web analytics

Highlights

Keep Hackers away from your Website




When you own a small business, one of the first things you can do to advertise online is setting up a company website. However, running even a simple website can attract hackers or script kiddies, especially if you do not take precautions or safety measures.

It is common for company websites to be targeted by hackers. However, their attempts usually fail due to good website security that most companies should have. ??We’re sharing good practices and tips for website owners in order for them to have an impenetrable security against hackers.
 
1.) One of the most recommended tools that every company website should have is a Web Application Firewall. This blocks HTTP traffic going and coming from a web application. This is basically dedicated to protecting your website from attacks such as SQL Injection, cross-site scripting, and other security-related attacks. ??CloudFlare offers website security by implementing Web Application Firewall on your website. CloudFlare also has a Distributed Denial of Service (DDOS) protection which prevents websites to overflow with requests from users.

2.)  Use Secure Socket Layers (SSL) certificate to help company owners secure their company website. SSL will cause any form of information to and from the server to be encrypted. This also prevents hackers to sniff out visitor’s information when they access your website. You can check out this link on how to properly set-up SSL on your website. After setting up the SSL on your website, you can now have access to “HTTPS” to be further secured in collecting sensitive information on the company website.

3.) For databases on your company’s website, hackers may try using the “SQL Injection” method where they will put SQL queries into website databases in order for them to collect data from it. One of the most common methods in order to prevent this from happening is to  use SQL parameters. This allows filtering of queries being requested from the database and can prevent SQL injections to be successful.
 
4.) When your website is down or suffers from errors, make sure that the users accessing your site do not have too much information on the error messages. Having too much information on error messages will give hackers enough idea on how to attack your website so always make sure that you give vague or general information.
 
5.) Company owners should always hide Admin pages in order for hackers to not easily locate the “main control” of your website. This could lead to a compromise and leakage of vital information of your company.
 
6.) When creating sign-up or login forms, always perform validation on the server side. By doing this, it will not be easily bypassed by someone with malicious intents and even if javascript is turned off, the validation would still work. In simple terms, means that when users or clients fill out forms, it will only be validated by clicking “submit”. One example would be Facebook’s sign up form in which users will be notified if there is an invalid information after clicking “create an account”.

?7.) For employees who are accessing their company website regularly, always make sure that you have a secure device that only you can access. It is important when accessing the website, especially if you have an admin role, employees should have a secure device to prevent hackers from stealing or recording your account credentials by using keyloggers and such.
 
8.) For website administrators, always use complex and long passwords upon accessing your company website’s main system. This is self-explanatory but in order for hackers to not hi-jack your account credentials easily, you should have a complex and long password.
 
9.) For companies who have many employees that can access to the website’s main system, it is highly recommended that company owners should implement login timeouts. This is to control and handle users who are accessing the website’s main system from accidentally leaving their monitors on while inside it which could be easily be accessed by potential hackers that will try and use your computer.
 
10.) Company websites should also implement two-factor authentication (link to our guide here) for its users especially with admin roles in order for the website to be really secured not just for its users but for the company itself. The two-factor authentication is a method where logins add another layer of security. An example would be when after logging in your username and password, the website will then be asking users to verify their identity by sending verification codes or asking them secret questions in order to proceed.

11.)  Limit file sizes and types that users can upload to your website. Some websites have upload functions in which users can upload various files on it. One risk is that if some of the files that are being uploaded are infected or are with encrypted codes that could simply crawl to your website’s backend and database, it can result to hackers easily accessing your website and/or mess up with your system easily.
 
12.) It is recommended that company websites should have a separate server for their database in order for hackers to have a hard time finding out where the company’s vital information is stored and located.
 
13.) Lastly, keep everything up to date. For company website owners, always make sure that the system in which your website is running on should be updated. This is to be secured from the latest methods that hackers use in order to penetrate your website.
 
And there you have it, these essential practices and tips will help you towards building a very secured website for your company. There will be always a way to counter hackers from penetrating your website and these listed here are not the only ways to stop them. Once hackers see that your website is tight and secured, they will be disinterested in trying to pry into your websites and it will be your win.??We’re working with Globe Business to share with you some of the most basic security tips for a better #makeITsafePH environment. Globe Business offers cybersecurity solutions to ensure business continuity that allows you to mitigate security trends before they happen. 

To know more, you can visit http://business.globe.com.ph/solutions/managed-security-services.html. Also, do check out some of the earlier articles below.

More #makeITsafePH security tips:



Abe is the founder and Editor-in-Chief of YugaTech. You Can follow him on Twitter @abeolandres.

You may also like...

1 Response

  1. cruizer says:

    “However, their attempts usually fail due to good website security that most companies should have.”

    Sigurado ba kayo dyan?!

Leave a Reply

Your email address will not be published. Required fields are marked *

Open

Close