Hacking can come in many forms, from accessing individual servers to leaking information from the databases of governments and multinational corporations. But, big or small, if a hacker gets through your company’s security system then they can take you down from the inside. This is doubly disastrous because not only will this leave your company open to theft, but it could also undermine your customers’ trust in you.
Hacking has received prominence in the news recently, as a number of high profile companies have had their websites hacked, including TalkTalk, Vodafone and the banking and holdings company JPMorgan Chase. The JP Morgan Chase hacking case was the biggest cybercrime in history, the perpetrators having stolen vast amounts of personal information, which was used to amass hundreds of millions of dollars in illegal profits. The hackers did this by stealing the information of investors; not to find out their bank accounts, but to email information to their bosses promoting stocks that the hackers themselves had bought. The hackers bought stocks cheap, sent out misinformation that the stocks were increasing in value, then sold the stocks at an increased price; a technique known as ‘pump and dump’. Clearly, this severely erodes investors’ confidence in JP Morgan Chase, who will think twice about using their services in the future. Scandals such as this can mark the end of companies, especially financial companies who put a high premium on security.
TalkTalk has had the credit card and bank details of four million customers stolen by hackers. When questioned about the security was in place and whether the details had been encrypted, chief executive Dido Harding candidly said “The awful truth is, I don’t know.”
The hackers distracted the company’s IT department with a distributed denial of service (DDoS) attack, which disrupted the services of the company’s webhost. They then used the opportunity to steal the data. Whether the motive for hacking is financial gain, sport or activism, there are ways to protect your company from an attack.
Strengthen Access Control
It’s easy for a hacker to get into your website through the admin level, the equivalent of your website’s engine room. Change the website’s default database prefix to something long and difficult to guess, and set up passwords and usernames as mandatory for all users. You can also limit the number of times someone can attempt to log in for a certain amount of time. This might be slightly inconvenient for some, but it is worth it to ensure your website’s security.
Rather than waiting until you need to, update your systems immediately when you can. Update both the software and the hardware regularly to ensure the best quality and security of your online services. This is important because any minor vulnerability in your website will be located and drilled into hackers who scour the internet for just such opportunities.
Hide Admin Pages
Hiding admin pages discourages search engine crawlers from indexing those pages, making it less easy for hackers to find them. Out of sight, out of mind is the key as hackers tend to use brute force methods to find the low hanging fruit, the websites that are easiest to hack.
Limit File Uploads
File uploads can carry invisible bugs which will weaken your website’s defenses. So check your files before you upload them. After you upload them, prevent direct access to them and store them outside the root directory. Only access these files when necessary.
Use a Firewall
Of particular usefulness is a Web Application Firewall (WAF), which reads all the data passing to and from your website. You can get WAFs which are cloud based and can be rented for a reasonable monthly fee, but make sure that you shop around and can be confident that the WAF you use is reliable and cannot be accessed by anyone else.
Back Up Frequently
Backup your website at least once a month, or once a week if you can. Keep hard as well as soft copies that are free from risk of damage or destruction from natural disaster or theft. This won’t only improve your security but also make it easier to cope with hard drive failure.
Have Good Passwords
The first rule of your password is don’t talk about your password. Don’t write it down on a post-it note either. You don’t know who’s watching, so just learn to memorise it. Your password should be at least 8 characters long and contain capital letters, numbers and punctuation for maximum strength. Also, change the passwords regularly, with different passwords for each level of security.