For IT professionals, security is an integral part of the job. We must keep up-to-date with the latest techniques being used to target sites, and try to stay a step ahead of the hackers. Most developers foster a healthy paranoia about the range of ways that systems could be exploited, and keep it constantly in mind when designing an application, writing the code, and then deploying and updating.
However, there are also steps that users can and should take to prevent their data being compromised. These three important practices will go a long way to ensuring that your data is secure.
1 – Use strong passwords
Brute force attacks are common, such as this recent attack on WordPress sites. This is where a malicious computer program makes multiple attempts to guess a user’s password. If your password is in the dictionary, related to the name of your website, or too short, there’s a good chance that a brute force attack will crack it. Actually, any password can be guessed given enough time, which is why you should also change your password every few months. Creating a strong random password of 10 or more characters and using a mixture of upper and lower case, numbers, and special characters will protect from most attacks.
You should also be aware of other ways in which your password can be vulnerable. For example, using the same password across multiple sites, leaving a written copy lying around, or connecting over unencrypted Wi-Fi (e.g. in an internet cafe).
2 – Keep your browser up-to-date
Part of the job of IT professionals is to ensure that third-party software and plug-ins are kept up-to-date. This is because, as new exploits are discovered, the software vendors will update their products to protect against them. Therefore using older versions leaves users at risk of being hacked through known vulnerabilities.
As a user, you should also ensure that you keep your browser at the latest version. Older browser versions are often insecure, and some have been abandoned by vendors. Keeping your browser current not only means added protection from hackers, but also that you have all the latest bug fixes and features, and that web pages will display as intended by the web designers.
It’s also good practice to keep your operating system updated with the latest fixes.
3 – Be aware of social engineering techniques
Social Engineering techniques involve attempting to trick people in order to gain access to buildings, systems, or data. The most well-known example is phishing which is an attempt to gain information such as usernames, passwords, or credit card details, normally through emails or impersonating a website. However, scammers use a wide range of con tricks, and it’s important to stay informed and alert.
Consequences
Having something hacked can be a stressful experience. As well as potential economic costs, there are reputational costs. Whether it is sensitive data being leaked, your site being downgraded by search engines, or your Facebook account being used to send embarrassing messages, the consequences of lapses in security can suddenly become very real when the worst happens. In the case of a hacked website, it can be virtually impossible to fix, since hackers can install sophisticated software to retain control of the server behind the scenes.
There’s no such thing as 100% security, but by bearing in mind some of the most likely exploits, you can at least mitigate the risk.
In the web team we recently took over the technical maintenance and development of the Edinburgh College of Art (ECA) website. Part of this development work involved integrating the University’s standard authentication service (EASE) with the Content Management System (CMS) used by the ECA website, Drupal 7.