How to Protect Your Website in 2017?

2017 is a turning point for all businesses that use IoT solutions in the workplace, engage customers through mobile apps, rely on enterprise software or… simply run corporate websites! A string of high-profile cyberattacks has revealed an uncomfortable truth: neither companies nor smart gadget manufacturers/software vendors take IT security seriously. Cybercrime has become a $ 600 billion opportunity. Hackers target both IT corporations and medium-sized companies. In fact, it is smaller businesses that often fail to strengthen security systems and suffer losses. Discover how to keep your website secure through 2017 and beyond!

3 steps to secure your website

In most cases website security maintenance falls to following the very basic security practices known to every software developer:

· Automate CMS/operating system updates. The infamous WannaCry ransomware attack which took the world by storm last May targeted older versions of Windows which were no longer supported by Microsoft. Exactly the same thing happened to Dyn whose servers were attacked by a botnet made up of compromised W-Fi routers and surveillance cameras; days later security experts discovered that only 30% of smart gadget users track firmware updates and take the trouble to upgrade to the latest version. Technology evolves — and so do hacking techniques. Although the CMS updates/security patches issue is usually addressed during the website development process, hackers never fail to discover vulnerabilities in commonly used website content management and operating systems and exploit the opportunity. Since 2005, the world’s most popular CMS solutions including WordPress, Drupal and Joomla have registered over 200 vulnerabilities each. That’s why you should address a reliable software vendor to make sure your business website is out of danger;

· Develop a corporate security policy. With 48%, employee negligence remains the major cause of data breaches and cyberattacks affecting small and medium-sized companies. During the 2016 Black Hat security conference Dr. Zinaida Benenson, a notable cybersecurity researcher from Germany, presented the astonishing results of her phishing survey; it turns out most employees are aware of potential phishing attacks and still click on links embedded into suspicious emails even if they don’t know the sender! In order to protect your website and other apps within your IT infrastructure, you should develop a strict corporate security policy — and make sure your colleagues adhere to it. Also, you should secure your email systems, introduce two-factor authentication and conduct frequent employee screenings to detect malicious insiders (who cause up to 5% of registered cyberattacks and data breaches);

· Choose the right hosting provider. In case you’ve opted for a hosted website platform like WordPress.com, Shopify or PrestaShop, you’ve got nothing to worry about: security patches will be solely handled by the service provider (at least that’s what providers tell you). The reality is quite different. In 2012, Bev Robb shared his experience of dealing with a major WordPress attack which had affected all sites on his VPS. 5 years on, nothing has changed. You surely don’t want to trust your website to a company that fails to provide tech support and is slow at rolling out security updates? Also, you should back up important data (like customer records and payment credentials) and store it on-premises: a typical cyberattack victim is denied access to his website, enterprise applications and all computers within a business network. Once hackers put hands on your data, you won’t get it back until you pay ransom. Every hour of downtime will cost a small company at least $ 8 thousand; can you imagine the damage caused to Twitter, GitHub and other websites brought down by the Mirai botnet?

How to secure your website: closing thoughts

Cybersecurity is important. Yet, 52% of businesses do not plan to reinforce security through 2017 — and that’s why we bring up some more stats to guide you in the right direction:

· Last year, 4 ransomware attacks were registered every day. 70% of businesses that encountered such attacks paid hackers in order to regain control over customer data. One in five victims ended up paying over $ 40 thousand. This year, ransomware attacks are predicted to cause $ 5 billion in damage worldwide;

· Infected emails remain the #1 factor behind malware attacks. Among other reasons one should mention third-party errors (including bugs overlooked by developers) and system errors;

· When it comes to emerging technologies like IoT, it is the lack of universal security standards and user ignorance that cause the most trouble.

The r-stylelab.com team urges you to treat cybersecurity seriously and report attacks to authorities. In case you consider developing a website or enterprise application in the near future, make sure to build software with security in mind. There are no flawed content management systems or programming languages; it is developers who mess with the code! Provided you choose an experienced vendor, you have nothing to worry about!