KAREN STEPHENS Karen is CEO and co-founder of BCyber, an agile innovative group who works with SMEs to protect and grow their business by addressing their cybersecurity and governance risk gaps by demystifying the technical.
Ten top tips to secure your website In May this year Domain.com.au advised that a cyber-
3. Implement least-privilege access. Limit people’s
attack had resulted in an unauthorised third party
access to the lowest level they need to do their
gaining access to users’ personal information and
job. Not everyone needs full admin access. And
deposit details. Yet, when you mention cybersecurity
limit external parties’ access and timeframes.
most people automatically think of antivirus, the
There is no need to have umpteen administrators.
Deep and Dark Web, Ransomware as a Service, and
People with unnecessary access can result in
possibly the need for a cyber awareness program or
unwanted website security incidents and when
endpoint protection. Few people, if any, have website
a staff member leaves, check that their website
security top of mind.
accesses are removed.
Website attack is very popular with the
4. Deploy a secure sockets layer (SSL) certificate.
cybercriminals. Some estimates put attack
Buy an SSL certificate. With that little lock
numbers as high as 50,000 websites per day. The
showing in the top left corner of your website
cybercriminals tend to adopt a “spray and pray”
you boost your SEO rankings and ensure any
approach, using programs that detect websites with
data your visitors send to your site is using an
accessible vulnerabilities, only a small minority target
encrypted channel, so cybercriminals cannot
specific sites. Cybercriminals do not necessarily
see it while it’s in transit. You may even wish
want your data. They may want to use your server as
to consider upgrading to TLS (Transport Layer
an email relay for spam or set up a temporary web
Security) a more recent version of SSL.
server for nefarious purposes, plant malware, redirect traffic to another site to name but a few objectives.
5. Update early, update often, update everything. Websites use tools to run effectively: content
You can implement a few small, but powerful
management systems, plugins, WordPress, Java
measures to protect your website.
scripts and the like. Updates not only fix “bugs
1. Review your site security. Have a formalised scanning and review program covering access levels, patching, updating protocols and the like. 2. Take ownership of security. Do not leave the security of the site in the hands of the wrong people, for example marketing or web designers. They may be great at what they do, but would you let your interior decorator recommend, implement, and monitor your back-to-base alarm?
and glitches”, but they also often provide security enhancements. Updating immediately means you are closing a vulnerability and remaining one step ahead of the cybercriminals. 6. Have a website backup strategy. A regular backup program will help you recover more quickly from a site hack (or human error or an update problem). Ideally you should have the backup stored on a server other than the one hosting your website. You do not want to lose your website only to find your backup has been infected as well, because that would mean a full site rebuild.
74
WOMEN IN SECURITY MAGAZINE