Security

In the last few weeks there have been many headlines warning the public about major internet security breaches. U.S. Bank, PNC and Wells Fargo may have all been victims of a cyber-attack. The week before that headline was splashed on news sites, the Financial Services Information Sharing and Analysis Center, a group devoted to sharing critical information regarding potential threats, raised its cyber threat level to “high” from “elevated” because of potential cyber-attacks.  There has also been a phishing scheme using a phony Microsoft email, looking for account passwords, and a recent string of different organizations passwords and login’s being leaked.

There is no such thing as an absolute in web security, but there are plenty of ways you should be protecting yourself and your business from hackers and identity theft.

  1. Never use info@yourdomain.com.  That is the first place a hacker starts trying to hack as it is the most common email a business assumes.
  2. Restrict file upload. Unrestricted file upload is the single most common method we have found hackers use to compromise people’s websites.   When allowing file uploads, restrict executable, script and zip extensions (unless your code checks the zip contents).
  3. Take precautions when using 3rd party software. Register for software updates that will patch holes if hackers have found a way in, for both open and closed source applications.
  4. Use session variables and get educated on SQL injection. Hackers can see the variable and value in your code and try to hack using code words. Learn how to protect yourself from in our article on SQL Injection
  5. Hire a knowledgeable and experienced web developer. If you aren’t proficient at web development, the biggest security risk could be you!
  6. Educate yourself! Check out our Knowledge Essentials for additional information about the 5 steps above and a few more steps you can take to keep your site and information safe.
Posted in Security.

Leave a Reply