The following tips may be the barest basics, but given APAC’s rising incidence of web attacks, these tips bear reiteration …
Recent statistics have shown that data breaches and phishing and malware attacks were causing around 23% of businesses in APAC to fall victim to expensive cyber breaches that cost them more than US$2.5m last year.
According to Sébastien Millanvoye, Web Hosting Solutions Manager, OVHcloud, common ways that online criminals target websites include compromising administrator accounts by ‘cracking’ poor-quality passwords or intercepting and even altering communications between the website and a visitor’s browser.
In other cases, cybercriminals can flood the website with spam connections (known as a ‘DDoS’ attacks) or exploit vulnerabilities in older versions of website platforms. Millanvoye said that taking only four simple security precautions can drastically reduce the chances of a website being damaged or compromised by cybercriminals.
- Choose strong passwords
Choosing passwords that are long and complex (using a combination of uppercase and lowercase, numerals, special characters) for cybercriminals to guess or ‘crack’ using password dictionaries are critical and will help protect your data. Avoid using personal clues such as birthdate or middle names at all costs.
Do NOT reuse any password for other logins, but define a unique code for each service account you create. Adopting this basic behavior can secure the entirety of your credentials and essentially, your bottom line. You should aim to renew all of these on a trimestral basis, at the very least.
- Install an SSL certificate
Ever notice how some websites begin with HTTP:// while others begin with HTTPS://?
The “S” stands for ‘secure’ and it means the website has a Secure Sockets Layer (SSL) certificate installed, so communications between the website and a visitor’s browser are encrypted. This makes it very difficult for online criminals to intercept or alter data.
Installing an SSL certificate for your website will allow it to improve its search engine optimization results, too. Pay attention to this technical information along with other information such as hyperlink syntax, for a better understanding of the level of trust on a website.
- Mandate anti-DDoS features
Distributed Denial of Service (DDoS) attacks leverage various strategies (such as botnet exploitation) to overflow a website or network traffic. They are said to occur every two seconds on the web. For those reasons, reputable website providers always offer some form of DDoS protection, and these services are well worth considering.
- Keep the host platform up to date
While some website providers will secure your service through specific features such as anti-DDoS, there are other common threats that can be easily avoided, thanks to a simple habit such as keeping all your components up to date including your Content Management System (CMS) platform and plugins.
For example, CMS editors such as WordPress, Joomla, Drupal or Prestashop offer several updates and patches every year. Those patches are equipped with the latest technical evolutions that have the capacity to fix all known vulnerabilities and keep your website at peak performance.
Applying those benefits will cost nothing and can be accessed within a few clicks from your CMS backend.
Putting these four simple security precautions in place will help you have a better comprehension of cybersecurity fundamentals in setting up and maintaining a website.
At the same time, keeping track of technological changes and remaining informed about security issues are good habits to practice in order to protect both your website and business.
Enterprises that fail to adapt on a cybersecurity level will face the risk of significant revenue loss and irreparable reputational damage.