Unless you have a specific interest in cyber security you probably don’t stay abreast of the latest trends in hacking and cyber-crime.
I do have an interest – a keen interest – because I want to make sure that Abledragon websites are as secure as possible. Same for the websites that we build and maintain for our customers.
And I can report that cyber-crime (in which I’m including all types of hacking, phishing, data theft, impersonation, ransom requests and any other crime perpetrated online) continues to grow in both volume and sophistication – especially sophistication.
You will probably have read about Cambridge Analytica and how they allegedly used data stolen from more than 80 million Facebook users to influence the 2016 US Election and probably the 2016 Brexit referendum.
Those incidents illustrate the reason cyber-crime continues to grow: the rewards for cyber-criminals are substantial – in that case, potentially an entire US government in the palm of their hand.
At the other end of the scale, the reason that spam continues to be the scourge of email users is that it’s highly profitable. If it wasn’t, we wouldn’t continue to be bombarded with it.
Cyber-crime tools of the trade
I’ve written elsewhere that it is the responsibility of all website owners to keep their websites secure because, if they don’t, they are aiding and abetting the hackers and facilitating the growth of cyber-crime.
“Why is that?” you may ask. Here’s why:
In order to carry out their cyber-crimes, the cyber-criminals need assets that they can use to their advantage. These include users’ login details, proxy IP addresses, powerful servers, personal computers and, of course, websites.
So when your website is hacked it is added to the hacker’s assets and becomes part of the scheme they are running at that time, and any future schemes for as long as the hack goes unnoticed.
And one of the recent trends is to hack websites in such a way that:
- The hack is not noticed
- The hack is difficult to find (and, therefore, repair)
It is in the hacker’s interest to keep your hacked website active and live for as long as possible. And as long as that hack is not noticed and fixed, your website can continue to be used to carry out some form of cyber-crime.
The days when hacking websites was solely about defacing them are, mostly, gone. Today hacked websites are put to work as part of an online criminal scheme.
14 Easy ways to make your website more secure
Notice I said ‘more secure’, not ‘secure’. This is because no website can ever be 100% secure against hackers.
If they want to get in, they will – as has been illustrated in hundreds of successful, high-profile hacking attacks, such as those on Yahoo, the Democratic Party, LinkedIn, Aweber, and many more.
In no way, however, does that let website owners off the hook..! It is still your responsibility to keep your website as secure as possible!
Here, then, are some easy-to-implement ways to make your website more secure:
- Install and use a Password Manager in your browsers (I have used Roboform for years)
- For WordPress users, create a username that bears no relation to your name or your website’s name. Use letters (upper and lower case) symbols and numbers, as you would in a password
- If you have an obvious username, and you are the administrator, create a new administrator level account for yourself, with a complex username and a complex password, log out, log in again using the new credentials and delete your original user account (this is for WordPress users only)
- Never use the same password on more than one login – as soon as you do that it’s no longer secure
- Create passwords using letters (upper and lower case), symbols and numbers and make them at least 12 characters long (this is why my first recommendation was to install a Password Manager!)
- Install a good security plugin
- Develop and implement a scheduled full-site backup routine and keep your backups off-site
- Check your site each day
- Keep all software up-to-date – WordPress core, plugins and themes (even if they are deactivated)
- Remove inactive plugins and themes (except for the current WordPress default theme)
- Use a good quality, security minded hosting provider
- Don’t give your user login details to anyone else. If you want someone to work on your website create a user account for them and then remove it once they’ve finished their work
- Change your password at regular intervals of less than 90 days
- Make sure your website is using an encrypted connection (HTTPS, not HTTP – this will protect your details when you log in)
Implementing all of those steps will greatly increase the security of your website.
It’s your responsibility!
Yes – owning and operating a website carries responsibilities. They aren’t trophies, they require active monitoring and maintenance and it’s your responsibility as a website owner to carry those out or delegate them to someone who will do it for you.
As I said earlier, failure to do so aids and abets the cyber-criminals and makes you a poor net citizen.
If you’re concerned about the security of your website we can help. We can do a security audit on your site and we can take on all the ongoing monitoring and maintenance for you, as well as recovering your site if disaster strikes.
To learn more about how we can help: