2017 has been rife with cybercrime. NHS services across England and Scotland were bought to a stand still in May after being hit by a large-scale cyber-attack that has disrupted hospital and GP appointments.
A month later advertising giant WPP reported systems being taken down by ransomware software as another wave of cybercrime swept across Europe.
The effects of hackers can be devastating for organisations. While there may not be much you can do post attack there are certainly steps you can take to help prevent against them.
We’ve put together a list of things that you can action today to help make your website more secure.
1. Make sure everything is up-to-date
Keeping your website software up-to-date is essential. If you’re using an open source CMS, such as Joomla or WordPress, it’s essential that you are always running the latest available version. Important security features are released with each update which will help prevent attacks from hackers.
You’ve probably utilised some of the plugins and add ons available for these platforms. Likewise, it is really important that these are kept updated. You will know when one needs updating as you will receive a notification in your Admin dashboard and it is normally one click job to install the latest version.
2. Toughen up your passwords
If your password is “123456”, “qwerty” or “football”, it would be a good idea to change it right now. These are three of the most commonly used passwords and using them will leave you vulnerable.
The best passwords are long strings of numbers, letters and spacial characters randomly generated. The problem is that these can often be hard to remember. A good way to manage secure passwords is with a password manager. There are quite a few products to choose from but why not try LastPass or 1Password. Both of these are easy to use and also have the added benefit of suggesting strong passwords when you sign up to something new.
An additional level of security is two-factor authentication. Increasingly common with online banking, Google products and even Facebook, two-factor authentication introduces a second level of security in addition to your password. This tends to work by sending a code to your mobile phone once you’ve entered your password. Only by entering the correct password and the uniquely generated code will you be able to gain access. This technology can be installed on your WordPress or Joomla website.
3. Install a website firewall
Open source software is very secure when kept up-to-date but firewalls act as an extra level of security. They perform two key functions. The first is to filter incoming traffic to the site, the second is to control what computers on your network can send to the outside world.
There are several types of firewall available.
Plugin based firewalls, such as WordFence, can be installed via the plugin Admin page. They use predetermined rules to assess whether requests made to the website are malicious or safe.
Cloud based firewalls, such as Sucuri, act as website filter for all website traffic. In order to use their services you need to update your domain DNS records to point at the services firewall. They then filter out any malicious requests before it reaches your server.
Another firewall option can sometimes be provided by the hosting company who can take care of the above on your behalf.
4. Ensure you’re running malware detection software
Malware detection software is antivirus software and, just as you would run this on your computers to protect them, it’s a very good idea to run them on your website too.
Hackers are more likely to attempt to implant malware on your site rather than taking it offline completely. This is because the longer that you are unaware that the website is infected the longer they can use your website to send spam emails and infect your visitors. It is therefore important that you scan your website regually to check for viruses.
Antivirus is an example of a plugin that is easy-to-use and will harden your WordPress site against exploits, malware and spam injections.
5. Install security applications
Rather than running separate applications for malware and firewall, there are a few really good bits of software that take care of them both and offer a lot more as well.
The All in One Security plugin for WordPress provides user login security, activity logs, file system security, blacklist management and the ability to change the usual CMS login extension (/wp-admin).
6. Use SSL protection
SSL, or Secure Sockets Layer, is a protocol used for secure and encrypted communication between computers. It’s indicated by the little green padlock in the address bar of your browser.
SSL is applicable for many different kinds of websites. Websites that absolutely should implement SSL are any that handle sensitive or private data of any kind. Names, addresses, passwords, and especially financial or credit card information are all examples of sensitive data.
In addition to the security benefits, Google now places greater weight on websites with an SSL certificate meaning there are SEO benefits too.
7. Backup, backup and backup some more
Sometimes things go wrong. In these instances its good to have something to fall back on. Taking regular backups of your site and data will allow you to restore your website to an earlier version should the unthinkable happen.
There are quite a few products that can do this for you. Software, such as Akeeba, can be set to take backups of your website/data daily, weekly or monthly. How frequently you should complete backup depends on how often you are updating your site. If you publish content or make changes on a frequent basis, you should be taking daily backups.