Did you know that the average cost of cybercrime per company was $7.7 million in 2015? This is according to a study by the Ponemon Institute, which also found the number of attacks is increasing, the time to resolve attacks is growing, and that attacks are more damaging than ever before. Not good news then.
As a result, IT departments around the world are prioritising online security, as the customer and financial data available through corporate websites is a virtual goldmine for cyber criminals. So, if your website doesn’t have the following security measures in place, it might not be protected against hackers.
Up-to-date web servers.
By having the latest web servers, like VPS hosting which can deal with huge fluctuations in traffic, your site will stand a better chance of avoiding common hacking tactics such as Distributed Denial of Service (DDoS) attacks.
This is when cyber criminals attempt to shut down your website by overwhelming it with traffic from multiple sources. Along with the possibility of losing data, a DDoS attack can also cause your website to be down for a prolonged period of time. Having a DDOS detection and mitigation system like FastNetMon can also be a great option for preventing such attacks.
Up-to-date software.
Vendors of operating systems and anti-virus software continually release patches to address the weaknesses and vulnerabilities that hackers frequently target. Therefore, if you don’t download and install these updates when available, your website is at risk.
What’s more, updates cost software companies a great deal of money to develop and release, which means they only do so when absolutely necessary.
Tight access controls.
In order to prevent hackers from gaining access to the admin level of your website, introduce tighter access controls. Options include changing the default username and password, limiting the number of login attempts, and introducing two-factor authentication.
Also known as 2FA or 2-Step Verification, this technology will ask for additional confirmation of the user’s credentials to gain access. Verification can come from a physical object like a USB stick, a secret known to the user, or a physical characteristic such as a fingerprint.
File upload limits.
The problem with allowing visitors to upload files to your site is that they may contain a script, which when executed on your server opens up the website to attack. Even if you have a system in place that thoroughly checks file uploads, bugs can still find their way through.
That being so, the best course of action is to prevent direct access to any uploaded files. It also makes sense to store them outside the root directory and only use a script when you require access.
Regular backups.
Even if you have taken every security step possible, you should not be complacent when it comes to defending your website against hackers. Don’t forget to regularly backup all of your important documentation and data in multiple locations on a variety of devices.
If the worst-case scenario does occur and cyber criminals manage to infiltrate your system, you will still have access to essential files and folders, which enable you to get back up and running again as quickly as possible.