Cybersecurity has always been important to the world of online business, but in the midst of our current global and political upheaval, it is as important as it has ever been.
Business Website Cybersecurity Essentials: An Essential Checklist of Protective Measures for Online Security
We talked with Gate 39 Media’s cybersecurity and technology specialists about the steps businesses can take to increase protections against nefarious online entities.
Why do I need to worry about information security?
Compromises of internal data, company secrets, customer and employee’s personal information can lead to a company’s reputation and image being damaged. As well, financial consequences and legal problems are sure to follow as well.
What are the biggest cybersecurity threats right now?
- Social Engineering (phishing, email impersonation) – ever evolving, however remains the biggest threat because it relies on human error rather than technical vulnerabilities.
- Poor Cyber Hygiene – refers to regular habits and practices regarding technology use, like avoiding unprotected WiFi networks and implementing safeguards like a VPN or multi-factor authentication.
- Third Party Exposure – with more and more companies leaning on third party services to help with tasks that were once held in-house, it opens the door to the consequences of “Poor Cyber Hygiene” of third-party companies and their employees.
- Ransomware Attacks – Ransomware software is becoming more easily available and affordable for hackers. In fact, Ransomware-as-a-Service is now a thing. Ransomware has become very profitable for cyberattackers and the number of attacks will only continue to grow.
What is MFA or 2FA and why should everyone use it?
Multi-factor authentication (MFA) is a security method used to ensure digital users’ identity. This method is much more secure than simply using username & password to login as it requires which requires at least two pieces of evidence to prove their identity. Each piece of evidence must come from a different category: something they know (passwords or PIN), something they have (key fob or mobile device) or something they are (fingerprint or facial/voice recognition).
So even if a password has been compromised, it’s unlikely that the hacker would be able to provide any other form of the multifactor authentication requirements.
The problem with just using username/password is that users often make it easier for hackers by not choosing strong passwords, using the same password for different platforms, storing passwords in insecure locations, and keeping the same password for too long.
Multi-factor authentication provides a layer of protection for users that addresses all these human weaknesses.
Why is it important to keep web browsers, like Google Chrome and Firefox, updated on a regular basis?
Because browsers are updated often, there are multiple reasons why keeping browsers updated is important – Performance, Compatibility, and Security.
Out of date browsers can make your browsing experience slower and even lead to freezing and crashes.
New website technologies are often only supported by newer browsers. As websites are updated to utilize these new web tools, older browsers sometimes will not function properly and will not be able to display parts of the website.
Regarding security, a compromised browser could reveal your personal information, allow hackers the ability to download key logging software or spyware on your device. Any of these compromises could mean public access to personal information, credit card number and/or your site or software login credentials.
What should businesses use to house a database of passwords?
Generally, a cloud-based password manager application is going to work best for a business. Used in conjunction with MFA this is likely going to be the most secure resolution for any business.
How can a company help educate its employees on cybersecurity on the different layers of IT security?
The reality with cybersecurity is that more and more it is becoming a part of our everyday life. This means that we all have a responsibility to educate ourselves and be as knowledgeable of the tools we use daily.
- Make cybersecurity a priority
- Utilize online training courses
- Make cybersecurity part of daily conversations, part of the culture
- Continuous education for employees
- Regular reminders about updating workstation software
When choosing a website development agency, why is choosing one with IT security knowledge important?
Cybersecurity and data protection are, or should be at the top of every company’s priority list.
Hackers do not rest and are becoming more sophisticated in their methods every day. Having an effective security plan to harden security and prevent malware & Viruses, mitigate DDOS (Dedicated Denial of Service attacks), to ensure regular security scans and up-to-date SSL certificates, perform regular software updates and to limit access to only those that need it will go a long way in keeping your site and data secure.
How can companies with WordPress websites ensure security?
The following are key suggestions that we ourselves follow and provide standard in our secure web technology and infrastructure solutions:
- Secure your login procedures.
- Update your version of WordPress.
- Update to the latest version of PHP.
- Use a secure WordPress theme.
- Enable SSL/HTTPS.
- Install a firewall.
- Back up your website.
- Conduct regular WordPress security scans.
- Filter out special characters from user input.
- Limit WordPress user permissions.
- Change the default WordPress login URL.
- Change your database file prefix.
- Disable your xmlrpc.php file.
- Consider hiding your WordPress version.
If it’s time for a website upgrade, consider Gate 39 Media’s design and development expertise, coupled with our secure web cloud hosting and support services. Contact us or book time to chat with a technical website professional now.
Business Website Cybersecurity Essentials: An Essential Checklist of Protective Measures for Online Security
__
You may also be interested in: