These days, it’s incredibly easy to spin up a new website and get a new online business off the ground. This is certainly good news for business. However, there’s a big difference between establishing a solid web-based business and throwing together something in a hurry that could experience big future problems due to wobbly foundations.
With nearly 40,000 websites hacked daily, it’s clear that all webmasters swim in dangerous waters. However, it’s actually reasonably easy to ensure you’re not one of the easy targets for cyber criminals.
Here are three things many people do that turn their sites and web applications into “low hanging fruit” for hackers. By avoiding them, you can significantly reduce the risks your online projects face.
Given that we live in a world where high-profile hacking stories hit the press day in, day out, one might assume that people now take password security seriously. However, The Telegraph reported in early 2017 that laughably weak passwords are still very common, with things like “123456” and “password” still widely used
Sadly, it’s not only technical novices who use such passwords. IT professionals can fail to heed warnings too. When websites and applications are in their development and testing phases, it can be tempting to use simple passwords on test accounts to make them easy to remember. However, every weak password is a potential way in for a hacker, so strict user security should be enforced from the start – for staff and for users.
A web application firewall can protect sites and web applications from common online threats. These include things like SQL injections, where hackers access personal details by submitting crafted queries to online databases.
Even though such firewalls are inexpensive, some webmasters seeking to get a project quickly out of the door or cut costs down to the bone launch projects with a “fingers crossed” approach to security. These people are very likely to face an inevitable bad day at some point in the future, when a hacker makes easy work of compromising their site.
As anyone who’s had to impatiently wait for a Windows machine to boot up will attest, system updates are regular irritation in the world of tech. And it’s not just operating systems that need regular patches and updates. Web content management systems and plugins often need updates too, usually to patch significant security vulnerabilities.
In early 2017, a vulnerability in a popular WordPress image gallery left over a million sites in danger of being hacked. Instances like this crop up all the time, so it’s essential that plans are put in place to constantly keep on top of updates and new software versions.
The items raised above are all pretty straightforward but still often neglected by people building websites, usually because they are hustling off to do the next thing. By ensuring you’re not falling into any of these simple traps, you can make your websites and apps more secure than many.