Website Security: How to Keep Your Business Safe Online
From fresh startups to big brands, the threat of cyberattacks looms large for online businesses. Cybercriminals are getting smarter — often targeting websites in ways that small businesses struggle to spot or stop. You may not realise what’s happened until it’s too late. When it comes to online security, taking action early is the best way to stay ahead. Simple steps, like setting up an SSL certificate or using a firewall, can help to protect your site and customer data. A small investment now could save lots of stress in the long run. The importance of website security | What is website security? | Why website security matters | Why hackers target small businesses | Top 10 security threats to your online business | Tips to help defend your online business The importance of website security Suppose you’re the proud owner of a successful online business — or perhaps you’re already there. An established name in your area, you’re trusted by customers for great products and friendly service. Your business thrives on the customer data built up through online orders. You’ve even got customer details saved in a loyalty program to keep them coming back. One day, disaster strikes: You log in to find an online attack has put a lock on your system. Your website goes down. Customer info vanishes. You can no longer take online orders. Without your usual tools for success, you struggle to keep up. Sales plummet. Customers worry about their data. And on top of it all, the attackers demand a hefty ransom for the return of your files. This all goes to show just how much a cyberattack can shake up a small business, and how it’s so important to stay secure. What is website security? Website security is about keeping your website safe from online threats. The aim is to lock your website down so that nobody out there can sneak in, swipe data, wreak havoc, or otherwise throw a spanner in the works. In short, it’s about protecting both your business and your customers — keeping your online brand and all its data safe and secure. Why does website security matter? Websites hold valuable data — customer details, payment info, personal records. Without strong security, they’re vulnerable to malware, hacking, and spam, making it easy for data to fall into the wrong hands. The government’s 2024 Cyber security breaches survey found that nearly half of UK businesses experienced at least one cyberattack in the past year, costing businesses over £30 billion. That’s an average of £10,000 per company. Ransomware remains one of the biggest threats. According to latest Sophos State of Ransomware Report, 59% of organisations were hit in the past year. 70% of attacks then led to data being encrypted, making it inaccessible. The security of a website plays a huge role in the reputation of the business itself. Poor security can make customers think twice before doing business with you. 41% of UK consumers say they’d stop spending money with a company that’s suffered a data breach. To sum it up, here’s why website security is a big deal: Protecting information: Websites store lots of important data. Strong security stops hackers from swiping or misusing that data. Keeping the business running: A hacked website can lead to downtime, lost sales, and a damaged reputation. Good security keeps things running smoothly and minimises risks. Building consumer trust: People want to know their data to be safe. A secure website gives them peace of mind, making them more likely to do business with you. Added to this, poor security can even hurt your search engine rankings. Google favours secure websites, so if yours isn’t up to scratch, it could get pushed down the results or even flagged as unsafe. Fewer visitors, fewer customers. See also: How Can I Get My Business Found on Google? Why hackers target small businesses While attacks on big businesses often make the news, it’s smaller companies that are hit the hardest. For many hackers, smaller business sites are low-hanging fruit — an easier proposition than the big corporations. Big companies have cybersecurity teams and big budgets to protect their systems. Smaller businesses usually don’t have the same level of protection, making them an easier target. A successful attack can steal customer data, lock you out of your systems, or shut your website down altogether. Recovery isn’t just costly — it takes time. Some businesses take weeks to bounce back, and even then, the damage to customer trust can be hard to fix. For small businesses, it can be a nightmare. With that, let’s look at some of the tricks these cybercriminals get up to. 10 security threats to online business 1: Phishing Phishing is when scammers impersonate trusted sources to steal sensitive information like credit card details. The word comes from the idea of casting a wide net to catch unsuspecting victims. This is a form of social engineering, where attackers use fake scenarios or rewards to trick people. These scams existed before the internet but have become far more common online. Chances are you’ve encountered a phishing email — perhaps even today. It’s the most common form of cyberattack, which is why all 123 Reg Professional Email plans feature built-in spam protection. 2: Credential Theft Credential theft happens when hackers steal login details to access a company’s system. Unlike a data breach, which exploits system weaknesses, credential theft relies on stolen usernames and passwords. Brute force attacks use automated tools to guess passwords, often targeting weak or reused ones. It’s not just about the system being hacked — if employees use the same password for their phone, home PC, and work accounts, it’s a recipe for disaster. 3: Malware Malware is a catch-all term for harmful software — viruses, worms, trojans, spyware—that steals data, damages systems, or just set out to cause chaos. Be cautious when downloading files or clicking on links from unknown sources. Phishing emails often contain dodgy
7 Reasons Why SSL Certificates are Essential for Websites
We’ve all seen that little padlock icon when shopping online — sat reassuringly close to the web address. As we’ll discover, this symbol offers much more than just a sense of safety. SSL Certificates play a huge role in protecting our personal data on the net. They help all kinds of website owners to build a trustworthy and credible online presence. And if your plan is to sell products or services online, there are few better ways to tell customers: I mean business. How the web learned to protect itself Cast your mind back to the early days of the internet, if you can — Windows 95 booting up on a chunky CRT monitor, 56k modem chirping down your only telephone line. The mid-1990s marked the first time many of us ever sent an email across the world. Perhaps it was the first time you added an item to your digital basket and paid for it online. Oh, how we marvelled at our new global connectivity. Yet, there was one major snag: online security. Or rather, the lack of it. The problem lay in how browsers and servers very casually moved our data around. For the most part, it was all exchanged in simple plain text. Like an open book. Sensitive data was out there to be picked up by anyone with ill intentions. Imagine scribbling credit card numbers on a napkin every time you go to buy a coffee. Everyone wants to keep their data safe. For the internet to become a place where people could shop, share, and interact with confidence, there had to be a better way to protect the information passing through. What was needed was a kind of secure courier service — a private envelope that could be signed, sealed, delivered. This is where SSL Certificates come in. What do SSL Certificates do? SSL Certificates are a clever way to protect user information and defend against hackers. The initials stand for Secure Sockets Layer, though don’t let that put you off. In a nutshell, SSL is there to establish a trusted and secure link between your browser and the website you’re on. Like two people meeting for the first time, browsers and servers want to say “Hello” and have a good handshake. But your browser is rightly suspicious when meeting new people. It needs to know strangers really are who they say they are. It asks: “Can I see some ID, please?” With that, it’s then up to the server to come up with the credentials: its SSL Certificate. If the details check out with the browser (both valid and in date) then it forms the beginnings of a trustworthy relationship. SSL Certificates are like passports, in this sense. Crucially, each SSL Certificate is issued and regulated by a third party, known as a Certificate Authority (CA). It’s the job of a CA to check that a website is indeed owned by the entity that claims it, ensuring, for example, that an online shop is connected to a real company. In fact, 96.3% of all SSL certificates online are issued by just 9 Certificate Authorities. There are more than 2.5 million SSL Certificates on the internet, according to BuildWith, which empower security for the majority of the top million most-visited websites out there. Approximately 4% of traffic the moves across Google Search is encrypted, ensuring a secure experience for users. HTTP vs., HTTPS Have you ever noticed how some URLs start with “http:” while others start with “https”? The S stands for “secure” and this goes to show that the website has its own SSL. Most browsers actually hide that part of the address these days, instead opting for some variation on the little padlock icon. Just be sure the padlock is displayed within the browser’s interface — an image of a padlock on a webpage is no guarantee of security. Like this: Encryption SSL Certificates make use of sophisticated keys and algorithms to encrypt data. That is to say: scrambling up the information so that it can be safely unscrambled again later. The level of sophistication can be described in “bits”. As a reference, a sheet hidden with 128-bit encryption would take the most powerful supercomputer billions of years to decode. 256-bit is better than that. But the really smart thing is that there are two different keys involved. When you send data, it’s locked using a public key. And when it gets to where it’s going, it’s unlocked with the private key. Nobody has access to both keys. Therefore, nobody can take a direct sneak peak, no matter how hard they try. Key elements of SSL Certificates SSL certificates rely on a system of trust established by Certificate Authorities (CAs). Root certificates, acting like the CA’s ID, are at the top and validate the CA’s legitimacy. You can identify them by matching “Issued to” and “Issued by” fields. Intermediate certificates act as intermediaries between the highly secure root certificate and your website’s SSL certificate. Every SSL certificate has at least one to create a chain of trust. A PFX file is a special format that combines your private key and SSL certificate. This is only necessary if you want to use the same certificate on multiple servers. When you create an SSL certificate, a unique code called a private key is generated on your server. This key is essential for installation and must be kept confidential. If it’s lost, a new SSL certificate will be required. From SSL to TSL Just as the internet has developed over the years, so have SSL Certificates. Over time, SSL became what is (technically) known as “Transport Layer Security” or TLS — but most people stick with the original expression when speaking broadly about these security tools. Almost two-thirds of sites support the latest TLS 1.3 protocol. The importance of SSL Certificates has only grown. Whether you’re running a small online shop or a big corporate platform, writing a blog
Cookies and Cache: What They Are and How to Manage Them
Cookies and cache work behind the scenes to bring you a better experience when you go online. They make browsing easier, faster — and the pros generally outweigh the cons. But it’s important to manage cookies in a way that protects everyone’s privacy. Browser cache can throw up its own issues with curious on-page errors and deja vu moments. As such, there may be times when it’s best to do a little spring cleaning and make a fresh start. In this guide, we’ll show you how to clear cookies and cache on the big four browsers: Chrome, Firefox, Safari, and Edge. What’s the difference between cookies and cache? Cookies and cache both store data on your device to improve your browsing experience, but they do so in different ways. In short, cookies are about remembering your browsing preferences and habits. Browser cache is all about storing temporary data to help speed things up when you browse. Cookies store user-specific information. Websites create cookies to remember things like login details, preferences (such as your preferred language), and browsing history. This works to personalise your experience and ease interaction with websites. Cache, by contrast, acts like a short-term memory for your browser. It stores website resources like images and HTML files. That way, you won’t need to download them again each and every time you visit the same website. The basic goal is for pages to load faster. Session Cookies Temporary by nature, session cookies vanish as soon as you close your browser. They’re only active for one session and don’t hang around once you leave the site. Persistent Cookies Unlike session cookies, these stick around after you close your browser. They’re used to store long-term preferences, like your login info or site settings. Persistent cookies often get a bad name, but they aren’t automatically a privacy risk — they simply help websites remember things between visits. The problems start when cookies are used to follow you from site to site, or store sensitive data without proper safeguards. That’s where First-Party and Third-Party cookies come into play: First-Party Cookies These are created by the site you’re actually visiting. They’re mainly used to make your experience smoother — remembering your settings, preferences or login status. Third-Party Cookies Third-party cookies are placed by other domains, not the site you’re on. Advertisers often use them to build a profile of your activity across multiple websites and deliver targeted ads. Why would you want to clear your cookies? Certain cookies track your browsing habits across different websites and build a profile on you, based on your browsing history. The collected data is valuable for advertisers and other businesses — and can even be sold on to data brokers. You may feel uncomfortable with the idea of your online activities being monitored and used for targeted advertising without consent. Indeed, the cookies may be placed by advertising companies rather than the owners of websites you’ve consciously visited. In some cases, malicious websites might steal sensitive information or even hijack your browsing session if it’s not properly secured. This is rare, but it highlights the importance of being cautious about cookies, especially on unfamiliar websites. In recent years, there has been growing awareness of privacy issues associated with persistent third-party cookies, leading to increased scrutiny and efforts to restrict their use by web browsers and regulatory authorities. That’s the way the cookie crumbles. So what should I do about cookies? To protect your privacy, you can block or limit third-party cookies in your browser settings, or choose to clear cookies regularly. Most modern browsers offer features to block or limit the use of third-party cookies, and there have been calls for stricter regulations to protect user privacy online. Some browsers even offer private browsing modes that don’t save cookies at all. All major browsers let you manage cookies — but it can be a bit of a chore. Clearing them often helps protect your privacy, but it can also break the experience on sites that rely on cookies to remember things like logins and preferences. What is cache? From the French for hidden, cache is pronounced “cash” — like the coins hiding under your sofa cushions. Caching in IT is the process of storing data so it can be used again quickly. It’s all about saving time — if something’s already been loaded once, there’s no need to fetch it again. Your computer’s processor uses cache to store previous instructions. Even your printer has a cache to hold recent print jobs. Browser cache works in a similar way. As you browse the internet, your browser saves things like images, logos, fonts and bits of website code. When you visit the same site again, it checks what’s already saved. If nothing has changed, it uses those saved files instead of downloading them again. That means pages load faster and you use less data. Why would you want to clear your cache? Clearing your cache can help resolve any issues you may be experiencing when with certain websites. This often happens when a site has recently been updated, as the data stored in your cache might conflict with the latest version of the website’s files. In some cases, browser cache can become: ▢ Outdated: Have you ever arrived at a website that appeared a bit… retro? This tends to happen when you try to open a page without realising you’re disconnected from the internet (bringing up deja vu BBC news headlines from 6 months ago, for example). You might also keep seeing the old version of a page until you manually clear the cache. ▢ Corrupted: Cache can become corrupted, in a few ways — leading to unexpected shutdowns or software conflicts that garble data. On some occassions, the cache itself can fill up with outdated files, leading to conflicts with newer versions of website content. ▢ Insecure: Cached temporary files may contain fragments of your browsing history. While not as detailed as cookies, this information could
Security Essentials Unpacked: A Guide to SSL and SSH
The world revolves around data — each and every click a piece of information. Security of that information is paramount. SSL and SSH are two of the most important weapons in the arsenal when it comes to keeping data secure on the web. While both work for our protection, they do so in very different ways. The tech industry loves its acronyms and initials. So, let’s get this out the way to begin with: SSL stands for “Secure Socket Layer”, while the second set of letters — being the favourite of systems administrators and turtles alike — stand for “Secure Shell”. Each one plays a huge role in keeping our data secure and making sure that people are who they say they are, online. But what exactly is the difference between the two? Well, at a glance: ➤ SSL is used to: establish a secure connection between your web browsers and the websites you’re visiting. Specifically, we need to talk something called an SSL Certificate. These credentials are rather like digital passports, serving to confirm the identity of a website owner. Once checked, SSL Certificates go to work to hide data that’s being exchanged. This is important whenever we share sensitive info, such as credit card numbers. SSL Certificates are absolutely essential for all sorts of websites owners. ➤ SSH is used to: access and manage computers remotely. It offers a secure way to interact with servers so that a user can log in and executive commands from anywhere. This might also involve sensitive data, if not sensitive commands. Put simply, Secure Shell is a way for turtles — sorry, systems administrators — to securely access and manage systems from afar. And if you had to ask, you probably needn’t worry about it. Key Similarities: Encryption SSL and SSH both use encryption to keep information safe. That is, they both use algorithms to scramble up data so that it can’t be read by outsiders. SSL makes use of encryption to protect the data you share with websites. SSH uses encryption to be sure that when someone is accessing a computer or server from far away, no one else can take a look or interfere with what’s going on. SSL and SSH both make use of “public” and “private” keys. That’s the key point (if you’ll excuse the pun): data is scrambled in such a way that’s impossible to decode given that nobody has access to both sets. Needless to say, data without encryption is compromised more often. Only 56% of businesses fully encrypted their internet traffic in 2020. According to The World in Data Breaches Report by Varonis, as many as 7 million unencrypted data records are compromised every day. SSL What do SSL Certificates do? You’ve surely seen it before — that little padlock symbol hanging out beside the address bar. If so, you probably have some vague sense of what SSL Certificates are about. Imagine you’re doing some online shopping. With a basketful of items, you move on to the checkout page. There’s that padlock symbol. You may also notice that the “HTTP” part of a web address has changed to “HTTPS”. That extra ‘S’ stands for “Secure”. Users encounter SSL Certificates on a daily basis when browsing the web. SSL Certificates establish a secure and encrypted connection between a client (like your web browser) and a server. Though digital, you can think of an SSL certificate much like you would a real paper credential, like a passport or an ID card, but for website owners. It all ensures the website you’re visiting is what it claims to be and not some fake site trying to trick you. You can shop in confidence because a safe connection has been established. These certificates are controlled by a limited number of third parties. Known as Certificate Authorities, they work to make sure website owners’ details are legit. In fact, 96.3% of all SSL certificates online are issued by only 9 Certificate Authorities. SSL Certificates were introduced in the mid-1990s and marked a real turning point in the history of the internet — especially online shopping. But they’re important for just about any sort of website that deal with sensitive info. Over time, SSL developed into TLS or “Transport Layer Security”. We still use the original expression to discuss the basic idea. Today, there are over 2.5 million SSL/TSL Certificates on the web. Click here to learn more about securing your website with an SSL Certificate from 123 Reg. SSH What does Secure Shell do? Secure Shell is a type of protocol that allows users to access and manage computers remotely and securely over the net. It’s mainly used by IT pros for remote server access, allowing them to login and manage servers from any location. Not everyone’s idea of fun. In fact, most of us will remain blissfully unaware. Imagine, for instance, you’re a systems admin — sitting on a beach in Bali — and you want to access your website through an FTP Client (that’s the software that lets you manage it all from afar). You can use an SSH “tunnel” to established a connection between your local computer and the remote machine. By using SFTP (the secure version of an FTP) you can guarantee your connection is encrypted. You are free to upload new files, carry out maintenance tasks, or perform any other task you please. SSH makes use of certificates of sorts, too, but there are some additional steps involved. The encryption is like an onion with three layers. First, the Transport Layer creates a secure connection between the user and the server, keeping the shared data safe. Next, the Authentication Layer checks the user’s identity to ensure they have permission to access the server. Finally, the Connection Layer manages various types of communications over the secure channel. To be sure, SSH is more than remote access, and it’s more than the VPN you might use to watch Australian reality television. Rather, it’s an uber-secure channel for
Is your site safe for Christmas shoppers?
These days, people are spending more time online and logged in. They are also communicating much more than just their credit card numbers. However, if your site doesn’t inspire trust, they’ll leave in a matter of seconds. With Christmas approaching, when customer demand is at its highest, you need to go the extra mile to reassure your visitors that your site is safe, and so is the information they share with you. Does your site inspire trust? A site that inspires trust and confidence is what gives it a competitive advantage and, ultimately, what convinces people to buy. Today, web users need to trust that you are who you say you are and that they should feel confident purchasing from your site. What better way to prove that your site is legitimate than a SSL? SSL technologies help protect sensitive information such as passwords and credit card numbers by: Encrypting the data that is being sent between a website and the visitor’s computer, which means no one else can read it. Confirming the identity of a website thus reassuring you that the website you are visiting is legitimate. When you use SSL on your site, it will not only keep your customer’s sensitive information secure but it’ll also make your site much less of a target for phishing. Showing credibility in under 5 seconds Just like we decide to go into a store by just glancing at what it looks like, you also need to prove that your site is legitimate and safe as soon as a visitor enters the site. Whatever you do, make it obvious. When you use a SSL certificate, a padlock will show next to your website address reassuring visitors that the site is safe and secure. However, an Extended SSL will highlight your details in a green bar, which is an immediate sign that that website is secure. Find out more about our SSL Certificates. These are just a few of the solutions you can implement to not only keep your site secure, but also to sell more products and attract more customers. How about you: how are you making your site’s credibility obvious to your customers?
Interview: Fighting Malware with Anirban Banerjee
2012 continues to be a year of great excitement for 123-reg. We are thrilled to announce the release of Site Scanner, powered by Stop the Hacker. For those not in the know, Site Scanner is a SaaS based malware monitoring tool that scrutinises a user’s website, notifying the customer when malicious code/viruses are found via email and in the 123-reg control panel. Furthermore, the software provides the user information on where the damaging code is located (the line of code it starts and ends on) and provides steps on how to eradicate it. Protecting your online business against malicious code couldn’t be more important in 2012. This year has seen the issue of internet security rise to the front pages of the national newspapers. Whilst events such as the Linkedin security breach are unfortunate, they are helpful in educating the market. 123-reg spoke to Anirban Banerjee, Co-Founder of StopTheHacker Inc., in a bid to help inform website owners of the growing threat of malware and detail how purchasing Site Scanner can give you peace of mind. A blacklisted website can have serious implications for any online business in terms of lost revenue, potential customers and credibility. We asked Banerjee about the threats to 123-reg customers who run websites with little or no malware detection service. ‘Malicious hackers are targeting websites in order to compromise them. If your website gets compromised and is misused to distribute malware to innocent visitors, the infected website is put on a blacklist by Google and other search engines.’ The potentially spiralling affects could be disastrous for your online business as Banerjee explains. ‘If your website is blacklisted, users will be blocked from coming to your website. This could lead to a loss of revenue. Moreover, this could result in an irreparable loss to the reputation of your website and business.’ The threat of being blacklisted by Google is one that is not only very real but one that every website owner needs to protect against. Once malware infects a website, it harms both the company and its customers. Website owners typically have no idea they have been infected, and many do believe that anti-virus protection software is enough. However, it is not. ‘9,500 websites get added to the Google blacklist every single day. Given the UK market is quite big; this represents a substantial number of UK businesses. It takes 7-10 days for a blacklisted website to clean up its act, on average, this process can cost thousands of pounds in lost revenue before even considering the potential revenue lost from your brands’ reputation being tarnished.’ Prevention is better than cure, but having said that, Site Scanner also acts as a quick reaction, something users can take heart from. If malicious code is found on the user’s website at any time, they are sent an email detailing exactly where the code is, and just as importantly, how to delete it. ‘Site Scanner incorporates the best of breed technology when it comes to malware detection, Antivirus engines, signature databases and reputation monitoring. It will help 123-reg customers by providing them with peace of mind. Together, we will help fight the battle for them!’ Central to seeking a partnership, 123-reg looked-for a provider with a real passion for the online security industry. What 123-reg customers should also take from the partnership is Banerjee’s passion for helping people secure their websites as well as the quality of product that his company provides. ‘Our goal is to make website security ubiquitous. Having a secure website and not worrying about hackers installing malware on your site and getting blacklisted shouldn’t be a luxury, everyone should have access to a high quality, reliable and accurate malware detection prevention like Site Scanner.’ Releasing a product like Site Scanner highlights 123-reg’s commitment to helping its customers secure their websites. 123-reg is working with everyone involved with Site Scanner to bring website security to millions of users. Remember, you don’t have to be a high traffic website to be targeted. Even if you see yourself as a small site, you are attractive to hackers because your site will have more vulnerable openings for hackers.
Could a hacker really kill your website … and your business?
When you’re dealing with the day-to-day issues of running a website (not to mention running a business), worrying about security can come way down your list of priorities. And that’s understandable: if your website’s never been hacked or attacked, it’s hard to grasp quite how much damage it can cause. After all, why would hackers target your site at all with so many higher-profile targets out there? Big brands like Lush and Adidas, media outlets like The Sun and Gawker and some less salubrious sites have all come under attack in recent memory. Website hackers turn to smaller targets However, online criminals are increasingly turning towards smaller businesses. With fewer resources to dedicate to online security, they’re easy targets, as the Wall Street Journal article has explained: Hacking at small businesses “is a prolific problem,” says Dean Kinsman, a special agent in the Federal Bureau of Investigation’s cyber division, which has more than 400 active investigations into these crimes. “It’s going to get much worse before it gets better.” And don’t let yourself be lulled into a false sense of security because that article focuses on US websites. Website hackers don’t have to respect national borders. They can go wherever the easiest targets are. Some hackers do it for fun or to cause disruption. Others do it just to prove they can. But nowadays, many have more sinister motives. Quite simply, there’s serious money to be made in website hacking. From stealing credit card details to committing business identity theft to harvesting names and addresses to sell to spammers, all too often hacking is motivated by hard profit. The damage website hackers can cause If you’re still not convinced that protecting your website should be higher up your list of priorities, it’s worth taking a minute to understand the sort of consequences you could face if a website hacker gained unauthorised access to some or all of your website files: Lost business is the most obvious and immediate problem. If your online shopping site gets compromised you might have to suspend trading or close the site altogether. But simply having to divert resources into securing a hacked website will take you away from other tasks. Your reputation can take a beating if word gets out that your site has been hacked. It takes a long time to rebuild trust with existing and potential customers and suppliers. Sure, its hard to quantify that damage, but it can be very significant. You could lose vital data too. If you don’t regularly backup your customer list, a hacker could destroy it in a few seconds. That would mean losing the details of hundreds or maybe thousands of happy customers who’d buy from you again if only you got in touch. Search engines might penalise your website. Search engines like Google actively blacklist hacked websites to avoid them causing harm to internet users. But it can take a while to get a blacklisting lifted – research has found found the average length of a blacklisting is 13 days – meaning you’re in real trouble if you rely on search engines for traffic. Fixing things is a total headache. Trust us on this one. It takes real time and effort to put right a hacked site – often the only safe thing to do is to delete everything and start again. It takes time and – if you need to bring in an external supplier – costs money. If it’s not quite registered with you yet, suffering from a website hacking attack can cause significant disruption. If you’re relying on your website to maintain your business cash flow, a serious incident can cripple or even destroy your business. If you’re not already thinking about website security, it’s about time you did: There’s great website security advice available from Get Safe Online Mashable has some excellent information about how to cope if you get hacked Ten ways to beef up your website security
Is your wireless set-up making you vulnerable?
Whether for business or at home, the chances are you are flowing a considerable amount of sensitive documentation via a wireless network. Technology is amazing at allowing us to get away from wires, but just as the boffins have enabled us to move around a lot more while still accessing data, so other boffins have evolved new ways of hacking wireless networks too. The chances are you probably set-up your wireless settings when you bought your router and haven’t looked at it since. That could be leaving you at risk of security breaches that are very easy to solve. Here’s a couple of tips on how to make sure you are still operating securely. Forget WEP – it really is out-dated Wired Equivalent Privacy or (WEP) security is a prime example of WiFi technology moved on. The encryption is the sort of thing that would-be hackers like to train on. Even newbie hackers find it easy and quick to break WEP security. If you are using it. Stop now. Upgrade to WPA2 with 802.1X authentication. If your equipment isn’t compatible – check the manufacturer’s websites for firmware upgrades – then invest in new equipment, it will be well worth it. WPA/WPA2-PSK is almost as bad Wi-Fi Protected Access is another old school technology that while less likely to be hacked, is vulnerable especially within a business or shared-office environment. The PSK in WPA2-PSK stands for pre-shared key, which probably best identifies its risk. The same pre-shared key is used and entered into each client. To maintain security then, you should change the key each and every time a laptop, etc is lost, stolen or an employee leaves. In a shared-office environment it should probably be changed every day. Impracticable in the modern world. 802.11i offers greater protection If you want to be secure, make sure you have the EAP (extensible authentication protocol) mode of WPA and WPA2 security enabled. This uses 802.1X authentication instead of PSK and thus the ability to offer each user their own login credentials. In practice the actual encryption keys are change regularly and silently in the background, with the security actually controlled on a central server, rather than each client. Keep Network components out of temptation Security extends beyond just encryption, it is also about common sense and removing temptation. Complete your security by making sure all wireless access points are kept out of reach. Out of view, out of reach and out of harm’s way will prevent ‘accidental’ resetting to factory defaults and potential compromising of your security. Just as you would MOT your car once a year, it pays to build in some regular checks on all your IT. Defrags, software audits and hardware reviews all go a long way towards making your business more efficient, more secure and more effective.