TalkTalk’s security breach in 2015 brought the reality of website security issues to the forefront of the news, and made it a reality to nearly 160,000 people in the UK. And the cyber-attack on the extramarital affairs website Ashley Madison leaked information on around 33 million people, that’s huge! Website security is a real issue, even for big websites taking all of the necessary precautions. So what can you do to protect your website against cyber-attacks?
- Latest software
You need to make sure that all of the software running your site or on your site is up-to-date. This applies whether you have a custom-built site and CMS or whether you’re using a platform such as WordPress, Joomla or Drupal. If your site tells you that there’s an update, back-up your site and run the update!
A web application firewall inspects incoming traffic and identifies malicious requests, this protects from spam, brute force attacks, cross site scripting and SQL injection attacks. These should also provide a monitoring and alert system to enable you to see any attempts to breach your security.
Enabling site-wide SSL prevents data theft from your site as it encrypts the data transmitted between the browser and the web server, you should always have an SSL certificate if you store customer details on your site or have a ‘log in’ facility, and an extra benefit is that it helps your SEO.
The same as any message about passwords and cyber security; make sure your password is complex and changed regularly, and also ensure that if your site has a password log-in for customers that they are encouraged to do the same.
When you create a form, also ensure that you check the data being submitted and that you encode or strip out any HTML. This helps to prevent cross site scripting, where an attacker tries to pass scripting code into a web form in an attempt to run malicious code for visitors to your site.
- Error messages
When you set your error messages up such as “incorrect password”, try to make them generic. ie/ “incorrect username or password” which means that if attempting to hack into accounts, the hacker won’t know whether they got either of the parts correct. If they know that they have 50% correct then they can focus on correcting the other field.
- File upload
By allowing users to upload files to your site, you’re increasing the chances of a web security breach, even if this is just a profile image. There are lots of steps you can use to increase the security of your site if you do enable file upload, talk to an expert to ensure you’re doing everything you can to protect your site.
If you think you need to do more to increase the security of your website and need some help getting started then let us know: firstname.lastname@example.org