I know it’s hard to believe, but “the news” recently broke away from its 24 x 7 political coverage to shine the light on some very troubling cybersecurity issues involving government and large companies. The Boeing Company, the City of Atlanta, even our nations power grid have been impacted by successful attacks in the past month. Even though all these entities have significant budgets for security, they are not immune to malicious computer attacks.
All it takes is for someone to click on the wrong link or open an attachment in email, and the hackers can start to invade company networks. This is where the real pain starts for anyone or company that has been infected. The cost in terms of dollars, data, and intellectual property can be immense. In fact, a recent study conducted by Ponemon Institute, found (out of 419 participating companies) that the average data breach costs $3.62 million.
Case and Point: A local company here in Maple Valley was impacted a couple of years ago when one of their employees opened a malicious attachment from an email. The attachment was actually a program that ran undetected on the employees computer and was able to watch her keystrokes. That data was being transmitted to someone in Russia. At that point, the Russian attacker was able to gain access to the company bank account and start transferring money. Fortunately, they became aware of the problem very quickly and were able to stop it before losing a lot of money.
Website Security Starts with YOU!
So, what does this have to do with a website? The point is to realize there is always a threat even IF you have STRONG anti-virus programs running on your computers and devices. A dedicated approach to proactive measure and practice can save you pain and money down the road.
First, you need to start with your own habits when dealing with your personal computer, laptops, and mobile devices. Here are some important and common practices to take:
- Regular Backups
- Latest Security Updates or Patches – Your operating systems (Windows & Mac OS) have frequent updates, and most of the updates have some sort of security updates.
- Application Updates – Same as above
- Desktop Anti-Virus Programs – There are some very good
- Email Attachments – This is extremely important! If you receive an email from someone you don’t recognize or perhaps an unexpected email from Paypal for instance. DO NOT open the attachment.
- Email Links – Same as above. There are some very believable emails that are sent using company logo’s and email templates that look authentic, so it can be difficult to know. I usually try to click on the “sent-from” email address. If the address is something other than the company on the email, it’s cause for alarm. Another sure way to find out is to contact the company directly to authenticate the email. As you can see from the image below, this was an actual email from a friend who lives only a few miles away. You can see that the sent from email is actually a Brazilian account.
Strong Website Security Programs
In addition to practicing good email habits, you should have a strong website security program or application running on your website to prevent brute force attacks, malicious content & attachments, and enforce strong passwords. If you have a website running on WordPress, I recommend using Wordfence or Sucuri security plugins. They both have good reputations and regularly update their software.
If you have questions regarding website security or need help installing and configuring security software, please contact us.