15 best practices to protect your website from malware and hacking

As hackers grow faster, more numerous, and more effective, many businesses are scrambling to protect their websites from cyber threats. Stats don’t relate:

• More than 360,000 new malicious files are detected every day

• There were 1,188,728,338 known attacks on computers in 2017

• Damages to businesses from cybercrime are expected to reach $6 trillion by 2021

• Global spending on cybersecurity is likely to exceed $1 trillion between 2017 and 2021

These staggering numbers clearly demonstrate why organizations must make website security a top priority. There are several types of cyber attacks and malware. It is critical that all IT departments understand the following risks: viruses and worms, trojans, suspicious packers, malicious tools, adware, malware, ransomware, denial of service, phishing, cross-site scripting (SQL injection), password attack brute force, and session hijacking. When these cyber breach attempts are successful (which they often are), the following can happen:

• Website Defacing – Unwanted content placed on your website

• Websites go offline (your site goes down)

• Data is stolen from websites, databases, financial systems, etc.

• Data is encrypted and held for ransom (ransomware attack)

• Server abuse: relaying webmail spam to serve illegal files

• Server abuse: part of a distributed denial of service attack

• Embezzled servers to mine Bitcoin etc.

While some attacks present only minor threats, such as a slow website, many attacks have serious repercussions, such as significant theft of sensitive data or indefinite website failure due to ransomware. With that in mind, here are 15 best practices your IT department should be leveraging to protect your organization from malware and hacking.

1. Keep your software up to date.

It is critical that you keep your operating system, general applications, antimalware, and website security programs up to date with the latest patches and definitions. If your website is hosted by a third party, make sure your host is reputable and also keep your software up to date.

2. Protect yourself against cross-site scripting (XSS) attacks.

Hackers can steal users’ login credentials and cookies when they sign up or register by inserting malicious JavaScript into their coding. Install firewalls and active JavaScript injection protections on your pages.

3. Protect against SQL attacks.

To defend against hackers injecting malicious code into your site, you should always use parameterized queries and avoid standard Transact SQL.

4. Double data validation.

Protect your subscribers by requiring both browser and server-side validation. A double validation process will help block malicious scripts from being inserted via form fields that accept data.

5. Do not allow file uploads on your website.

Some companies require users to upload files or images to their server. This presents significant security risks, as hackers can upload malicious content that will compromise your website. Remove executable permissions for files and find another way for users to share information and images.

6. Maintain a robust firewall.

Use a strong firewall and restrict external access to ports 80 and 443 only.

7. Keep a separate database server.

Keep separate servers for your data and web servers to better protect your digital assets.

8. Implement a secure socket layer (SSL) protocol.

Always buy an SSL certificate that will maintain a trusted environment. SSL certificates create a foundation of trust by establishing a secure, encrypted connection to your website. This will protect your site from rogue servers.

9. Establish a password policy.

Implement strong password policies and ensure they are enforced. Educate all users about the importance of strong passwords. In essence, it requires that all passwords meet these standards:

• Length is at least 8 characters

• At least one uppercase letter, one number and one special character

• Do not use words that can be found in the dictionary

• The longer the password, the stronger the security of the website.

10. Use website security tools.

Website security tools are essential for Internet security. There are many options, both free and paid. In addition to software, there are also software as a service (SaaS) models that offer comprehensive website security tools.

11. Create a hacker response plan.

Sometimes security systems are warned despite the best attempts at protection. If that happens, you’ll need to implement a response plan that includes audit logs, server backups, and contact information for your IT support staff.

12. Set up a back-end activity logging system.

To track the entry point of a malware incident, be sure to track and record relevant data such as login attempts, page refreshes, coding changes, and plugin updates and installations.

13. Maintain a fail-safe backup plan.

Your data needs to be backed up regularly, depending on how often it is updated. Ideally, daily, weekly, and monthly backups are available. Create a disaster recovery plan appropriate for your type and size of business. Be sure to keep a copy of your backup locally and off-site (there are many good cloud-based solutions), which will allow you to quickly recover an altered version of your data.

14. Train your staff.

It is imperative that everyone is trained on the policies and procedures that your company has developed to keep your website and data secure and prevent cyber attacks. It only takes one employee to click on a malicious file to create the opportunity for a breach. Make sure everyone understands the response plan and has a copy of it that is easily accessible.

15. Make sure your partners and suppliers are safe.

Your company may share data and access with many partners and vendors. This is another potential source of noncompliance. Make sure your partners and vendors follow your web security best practices to help protect your website and data. This can be done using your own auditing process, or you can subscribe to software security companies that offer this service.

Even a high-end computer system can quickly be brought down by nefarious malware. Don’t put off implementing the above security strategies. Consider investing in cyber insurance to protect your organization in the event of a serious breach. Protecting your website from hacking and cyber attacks is an important part of keeping your website safe and your business protected.

Leave a Reply

Your email address will not be published. Required fields are marked *