All you need is love.
Well, almost. The truth is that website security is never ending. It is a constant game of cat and mouse as the “bad guys” keep coming up (great Paul McCartney song) with new vulnerabilities and the good guys have to create patches or find ways to stop them. We are always playing catch-up and there is no end (another PM lyric). So how do you stay secure? What can you do to protect yourself?
As a business owner, I understand how things can fall through the cracks, you put off a website until the last minute and then you are caught right smack-dab in the middle of the old adage, “haste makes waste”. The same is true for web services like websites and servers. The best servers are constantly monitored and cared for and are always watched for any intruders that might be lurking in the shadows waiting for any slip-up to happen so that they can sneak in and wreak havoc on your life. I am blow away by the requests I see when monitoring my server from people all over the world, Russia, China, Kansas, Virgin Islands, don’t these people have better things to do? People do all kinds of crazy things and usually for money, sometimes for glory, and many times just cause they are kids trying to impress their friends or a temporary secretary 😉
Remember the Sony hacks?
The US government declared North Korean nationals, some say it was another hacking group that proclaimed on twitter “Thanks Kim DotCom, you’re the reason we stopped the attacks” from a group known as the Lizard Squard in exchange for lifetime memberships to XboxLive. That is a great story, but who knows if Kim DotCom was in cahoots with them all along as a PR stunt? More than likely, most of the worst attacks happen from within. Angry employees, mad ex-boyfriends, you name it. So here are some simple steps to protect yourself:
- After an employee leaves, change your passwords
- Don’t give out your passwords to others
- Keep passwords in a safe place that is locked or secure or better use a password manager like LastPass or similar.
- Don’t have one generic password
- Use different usernames and passwords for your employees
- Keep your software up-to-date
- Always use SSL (the green bar where you type in the website) using https for secure pages anytime you post a username and password
- Ask your hosting provider to force SSL for email and other communications
- Ask your web-host to change the default SSH port if possible (SSH is what admins and bad guys can use to make changes to your site)
- Find someone who is passionate about web security with a good track record to help you.
There are way more things that we could talk about that include SSH protection and more on SSL but that goes beyond the scope of this article. If you are interested in hearing more, let me know and maybe we will post something on it. Please leave your comments below or on twitter using hashtag #security