Security - You are the weakest link
As part of improving our involvement with our customer base, we are taking our blog to the next step through providing informative articles on a semi-regular basis. These will include handy tips, tricks and general know-how to assist you in developing your business online. Without further ado…
Cornelia Frances wasn’t wrong when she said you are the weakest link; whereby the human element of security is quite often the weakest link in the chain of securing your website. But this article serves to show that it’s so simple to keep tabs on your own security.
Strong and unique passwords
Whether this comes down to laziness or ignorance, passwords are one of the most common reasons for breakdown in your security. There are a few key things to remember:
- Simple passwords like ‘123456789’, ‘qwerty12345’, ‘myname1980’ and common dictionary words can be brute forced. Automated hacking scripts can retry different common passwords over and over until they get in.
- Reusing the same password across different login systems means if one gets hacked, they know your password and could use it elsewhere.
So what do you do? Use unique passwords which are a combination of capitalised and lowercase letters, number and if you’re game throw in a symbol or two. Just remember not to base it on dictionary words like ‘Pa55w0rd!’ as the hackers are still smart enough to get through those.
If you’re not sure you can remember your complex passwords, try using a tool such as LastPass or 1Password in your web browser to store them for you.
Many are caught out by nasty viruses or spyware on their computers which log keystrokes. You may have the strongest password in the world, but if there’s a key-logger maliciously storing your keystrokes and sending it to a 3rd party it all counts for nothing. Take the time to install a virus scanner like Avast or AVG, there’s nothing wrong with opting for a free one provided it has good consistent reviews.
Firewalls give you an extra defensive tool to help keep out unwanted individuals from your computer. Find something quick and easy to install such as Comodo or ZoneAlarm and let it do it’s thing.
Internet connection trust
So you’re out and about, you’ve just found a free WiFi connection, Great! Well actually, not so great… Who knows who could be sniffing the data going back and forward to your internet device (computer, tablet or phone).
Don’t trust WiFi connections in public for logging into systems you want to keep secure; your website, your social media accounts and certainly not your bank.
If you must connect via public WiFi to update facets of your website (such as using the WordPress or Joomla backend), consider running an SSL Certificate on your website to encrypt your data exchange. You can find out about the SSL Certificates we offer at https://ventraip.com.au/ssl-certificates/
Keep your devices secure
You wouldn’t give just anyone the keys to your car, so why would you just allow anyone to login to your computer, phone or tablet device? On your computer, set a login password, something complex as above. For your tablet and/or phone, enable a passcode lock; it’s really easy and saves you in the event you lose your device on the run.
For almost any website you sign up to, you’ve set your email address for forgotten password resets. So if a hacker wants to gain access to all of your logins, perhaps the easiest way is to get into your email and use forgotten password functionality. It’s just too easy!
On all of your email accounts it’s therefore imperative that you set both a secure password AND enable two-factor authentication. Two-factor authentication adds an extra step to your login, to receive an SMS code or enter a code from your phones authenticator application, but this extra step is worth the peace of mind. Once two-factor is setup, a would be hacker would require both your email password and your phone device to gain access, making it very tough for you to lose control.
Recognise Phishing Attacks
Phishing attacks are a very common way to lose your details; it’s important you learn to recognise when that email you receive “To Customer” from your bank isn’t actually real. So here are some quick tips:
- Don’t click links to login from an email sent to you. If you receive an email from PayPal with a link to login, don’t click it. Instead go to your web browser and go to http://paypal.com.au, then login from there.
- If the email addresses you as “Dear Customer” and you know they should have your real name on file, don’t trust it. If they were the real organisation, they would address you by your name.
- Don’t open attachments from people you don’t know; especially if you don’t have a virus scanner.
- Don’t click odd links on Facebook, Twitter, etc. They may be hacked accounts of your friends which means if you click the link, your login details will be stolen.
Stay tuned for next time, where we will discuss the basic methods for keeping your WordPress installation secure.