Every website has the potential to become a target for financially motivated, opportunistic or simply malicious attackers. For corporate or business websites, the results of a successful attack can be particularly devastating.
According to the PriceWaterHouseCoopers Information Security Breaches Survey, the average cost of a company’s worst attack or incident was between £27,000 and £55,000*. Beyond the financial costs, compromised security could also lead to a loss of customer trust that can take a very long time to rebuild. Security should be uppermost in the mind of any company, especially those involved in e-commerce.
Keep up to date
It’s important to keep all your software up to date. This should include security software, the server operating system itself and any additional software installed such as forums and content management systems. Internet security is akin to an arms race between providers and cyber-criminals and out-of date systems can be particularly vulnerable to attacks. Computer and website security is a fast-moving world and you, or at least your IT and security personnel if you have the resources, should also keep abreast with the latest advice and developments.
Encrypt transactions
If your website is used for transactions such as purchases or other sensitive exchanges of data, it’s imperative that you secure the information that is exchanged. By purchasing a valid SSL security certificate you can make use of SSL security. This encrypts the data that is exchanged between the person visiting your site and your server, preventing important information such as credit card details or passwords from being intercepted.
Test for weaknesses
Sometimes the best way to avoid a genuine attack from succeeding is to subject your system to an extensive range of attacks from a friendlier source. Penetration tests look to identify gaps in your defences by simulating a malicious attack and there are various third party service providers who can carry out these tests. Any weaknesses that are identified in this manner can be plugged or fixed before they can be exploited by real attackers.
Use strong passwords
Stay away from passwords that utilize personal information and easily guessed passwords such as ‘12345’ or, even worse, ‘password’ (both these are used surprisingly often). Use a mix of upper- and lower-case letters and numbers. Make sure you know who has administrative access to your website and restrict the administrative email and any passwords to those who are both trusted and genuinely need regular access.
*http://www.ecrimewales.com/server.php?show=ConWebDoc.22