Already, 2014 has been dubbed the "Year of the Hack" with Heartbleed still causing aftershocks weeks after it was initially reported. You don't have to own a massive, high traffic website to have vulnerabilities. Hackers target sites just for fun, for revenge or to prove a point. Viruses via malware can happen to nearly anyone and any website. How secure is your online presence?
The biggest risks are caused by:
- Employee use (and misuse) of networks
- Web server vulnerabilities
- Hosting service vulnerabilities
The good news? You have total control over the last two risks and a good amount of control over the first.
When You Open a Window
By design, web servers open a portal between the world and your network. It's up to you to put up the right "screen" to stay safeguarded. This can be done with:
- Regular server maintenance
- Proper coding (which dictates “window size”)
- Updates to web applications
- Limiting information which can go out the window
Are You at Risk?
Every website is at risk. A better question is how high of a risk are you facing? The term "web security" is a misnomer since it's impossible --- even (and sometimes especially) for government agencies -- to be totally secure. There are two things in play: Public and internal influences. The fewer network resources of financial value you have, the higher your security, but that's just one possible equation.
Optimized web security happens when websites have the lowest risks:
- A web server with the latest updates and correct settings
- A web server with patched/updated applications
- A website with high coding standards
- A website with tight permissions
- A website and company with limited “controversies”
- Network resources with little financial value
Those with the highest risks include:
- Companies with financial assets (i.e. credit card companies, those which collect vital information)
- Controversial websites
- Websites with complex codes
- Websites with outdated applications or updates
- Websites maintained by a company or department that's outsourced or underfunded
When Risks Run High
The more "spotlight" your website gets, the more it will be tested from hackers and malware. The simplest web servers are the most secure, but that's not always an option for some businesses. You might need complex applications (to run those complex sites) and these are naturally more complementary to security issues.
If you have any of these three things, you're more vulnerable:
- Numerous open ports
- Numerous services
- Numerous scripting languages
There are more entry points, which means more opportunities to become a victim.
Timing is Everything
You probably invite your website visitors to do a number of things. Every time you offer a call to action (CTA), you're opening yourself up for security risks. These can include:
- Logging in
- Creating an account
- Searching the site
- Filling out a form
- Loading a new page
- Using a shopping cart
Improve your website security in one of two ways: Manual and automated.
Manual management means staying on top of all new security issues. This requires a reputable programmer taking charge of all updates, reviewing applications, and having security professionals check the work of the programmers. Adding antivirus protection, better firewalls and other approaches can be part of this regimen.
Automated management utilizes web scanning systems to constantly test equipment, codes and applications for known vulnerabilities. However, this approach will (and can) only check for known risks. It'll take a manual approach to head off unknown risks (like a new virus) before it fully attacks.
The best approach is to use a little of both. Everyone should regularly scan their site, keep it updated and test, test, test. Not all risks are avoidable, but catching them early can turn a devastating situation into a mere bump in the road.
Be sure to look into site security services in Seattle, WA, in order to more fully protect your website.