully so. Hackers have become a major threat to websites, causing downtime, launching viruses or malware, and even stealing vital company information or customer data. In order to foil hackers, you must have, and maintain, the highest level of security at all times.
Common Hacker Targets
While it’s difficult to pinpoint exactly which websites a hacker might target, generally they will go after sites that are vulnerable to attack. That includes websites that:
- Have weak passwords
- Use outdated third-party applications
- Have old or outdated antivirus software
- Are not proactive in identifying and limiting potential threats
For web servers, the threats are even more serious and the costs can also be higher. The most common threats that hackers pose to web servers include:
- Denial of Service (DoS)
- Gaining unauthorized access
- Installing viruses, Trojan horses, and worms
- Executing arbitrary code
- Elevating privileges
Fortunately for most web hosts and website owners, preventing vicious attacks doesn’t require an advanced degree in website security or programming. In fact, most websites could be improved with just a few simple steps toward better security. Every business, from the largest corporations to the small mom-and-pop store, can benefit from increased online protections. Here are nine ways to thwart would-be attackers.
1. Create Good Passwords
The most-used passwords last year, according to a survey conducted by SplashData, were also the easiest ones to crack. Coming in first and second place in most-used passwords were “123456” and “password.” In order to prevent hacking, choose passwords that are at least eight characters or longer, and include a combination of capital and lowercase letters, special characters, and numbers. In addition, try to avoid using dictionary words, your own name/business name, or something that would be easy to guess. Complex and obscure passwords are much more difficult to hack.
2. Update Your Software Regularly
As companies continue to release new versions of software, they keep them updated from the best-known security threats. When new versions come out companies may stop supporting older versions, leaving them vulnerable to attack. If you keep your system updated with the latest software versions, you should have adequate protection from common issues. You can create your settings so that it automatically checks for updates when they become available, or you get alerts by RSS feed or email when they come out.
3. Use High Level Encryption
Whenever you are sending information over a network, it should be encrypted. If you are using FTP software, switch to SFTP, if you have customers making purchases online, use secure encryption (https instead of http), and make sure that your webmail service has an SSL-enabled port as well as SSL encryption, particularly if people are entering their username and password to access email.
4. Backup Data Regularly
Data backups are critical in the event you are a victim of website hacking, and your information should be backed up on a regular basis. Your web host might make that available, but it’s still a good idea to do the backup on your own. You can use external drives, download copies to your computer, or use a cloud service as long as it is secure. Be sure to carefully vet each of the options for storing your information before you backup your data to ensure that you’re using a secure method.
5. Use Secure Third Party Applications
Many companies today use WordPress or similar open-source programs for their website or blog, and often want to add on plug-ins, modules, and widgets from third party providers. These scripts can pose a potential risk to your website, particularly if you don’t know the developer who wrote the code. In fact, non-secure scripts are the cause in about half of all hacking attacks. If you didn’t write the code, do some research on it and read reviews before you use the plug-in or application.
6. Secure Files and Directories, and Check User Permissions
You may have account access granted through your computer, and it’s important that you regularly audit and review those permissions so only the right people have access, and only to the necessary files. Setting higher privileges for higher-level users is important, but make sure that not every can access your servers and files at the highest level. In addition, secure your files and directories with the highest-level permissions available, such as NTFS permissions that will audit who’s using the account, and alert you in the event of suspicious activity.
7. Beware of Phishing, Spyware, and Malware Attacks
The place where many hackers gain entrance into your system is through email. Hackers today have become very sophisticated at creating emails that appear legitimate and encourage people to click links, open attachments, or download programs that are compromised. These phishing attacks can lead to significant damage on your website, your servers, and the computers of anyone who is linked to your system.
8. Secure Your Ports
Ports are a place where your data can be accessed from outside of your server. They can send information two ways, both into the server and out of the server. For the most part this is something that your web host or your IT team will secure, but it’s important that you understand how to utilize these ports securely in the event you are ever transferring information back and forth. Make sure that if you “open” a port for information transfer, you “close” it again properly when you are finished so it’s secure.
9. Check Your System
Finally, regularly scan your system for potential threats. Scanning your files through antivirus software, performing regularly maintenance on your system, and ensuring that you have the latest virus protections for all the systems you are using can help protect against hackers. It’s also a good idea to set up your antivirus software to scan incoming files for malicious code and deactivate these codes if a threat is detected.
Good Protection Starts Today
While it’s virtually impossible to guarantee that you will never be a victim of a hacker, the potential costs and consequences of an attack should be enough to make every web hosting company review their security protocols and make sure that they have the right protections in place to keep themselves, and their customers, safe.
Top image ©GL Stock Images