Whether you realise it or not, your website is likely to be under attack as you read this. While this may not be cause for panic, on today’s web there is an almost infinite number of bots, fraudsters and spammers using all manner of hacking, spamming and scraping tools to harvest as much data from your site as possible.
Even if you only use online banking, email and social media, plenty of hackers will want to get their hands on your data, so it is ever more important to take online security seriously. What can be done to ensure your data is protected?
So here are our best practice tips to make sure you stay safe online:
If, like many of us, you’re still using the same old email account you set up years ago, there’s a good chance you’re still using the same old password. Indeed a study by online security firm TeleSign found a fifth of us (21%) are still using passwords that are over 10 years old, and nearly half (47%) have had the same password for the last five years.
The study, which polled over 2,000 people from both sides of the Atlantic, also found that almost a three-quarters (73%) of online accounts are protected by duplicate passwords, so if hackers find their way into one of your accounts, they’ll quickly find a way into the rest.
So our first tip is to ensure you update those old passwords and pick a unique one for each account, and avoid using any words that could be easy to guess, such as your place of birth, your child’s name or your favourite sports team.
And when it comes to websites, you should also make sure you have a unique username and avoid the defaults, such as the ‘admin’ username issued by WordPress.
No matter how random you’ve made your passwords, they’re probably not as secure as you think – if you can remember all of them, it’s safe to assume they’re not varied enough to be secure – so using a password generator and manager could be the way to go.
Download a free password manager like Dashlane (this is what we use ourselves), which can regularly generate random passwords, then store and sync them across multiple devices so you don’t have to try and remember any random codes.
It’s easy to indefinitely postpone that software update - especially when it might interrupt your workflow. But some of these updates are vital for the security of your website: most successful hacks are carried out on fairly new vulnerabilities discovered in software, something these software updates are designed to patch. Each day you don’t apply a software update represents an increasing risk to your system .
For this reason, you should run any updates as soon as they’re announced, or better yet: use the automatic update function and allow your system to automatically apply these when downloaded, being careful to note operating systems, anti-virus software, web browsers and CMS updates.
Two-step verification is a simple way of adding an extra layer between you and a potential attacker which may prevent them accessing your accounts, even if they’ve managed to get hold of your password. Once enabled, you will have to enter both your password and a code sent to another device (such as a message to your mobile) before you can log in.
All mainstream social platforms now offer two-step verification and while this may seem like a hassle, it’s well worth the extra few seconds it takes to log in if it means your data is kept secure.
If you’re interested in learning more about two-step verification turn it on.
Websites in particular can offer very specific types of vulnerabilities that can be left behind fro minor glitches and snags when the website was built. If not fixed, these can cause further compromises in your website security that hackers may be able to exploit.
Here at Simon Antony, we offer website audits designed to identify these types of bugs and minor snags which often lead to these kinds of security vulnerabilities, many of which will not be visible o a viewer of the website.
Hackers are constantly coming up with more advanced ways to steal your data – often working through sophisticated phishing scams or increasingly complex viruses and malware – so its worth being prepared just in case the worst should happen.
We recommend backing up all data across all the devices you use that are important - also important to ensure, for important data, that you also keep an off-site backup, or a backup stored on another system elsewhere physically separate from the rest of your systems.
Even if you use cloud storage to back up, we recommend still keeping a manual backup close to hand, just in case your cloud accounts gets compromised or you lose access to it for any other reason (such as temporary service outages from the providers end, or any internet connectivity issues).
