Author’s Note: This article is part of a Tech Topics column I write for a small print publication focused on helping small business owners become more comfortable with technical topics.
It’s not a glamorous topic. When you hear the words Internet Security, the first thing that pops into your head is probably viruses, spyware, phishing and other tribulations of the Internet.
However, there is another type of internet security you should be aware of, and that’s security for your web site. We have recent reports of two sites that were defaced or hacked in some way. Unlike the image you see on the news, of the elite hacker sitting for days engineering a secret way into web sites, both of these problems could have been easily prevented with a few minutes of time and a little attention.
First, create a good password. This goes for passwords to your server (FTP or File-editing access), passwords to your email, and passwords to your web software, like an online ordering system. I’m not saying you have to make the password look like “Th1SizAg0OdP@s$w0Rd” but also don’t make them “password” or “CopyShop” or your company, spouse, pet, or child’s name. Birthdays are also a very common source of passwords. The idea is not to make the password so difficult you will never remember it, but also to make it hard enough that no one would be able to guess it with a few minutes of trying.
Second, keep your software up to date. If you are running a content management system (CMS), online ordering system, or shopping cart of any type, make sure it is up to date. New releases of these applications often contain security fixes to help keep out would-be intruders. While this may sound daunting, many modern web applications like these have simple update links to click and they will update automatically. Similarly, many web hosts provide a “1-Click” update functionality. Of course, if you’re working with a company to provide your web site then they should already be taking care of this for you.
Third, keep a critical eye. This is not so much a tip as just a warning to remain vigilant. Often times, intruders gain access to systems not by hacking them by guessing passwords, or exploiting flaws in software, but by “social engineering”. Social engineering is a fancy word for trickery. One of the more common forms is a fake email pretending to be from a trusted source such as a friend or colleague, a paper or supply vendor, a large retailer like Amazon, or even your bank. The purpose of these fake emails is to direct you to a web page that mimics the look of the actual page and getting you to enter your username and password so they can then turn around and access your accounts without your knowledge.
A good rule of thumb is that if something looks suspicious, it probably is. If you get an email about a recent order from amazon.com that you never placed, or a note from your bank about a large purchase you don’t remember making, don’t click the link in the email, as it is most likely going to redirect you to a fake site. Go to your browser and type in amazon.com or YourBanksName.com. If you have any question, a call to customer service is a surefire way to verify the authenticity of the message.
All of these are simple things you can do to save yourself hours of headaches and repair work should your website or server become compromised. The moral of Internet Security really is that an ounce of prevention is worth a pound of cure.