In today’s guest post, Web security expert Alan Wlasuk shares advice on protecting your business’s data from hackers.
We see them every day – large enterprises like Sony and Citigroup making headlines due to massive security breaches. But what most people don’t know is small businesses are the more frequent, less publicized subject of attacks. Reports show that 85 percent of websites have at least one high-risk vulnerability. This one vulnerability could be enough to lead to a large breach resulting in lost data and the need to hire a costly security team.
Here are four tips you need to consider to make sure your small business is safe from online security attacks.
1. Pay attention to network (perimeter) security as well as application security. Make sure you have appropriate physical security guards in place. Consider firewalls, securely locked server rooms and intrusion detection systems as a minimum.
2. Store only the information you need. Many companies save ‘retired’ information online, just in case it is ever needed. Back up and purge data frequently. If your business does get breached, only minimal data will be at risk. In addition, old data might be saved in clear-text format or using outdated encryption, each of which makes it easy for a hacker to make malicious use of that data.
3. Stay patched. Don’t fail to update your systems. System updates (i.e., to operating systems, database software, software firewalls) are frequently done for security reasons—particularly after the flaws in the current systems are announced to the world. That means if you don’t update, hackers will know exactly what the weaknesses in your current system are.
4. Trust but verify. Limit access to critical systems to only those who are essential to its operation. Give others reduced access (or none at all). The more trusted users you have, each of which might have admin privileges, the larger the chance that one of them will be tricked into revealing information that helps a hacker breach your system.
Alan Wlasuk is managing partner of 403 Web Security, a full-service secure Web application development company. From Web security evaluation to secure Web development and remediation, 403’s seasoned developers are at the forefront of development efforts. To learn more about 403 Web Security or for a complementary vulnerability scan of your website, please visit 403 Web Security.