Sony, Target and now the U.S. government.
On Thursday, June 4th, the U.S. government announced that nearly every federal agency had been hacked by China over the course of several months. More than 4 million federal employees’ sensitive information is said to have been compromised.
The most recent data breach has left many webmaster and business owners on edge. A small-business data breach can cost upwards of $200,000, while a larger organization can spend over $170 million in damages.
No doubt a data breach can be catastrophic. So how can you make sure you’re protected? We’ve laid out 5 simple steps that help protect your website from data breaches and hackers.
1. Diversify and Update Passwords Regularly
Seems obvious enough. Everyone knows passwords should be complex with capitalization, symbols and numbers and updated on a regular basis. However, 65% of internet users use the same password for all log-ins, while 90% of employee passwords can be hacked in six hours.
Passwords, in many ways, are the gatekeepers to your company’s information and data. Maintaining healthy password habits can make or break your website’s security.
Below are a few pointers to ensure your password is virtually unhackable:
– Passwords need to changed frequently
– Do NOT use personal information
– Have logins expire after a period of inactivity
– Never write your password down or save in an unprotected document on your computer
2. Keep Systems Updated
No one likes when their system pops up with a reminder, “It’s time to update.” Chances are you’re in the middle of a task and probably check off “remind me in 1 week.” Don’t do this! As much of an inconvenience updating your computer, websites and/or systems can be, it is essential to keeping your data secure from unwanted breaches.
3. Hide Admin Directories
Hackers are able to run scripts that scan your website looking for giveaways like “admin” and “login” that are red flags for your admin directory. From there they focus on accessing your website through said detected folders.
Most CMS systems allow for you to customize your admin folder. Make sure to pick a name that a hacker wouldn’t affiliate with an admin directory. This is a great, easy step that too many websites overlook.
4. Website Security Tools
Once you have taken the above precautions, the next step is to test the security of your website. This is called penetration testing, or pen testing for short, and you’ll need help from website security tools.
There are numerous pen test products, some for purchase and some free, to help you. Here are two tools worth looking at, as recommended by CreativeBloq:
– Netsparker (Free community edition). Helpful with testing SQL injection and XSS
– OpenVAS. Good for testing known vulnerabilities and currently scans over 25,000. Can be difficult to setup and requires a OpenVAS server to be installed
5. Back Up!
This is a practice everyone should already be doing, but in case you’re not… start backing up your files! This will save your company time and money if someone does manage to breach your data and website.
Need to make sure your website is secure against hackers and data breaches? We’d be happy to help!
