Imagine leaving your car parked in a crime-ridden neighborhood. Would you leave your windows down and doors unlocked? Unfortunately, the internet is very much a crime-ridden neighborhood and too many of us are not even taking basic security steps to keep our websites protected.
The goal of this article is to give you some general best practices that can help you keep your website secure from many common cyber threats. Think of this as advice on “How to roll up your windows” and “How to lock your doors” – very straightforward but important steps. While a determined hacker may still be able to break into your vehicle, following these steps will substantially decrease your chances of becoming a victim of a cyber-based attack.
Keep all software updated, always
This applies not only to your website, but to every piece of software you have installed on your workstations. Hackers regularly find vulnerabilities and security flaws in software. Software vendors, on the other hand, are regularly providing software fixes to patch up vulnerabilities that are found or exploited. If you don’t update your software when updates become available, you could be leaving a wide-open door for hackers to exploit.
You need to keep all software updated on your workstations because an infected workstation could give access to other systems, including your website. If your website is powered by a content management system, such as WordPress, you will need to keep the content management software updated at all times, including any plugins you may have installed. Because content management systems, like WordPress, are so widely used, any security holes that are found can also be exploited widely.
Keep backups of your website, local and offsite
When your website has been hacked and injected with malware, the most secure way to fix the issue is to restore your website from the most recent backup prior to the hack. Make sure the sever your site is hosted on is being backed up daily, and make sure your webmaster is retaining copies of your site locally (securely, of course) as an extra precaution.
Use a reputable hosting provider
Source: SANS ISC SecNewsFeed @ November 29, 2016 at 06:27AM