You may recall reading articles about how the website of a prominent politician has been “hacked” from outside and the site’s content altered to ridicule the person. Or about how a government body’s website has been sprinkled with pornographic images. And more than just once the credit card details of a firm’s customers have been stolen by criminals hacking into its website. These attacks happen more often than most of us realize, and it can certainly happen to your firm’s website as well.
Unfortunately most websites have been designed for their “look and feel” rather than to maximize their security features. In software development this is an open invitation to creating weaknesses that can be exploited by skilled hackers.
There are steps you can take that will minimize the risks of this happening, but it must be remembered that no defenses are foolproof; if it can happen to some of the best-protected websites in the world it can happen to anybody’s, including yours.
What Protection Do You Now Have?
Most firms have some form of password protection on their sites to prevent unwanted people from gaining access to the information on it. Is the password encrypted? How secure is your system for authenticating visitors to your site and have you done all you can to ensure that only the authorized person can gain access? Do you have multiple layers of security on your website? The more layers there are, the less likely it is that access from outside can be gained. And have you restricted access to “secure” areas of your website to the absolute minimum? It’s easy for hackers to exploit the “holes” that most websites offer them.
Take the time to consult an expert in security, and spend what it costs to add as many layers of protection to your website as you can afford. If you think it’s going to cost too much, just work out the expense of losing your client list or other confidential information and you’ll quickly see that it’s a good investment.
It’s a 24/7 Task
Be sure to monitor the security of your website 24 hours a day, seven days a week. Attacks can come at any time and the faster they’re detected, the better your chances of preventing the loss of critical data or of damage to your site. Be sure that your website’s host can act quickly to take the site offline if it’s attacked.
Be alert for updates and patches to all your software. Many kinds of software allow automatic updates, and this is a bare minimum to keep up with improvements in site protection.
Have your site tested regularly by experts who will do all they can to break into it. Every time they succeed it will highlight a vulnerability that you will have to fix. New hacking techniques are initiated all the time and what’s adequate protection this year will probably be ineffective next year.
Any change to your site can create a new avenue for a hacker to enter it. Even if your website has just been passed as “secure” by a test, re-test it immediately if there’s a new element or significant change to your site architecture.
The security of your website is an integral element of protecting your business. It’s not something that’s easy to acquire or manage, and it’s certainly not cheap. But if you ignore the need for the highest-possible level of protection it’s probably just a matter of time before a hacker gets into it and causes damage.
Copyright 2006, RAN ONE Inc. All rights reserved. Reprinted with permission from www.ranone.com.