When it comes to online security, we have all heard the horror stories. Business owners losing all of their data to crypto locking, websites going offline due to hackers, clients seeing porn websites instead of your business. Whilst it may not have happened to you in all likelihood your website or business assets online are under attack.
We manage almost one hundred websites on a regular basis and not one of those sites has zero attacks on it. What does this mean? Even if your site doesn’t physically look hacked or hasn’t been replaced by illicit third-party sites doesn’t mean it hasn’t been targeted. On average we see sites getting between 250 – 1000 attempted attacks per month.
When we say attempted hacks, we mean actual attempts to break into or infect your website. Most of these attacks are automated “script-based” attacks. Very few attacks are actually someone in another or try sitting at a keyboard targeting you. The biggest thing to remember is in 99.9% of cases these attacks are not targeted and are not personally aimed at your business.
It’s nothing personal!
So now that you know its not personal and, in most cases, not targeted why does it happen. The answers vary but in most cases, the reason they attack so many sites at random is to leverage the power of your server to perform larger hacks, or in order to use your server space to collect people’s logins or larger sites. We all see those emails saying you need to log into your bank or your social media account that comes from a seemingly legitimate yet totally false request.
These types of attacks where they try to get access to your accounts are called Phishing attacks. The whole aim of these is to get access to your details so they can use your identity and finances to further their own cause or line their own pockets.
So how do we protect ourselves online?
Let me start by saying there is no way to fully protect yourself online. If someone really wants to gain access to something of yours, they will. What you can do however is limit the probability that your website or your identity can be accessed. There are many ways to protect your data online and below I will give you my top tips for staying safe online.
One thing to note is that when it comes to being safe online there is no one solution fits all. You will need to look at what works for you depending on your needs and make sure to implement the relevant items into your security strategy.
We have developed a great worksheet around your personal security, a checklist of sorts so why not download your free resource below. Click here to access your free resource (email address required).
Your online security strategy starts at home.
When it comes to your security strategy it needs to start at home. Often when infection or breach happens it happens on a less secure terminal often at home. When you’re at work or working in your business you tend to take more notice of the security of your network and that of your computers. We tend to relax a bit more at home and keeping your personal devices that access critical information secure is important.
With your home network, computers and mobile devices make sure to follow these few key steps:
- Always use a good quality antivirus program and make sure you have a good firewall application in place. When it comes to this I personally recommend and use Bitdefender on both my Windows and Apple devices. I recommend asking your local IT support specialist for their recommendation. Just remember not all antivirus software is built equal and whilst not the best any antivirus free or paid is better than none.
- Make sure you perform regular backups of critical data to a secure off-site backup. This means that should something go wrong with your computer or it becomes compromised there is at least a chance you can salvage your data. Once again, I recommend talking to an IT specialist to find the best solution for you and your data.
- Utilise strong passwords for all of your various logins. When you think of a strong password to use make sure it includes at least one uppercase letter, one lowercase letter, one number and one symbol. The best passwords are generally a total of eight characters or more and contain a good mix of those elements.
- Utilise a password manager and make sure your passwords for each platform are unique. There are many password managers out there such as last pass and you need t find which tool is the best for your needs.
- Your mobile devices need all of the same protection systems. When setting up your antivirus, firewalls and backups etc make sure you implement them on your mobile devices as well.
Now that we have limited your risk at home let’s look at limiting your risk in the workplace.
Online Security – Protecting yourself in the workplace.
When it comes to protecting yourself in the workplace the tips are from home are just as relevant but there are also a few tips specific to the business environment that you could follow.
- Make sure all business devices are protected by business grade antivirus and firewall. This goes back to not all antivirus is built equal and the difference between home and business grade solutions is varied. Make sure you consult your IT specialist to get the best coverage for your business.
- Use business grade network hardware as this will help to protect all connected devices due to the capacity and built in protections that are often not found in home grade hardware.
- Use business grade email providers such as Office 365 or Google G-Suite as these are far more secure and capable then the email services often built into your website hosting. Standard server based POP3 or IMAP emails are very old technologies and whilst they are somewhat secure, they are not up to the standard and needs of a modern business.
- Always scan any files, usb and discs before using them in your business. This will help to protect your system and network.
- Make sure you only open emails from trusted sources. If an email comes in that looks too good to be true or looks even remotely like spam, make sure to delete it and do not open it or click any links in it. If you are unsure consult your IT specialist.
Now that your office and your home are more secure how do you protect yourself on the internet and on your website.
Online Security – Protecting yourself online and on your website.
The protection of your data extends online to websites that you use and to the website for your business. To make sure you are keeping things safe in those places follow these quick tips.
- Continue the best practice of using secure passwords and a password manager for accessing all of your online logins. Use as many unique passwords as possible as this will allow for even better risk mitigation.
- Make sure your business website utilises best practice online security such as built in firewalls, force use of strong passwords and don’t allow website registrations or comments unless they are absolutely necessary.
- Make sure your website is kept up to date and monitored 24/7 so that you know if your website is under attack and can do your best to mitigate the risk. Many website designers and developers offer a service to keep your website up to date and these services are well worth the outlay to protect your website investment. Many of these services include critical elements including website updates, plugin updates, website monitoring and performance as well as regular backups.
- Make sure you only visit websites that are protected with an SSL certificate. You can verify that this is the case by looking for a small padlock in the address bar of the website. Some website browsers will also let you know with a large visual warning if a website is not secure.
- Always check the link you visit appears visually to be the site you intended to visit. This means if your logging on to your bank for example or any other website make sure the address in the top address bar appears to be the right address. A sure sign of a Phishing website is that the address will no match the website. You can always take things one step further by only visiting your bank and other secure sites using incognito mode on your browser this will help to protect your online movements.
In conclusion, I would just like to reiterate on a few key take away points.
Key Point 1.
Your online security and that of your data is ultimately your responsibility. Your IT support team and your website support team can do everything best practice but if you use weak passwords or poor personal security then the buck stops with you.
Key Point 2.
Online security is important so make sure to consult your IT specialist, your website developer and use common sense. There are many articles online and you can do a lot of these things yourself but make sure you do things correctly. I highly recommend even if you’re doing things yourself that you get some quality advice.
Key Point 3.
Remember if things do go wrong stay calm and remember if you followed this guide you should have backups that any professional IT consultant or website designer/developer can use to get you back up and running.
FREE RESOURCE DOWNLOAD
Make sure you follow the best practices as outlined in this article and in our free security worksheet which you can sign up for from this page or on our resources page.