My fault, I hadn't changed my password in yonks.
Resolved that quickly and my account is back to normal. But fixing that small error of mine took me back to a day many years ago, in the early 90's when one of my personal sites got hacked.
Been lucky since then, as it has not happened again, but I have learned a lot about website security since then.
What surprises me talking to people, is that the average Joe that has a website fails to see how security vulnerable their sites may be; they fail to see that they could be assisting hordes of cyber criminals distribute malicious code to their customers, friends and family members.
In the old days many cyber criminals distributed malicious code via e-mail. Today the cyber criminals mostly use websites to distribute their nasty code.
On average 50,000 new websites are identified every day that are distributing malicious code to users passing by.
Many people are under the assumption that malicious viruses are distributed only from adult sites, gambling and other forms of vice but in reality the majority of these 50,000 sites are in fact just small business sites or even personal blogs.
Another widely held web threat misconception is that cyber criminals only go after large enterprises or government organisations.
You couldn't be further from reality. Another misconception is that of a cyber criminal being a person sitting behind a computer screen targeting a site. They couldn't be further from the truth.
Currently most cyber criminals have automated scanning tools that scour the web looking for websites to infect. Their target personal blogs and small businesses websites looking for website vulnerabilities that they will happily capitalise on so as to spread their malware.
If you have a presence on the internet in any form, here are some tips on how to secure your site and avoid becoming an accomplice for the cyber criminals. By applying some of these practices you can help make life much harder for cyber criminals trying to distribute their malicious software via your site visitors.
5 Tips to protect your website
If you look after your own website, you can apply the below practices. If you outsource this to a third party this constitutes a useful set of questions you can ask of your service provider.
This is far from an exhaustive list, but it is just a starting point if you have a website and you haven't given a though to the security aspects of your site before.
- Make sure your web site was built following good secure coding principles.
- Check that your web server software and any other software you use is patched and up to date. If you use a third party make sure they have policies and processes to do this for you.
- Check that when you transfer personal information, credit card or other sensitive data you encrypt the web traffic using SSL.
- Perform a regular scan or check on your website to spot unexpected changes or nasty malicious content.
- Insure you have frequent backups of your website (particularly if you host a database with dynamic content or user information) as you may be forced to restore it in the event of an attack. Remember that tidying up the damage left by cyber criminals is very hard work, a costly exercise and very time consuming.