The truth about website security in 5 minutes

 In Web Security

If I told you to leave your house without locking your front door you’d probably laugh in my face and then go back and make sure everything was double-bolted. Why? Because that’s your home and the things that you store there are valuable, so you’d never allow strangers easy access. This is common sense right? So why is it that when it comes to our Home Pages, our websites, the places where we store so much valuable information for our businesses people seem to be complacent about security?

According to 2018 statistics there is a hacker attack every 39 seconds and an alarming 43% of these cyber attacks directly target small businesses. In fact a survey found that a massive 64% of companies have experienced cyber attacks, with the most common scams being phishing and social engineering attacks (62% experienced) , malicious code and botnets (59%), or denial of service attacks (51%). Compare that to Australian statistics that suggest only 20% of houses have experienced burglaries and you’ll understand why we think that ‘double-bolting’ your website is just as important as locking your front door.

The problem is that whilst locking your front door is something tangible and relatively simple to do, knowing how to protect your website and even what to protect it from is not always as straightforward. But don’t worry, we’ve got just a bit (*cough* a lot) of web experience behind us and we’re here to help you figure out how to keep your website as secure as possible.

But first, what do you need to protect against?

You might have heard the term “Malware” or “Malicious Software” before; this is any kind of software that is intentionally created to disrupt, cause damage, or gain unauthorised access to a computer system. Malware comes in many different shapes, sizes, and levels of nastiness but these are 3 of the most common Big Bad Wolves:

  1. SQL Injection: this generally occurs on sites that ask for user input – something as simple as login details or a search bar. The hacker will put in a Structured Query Language command which your database will unwittingly run and may end up giving up information such as passwords, usernames, credit card numbers, and even potentially access to the whole site.
  2. XSS Attacks: put simply this is when attackers inject malicious JavaScript into your pages and then use that script to manipulate your website and gain access to the computers of anyone who visits your website.
  • 3. Brute Force: definitely one of the less subtle forms of hacking, but still one that often goes unnoticed by website owners, this is basically a ‘keep kicking the door until it opens’ approach. The hackers will run an endless series of usernames and passwords (generally starting with the most common) until they gain access to your site.

So now we know the potential risks, what can you do about it?

No website is completely hacker-proof but there are simple things you can do to reduce your risk of attack. Things like enforcing a strong password policy. Anyone who has access to your site should be using a strong password (we’re talking over 10 characters, with punctuations, numbers, capital letters and all that jazz), but you can’t just trust that people will, you need your site to enforce it. It might sound overly simple but this is actually one of the best ways to protect yourself from a Brute Force attack.

Another thing you can get straight onto is making sure that your software is up to date. Hackers are constantly finding new ways to attack security ‘holes’ in old software and access your data, and the best way to patch up those holes is by keeping your platforms and scripts constantly up to date.

And finally, get yourself an alarm system. There are platforms available to you such as Sucuri and WordFence which will constantly monitor and scan your website for malware and attacks, and alert you the moment it detects anything. From there you can utilise the platforms malware clean up service or seek professional help via another avenue. The point is that you’ll be able to tackle the issue head-on and deal with it before it destroys your users trust in your site.

So it’s safe to say that we think web security is pretty important, after all we spend our days creating kickass websites and the last thing we want to do is see them destroyed by an attack that could have been avoided. If you’re still scratching your head or if you want to make sure that your website is as secure as humanly possible then you can contact us on 07 4222 1660 or info@mahiweb.com.au