Tips for better website security
Cyber security experts, Foregenix, scanned 217,946 Magento websites for vulnerabilities. They found that 86% of those are lacking critical security patches, 4500 are hacked and losing credit card data right now.
This is a scary statistic but with 3 simple steps you can help improve your chances of being in the 14% rather than the 86%.
1. Use strong passwords
You can have the best alarm systems in the world, have security teams standing by your front door and have the most well trained guard dogs in your house but if you give someone your front door key then all of that is pointless.
Hackers use programs to “brute force” passwords. This means that computer code is constantly scanning common website admin paths (www.example.com/admin) and attempting to login with common usernames and passwords. If these programs succeed then your website is compromised. Using strong passwords is the most simple thing you can do to keep your website secure so think again before using credentials such as “admin” and “password123”. Use a password manager, make them strong and make them unique. You can also speak to me and I’ll help you change your standard admin path to something more obscure.
2. Install security patches and updates
Admittedly this is a little more complex because you need to take backups and some systems, such as Magento, require developer skills to update however there are plenty of people offering website maintenance plans which are very cost-effective and are much cheaper than a fine if you have a data breach. Read more about how zenplan can help you with this.
3. Monitor files
You don’t need to understand how systems work to know what looks right. This can be as simple as logging in to your website directory using basic FTP skills and taking a screen grab of what files are present. Then periodically check your website directory against this screen grab to see if any new files have turned up. You don’t need forensic skills, you just need to have a reference. There are also free WordPress plugins available which can alert you when your website files change.
For more complex systems there are malware monitoring tools available. If you would like to discuss these tools then I’m a Foregenix Cyber Partner and can get you set up with their FGX-Web system. This system constantly monitors websites and alerts the security team of any vulnerabilities or malicious activity, such as credit card data being shared, so that they can be patched before a breach occurs.
The point of this email is to help you understand that security best practice doesn’t have to be a complex matter. Just using the 3 simple steps above will help you keep your website much more secure.
I’m happy to offer free advice if you want to know more, just give me a call on 01782 954282 or contact me via this form.
Thanks for being #CyberAware.
Written by Steve Perry