We hear about major data breaches almost every day – at least it feels that way. Household names like Facebook and Deliveroo have already landed themselves in hot water this year for exposing sensitive customer information and allowing accounts to be infiltrated by hackers. Even the UK Government’s petition site is under review after it was suggested that bots were hijacking the site. So why are so many companies unaware of what happens on their site? And why are they so easily breached?
Never slack on security testing
The answer lies in security testing or lack thereof. Facebook only discovered their site had been hacked through a scheduled security test and put damage limitation measures in order. But still, millions of passwords were exposed.
When it comes down to it, most big-name brands still use out of date security software and slack on frequent testing, simply because a problem isn’t a problem until it becomes critical or public knowledge. Whatever comes first.
Fact: Hackers account for 90% of login attempts at online retailers
While putting in basic measures to protect your site online is a good starting point to begin transforming online security, larger scale hacks require a stronger response.
Here are 7 advanced ways you can protect your site, in simple terms:
1) Conduct internal and external penetration tests frequently
2) Use an up to date IDS (Intrusion detection system)
3) Turn off unused servers; don’t just power down
4) Only accept data from a select set of IP addresses
5) Host your backend services on a virtual private server (VPS), that is not always visible to the public
6) Rotate passwords and keys frequently
7) Outline a security breach plan
Once you cut through the jargon, increasing your security doesn’t seem like such a mammoth task – especially if you pair your internal team with an external security testing company. After all, you don’t want to wait until chaos erupts for you fix your security problems and risk losing the personal data of millions of customers.