Recently, Equifax disclosed that there was a massive breach to their system. It came to light today that the breach was blamed on the exploitation of an application vulnerability. What does this mean? It means that a piece of software running on their servers was not patched. Equifax server admins failed to do proper upgrades to their software, which is one of the most basic actions anyone with a website or companies with internet accessible data should be doing.
There is plenty of information out there on what you should do in the wake of this specific breach, including an entire website which contains nothing but updates on the breach and what Equifax is doing to fix what they can.
You should be concerned and take seriously the basics of security and keeping your website and the information on it (yours and others) safe from the Internet black market.
First, let’s review two very common misconceptions that we hear all the time when it comes to site hacking:
"My website is so small, no hacker will want to get into it"
Wrong. Your site may be small, but it still is a potential gateway to the entire server’s resources to add to their botnet. Hackers may not even be interested in your resources. They could be interested in locking down your site and forcing you to pay money to release it back to you. How about boredom? That's right, there are hackers out there who will try to get access to your site just for the sheer joy of the conquest.
"My website does not contain any information that hackers would want/I don't sell anything on my site I have any information they could want."
Wrong. Sure, you don't sell anything, but do you have people signing up for newsletters or contacting you via a form? That data can easily be stored in your site and taken during a hack. You would be amazed at what hackers can do with even the smallest bits of information. Just having an email gives a hacker the opportunity to send a malicious email that will download a virus onto a computer and do any number of things on a scale from annoying to catastrophic.
Now, how about a short checklist of some things you can do to keep your site safe and secure.
- I keep the software that I can control up to date
Bug fixes and security patches are released for all kinds of software all the time and It is so important to keep your software up to date. If you have a website it is up to you to not only to keep the content fresh, but also the CMS and Plugins. Some hosting companies will do this for you as part of a packaged deal, which is great, but most do not. It is important to update your software as soon as a update/patch is released. I recommend at least once a month. Of course, this can be tedious and time consuming but it is so important.
Don't have the time or the inclination to keep such close tabs on your software, Xynergy can help! We would love to help you keep your website safe and sound!
- I have picked a knowledgeable hosting company that keeps the software I can't control up to date
There are some pieces of software that you don't have control over in relation to your website. That software is maintained by your hosting company. It is important to make sure that you are using a hosting company that actively updates their system software and is up to date on the latest security risks. Make sure that they have implemented preventative measures to guard against hacking.
Do they do regular audits of their systems for vulnerabilities and out dated software? No? Find a new host! Xynergy can help you with this. We know some great hosts!
- I am using secure passwords
This is probably one of the biggest issues when it comes to the security of your site and it is the easiest and quickest to implement. There are a million other things on your mind. How are you going to remember that 16 character long password that has numbers and special characters is it? AND THAT'S JUST FOR ONE SITE! Well this is something that we are all just going to have to come to terms with and find ways to implement. There are lots of ways to create memorable passwords that you won’t find on any list of "Worst Passwords." How about using a password manager? Or maybe use important life dates and your favorite tv stars names. How about l33t ? Get creative!
- I am changing my secure password regularly
Not only is it important for you to use secure passwords, it's important for you to change them on a regular basis. Keep things fresh. Keep those mustache twirling hackers guessing!
- I am not sharing my login information or if I am, I am not doing it digitally
You should not be sharing your login information with anyone. Sometimes though, you do have to share it for one reason or another (make sure they are good reasons!). If your information has to be shared, don't send it in a email. Call the person who needs it and give it to them over the phone.
- I have implemented SSL on my site, even if it’s not an ecommerce site
There are lots of reasons why you should be using SSL on your site, mostly to encrypt information being transferred between your customers and your website, or your website and a payment gateway. We have a great article already on our site that goes into other reasons you should put your site under SSL.
Xynergy takes our clients web security very seriously, and you should to. If you are looking to beef up your security or just have some questions, get in touch with us we would be happy to help.
or Call 505-557-7780