Cyber security…no site can work without it. Whether you’re a huge enterprise or a startup, there is always someone who will be out there trying to hack in; It can be a bot that scans hundreds of websites an hour or a hobbyist that just enjoys the process of breaking into your private information. You’re bound to get hit at one point or another.
Now the aforementioned comment makes it seem like getting hit is inevitable and while it is, not every swing is a home run, someone can try hacking in but they do not need to succeed so let’s start out by listing a few general safety precautions:
GENERAL CYBER SECURITY AWARENESS
1: Be careful when opening emails.
Email campaigns are great, you can email whatever you want to whoever you want! Now that seems like a lot of responsibility because you don’t want to accidentally send someone a malicious link or attachment. On the other side of the spectrum, you also don’t want to be opening those emails so make sure that the sender is who you think it is by matching their email to their site. An extra safety precaution could be getting the sender’s ip address and googling it to see the source.
2: Do not open attachments IF you’re UNcertain of their source
Never open attachments (Unless you know where they came from). All it takes is one push of a button and you can release a hackers malicious code onto your computer, thereby spreading the virus and putting your machine at risk. Look out for word, PDF and .EXE files as they can do the most damage.
3:Using stronger passwords
This is often a very overlooked aspect of security, for those thinking “What is wrong with my Password12345 password?”, the simple answer is everything! A strong password should have at least 3 of the following 5 features: -Uppercase -Lowercase -Numbers -Punctuation -Gibberish Alternatively, you can use a range of secure tools that can hold passwords for you as well as password generators that make 100% random passwords
4: Be careful of the cloud
Clouds are great, you can store hundreds of gigabytes of data in the comfort of your cloud provider’s servers. It’s a bit like leaving your unwanted possessions in a storage facility…sure they are safe but the owner can access them whenever he wants. With that said, we aren’t saying that you should stop using the cloud, we just want you to be careful with what you put up (especially if the company isn’t well known).
5: Don’t plug in random devices
It’s very rare that we find something such as a USB laying on the ground while outside, the general instinct is to plug it in to see what’s on it however that can really put your machine at risk.
If plugging in is a necessity, we strongly suggest that you don’t do it on your main machine, or if you only have one, disconnect it from the internet and make sure your antivirus is up to date and can prevent any virus attempts.
Website Security Tips
1: Changing name from admin.
This is a great safety precaution to follow as it will throw off all the basic bots that scan your websites for vulnerabilities. We can’t advise on how to do this as there are too many factors involved however the steps are simple if you find the right guidance.
2: Restrict limit attempts.
This will prevent a brute force attack done by a bot which is based around it cycling through countless passwords in an attempt to access your sites admin panel. This can be resolved by limiting your login attempts to a rate of 5 every 10 minutes.
3: Change your passwords every 3 to 6 months.
This is a follow up to the previous point, changing your password every 3 to 6 months is not only a good habit but also a great safety precaution. A brute force attack cannot be executed if your password is changed halfway through its cycle, thereby ensuring that nothing can access your sites admin panel.
4: Compartmentalise access.
If you are hiring a developer to work on your site, you’ll have to give him access to your sites control panel. This can be a great risk as you don’t necessarily know who you’re dealing with which means that the moment he is done working, you have to remove his access to your site. The same applies to any employees that you may have fired or that have left as they could potentially leak your details.
5: Use HTTPS.
This guarantees that your users are speaking directly to the server without their exchanges being intercepted and/or changed in transit. Anything that is private such as card transactions or personal details should be completed under HTTPS.