Even if you think that there’s nothing valuable on your website or that your too small to be targeted, it doesn’t make you an exception. Hackers often use automated tools to find vulnerable sites and don’t discriminate when it comes to their targets.
You site undoubtedly provides some means of communication with its visitors. In every place that interaction is possible you have a potential web security vulnerability. Web sites often invite visitors to:
- Load a new page containing dynamic content
- Search for a product or location
- Fill out a contact form
- Search the site content
- Use a shopping cart
- Create an account
- Logon to an account
In almost every case, the goal of an attacker is to steal and exploit sensitive data, such as customer credit-card information or a person's credentials, which would be used to misuse the individual's identity online.
DDoS (Distributed Denial of Service) – Sends lots of traffic or requests that overwhelm the system and take it offline and could also affect other websites on the same server.
Inside attacks - When someone, usually from within the organization, purposely misuses their credentials to gain access to confidential company information. Former employees, in particular, so your business should have a protocol in place to revoke all access to company data immediately upon an employee's termination.
Malware - Designed to infect and harm a system. It’s a general term covering anything from viruses to advertising software (adware). It can force the user into a network of other hacked devices controlled remotely by the hacker. These networks are often used for DDoS attacks.
Password attacks - Guessing at passwords or using a dictionary program to try different combinations until the hacker gets in. Keylogging software which tracks all of a user's keystrokes, including login IDs and passwords and sends them back to hackers.
Injection – Involves exploiting the site to deface or gain access to data. This could be a targeted attack to undermine your clients’ trust in your business, or perhaps something politically motivated to further someone else’s message.
Spam – Sends out emails, sometimes with advertising and sometimes with phishing scams. Messages are often sent out repeatedly and in bulk, and it could be to any email address including those associated with your website or hosting. Your server can be blacklisted because of spamming, preventing you from sending legitimate emails.
Phishing - Exploits the trust of a user to obtain login details, personal details or financial information. This can be used to gain access to email inboxes or other password protected areas.
Interception - Data perhaps containing credit card numbers or addresses is a possibility on insecure sites. The data is used by criminals to sell on, make purchases and all sorts of other criminal activities.
Any of these types of attacks are bad for business. Your site could go down completely or your customers could become confused or annoyed at suspicious emails or advertising emails not related to your brand. In extreme cases personal details of your clients or commercially sensitive data could be stolen. Your website could also suffer a fall in traffic and rank due to search engine algorithms no longer classing your site as trustworthy.
Best Practices for your business
Education & Policies – Educate your employees and put formal policies in place, teaching them how to stay safe and recognizing and reporting signs of breaches.
Passwords – Requiring a strong password that is unique and frequently changing helps to strengthen what is the weakest link in a system, and never sharing your password.
Limit Access - Take the time to set up the proper permission and ensure everyone is using their own logins.
Security updates - Software such as content management systems are regularly updated for security and bug fixes, making them more secure while adding more features to make them even better and easier to use.
Implement HTTPS (SSL) – an SSL Connectionencrypts data as it travels between your server and the browser, making it useless to hackers if intercepted.
Have a Backup – if any data is important there should be secure off-site backups. Take the time to verify the data routinely, so that if and when it's time to restore from the backups, the data is actually usable.
Regardless of the size of a business, web security is important. Make sure you implement strong security measures that apply to all systems — not just those specific to the Web.
Get in touch with us to find out how we can help keep your website safe and secure.