Once your business goes live online, you’re vulnerable to mayhem. Detectify’s CEO Rickard Carlsson explains why web security matters and how you can protect your organization on the internet.
The Internet is broken, from a security point of view, and most organizations are vulnerable to attack. You need to figure out how vulnerable your business is, and find the best way to protect your information online. Web security is a long-term commitment that can protect your customers and brand, and keep your website safe from hackers. If you’re running an online business, you need to make security a habit as soon as possible.
To get started, let’s clarify three common misconceptions about web security.
I’m safe, because nobody wants to hack us.
Most hacks are automated and do not target specific organizations. They’re designed to spread malware via your site, send a political or commercial message, carry out an advertising scam, or some other malicious activity. Hackers don’t care about you, specifically. But if they’re successful, the damage will hurt your brand and give you unnecessary clean up work. It is increasingly common for hackers to attack multiple organizations without a specific target in mind, so your website could be at risk even if you think you have nothing of value to steal.
I’m safe, because we only use integrated third party services.
Third party services are vulnerable too and can cause a great deal of damage if they’re hacked. For instance, poor use of JavaScript on a third party service or a plugin could compromise the security of your complete domain. This includes your blog (blog.yourdomain.com) and your general website (support.yourdomain.com).
I’m safe, because we let an agency do our development.
Unless you asked for a security assessment or safe development, you’re not safe. Even if an agency is taking care of your development, your business can be compromised. What can happen? A potential attacker might try to steal information, or use your site for illegal activities or to spread harmful code. Or the hacker might encrypt all your data, just for fun.
Here’s what can happen if your site gets hacked …
Hackers can replace your site with just about anything, like Viagra ads or changed board member information for new visitors while you still see the original information. Customer data can be obtained and leaked from sites with user login and profiles, and if you are using SaaS service and web-shops, hackers can impersonate a user on your system and trigger actions or complete a purchase.
This might leave you feeling a bit depressed, but don’t give up yet. Here’s what you can do to improve your security through automated tools and professional services dedicated to protecting your business:
- Start by identifying the myriad ways a hacker can get into your system. The most common methods of hacking into a system are outlined annually by the people at the Open Web Application Security Projects (OWASP), who list their top ten risks.
- Update and patch your system regularly, and re-configure your servers.
- Use automated testing tools on a regular basis. They will allow you to find mistakes when coding, as well as discover and replace old versions left behind.
- Protect all your business devices with full-disk encryption and strong passwords.
- Do manual testing with external resources from a security firm or freelance security experts on Elance-oDesk.
- Add systems that detect abnormal system activities.
- Most companies don’t know where to start, or whose job it is to find and deal with security breaches, let alone prevent them. Put together a strategy including what to do in case of an attack, such as who to inform and what actions to take.
Start protecting your systems today and make security a priority. Make sure no stone is left unturned and run security scans on a regular basis.
Go hack yourself…. or someone else will!