eBusiness Blog

Often small businesses do not pay enough attention to website security issues.  Some feel they don't have particularly sensitive information on their website.  Others ask whether their website will be targeted at all. 

The answer to the second question is yes.  Being a small player is no protection.  A wolf doesn't go after the biggest meal; it goes after the easiest one.  Hackers are no different.  They scan the herd for the weakest member. 

How do they do this?  They use automated methods to attack large numbers of computers until they find an obvious weakness.  For example, a brute force attack may use a large number of username and password pairs until it finds one that works. 

 PC Magazine lists the ten most common passwords as follows:  
1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. link182
10. (your first name)

Certainly any of these passwords would be attempted in a brute force attack.  However, as  Cristopher Null points out, hackers use much larger password lists and more sophisticated methods to hack into your system. Selecting secure passwords is essential.

Those with no obviously valuable data on their website may wonder why anyone would bother hacking them.  The fact is your server is a valuable resource in itself.  It can be used to send out spam or launch renewed attacks on targets that do have more valuable information. 

Whatever the hacker's intent, should he or she gain access to your system the cost of cleaning up the mess will make you wish you had taken greater precautions.

3 Simple Steps to Increase Security

Establish a password complexity standard
Make sure you meet the minimum criteria for secure passwords.  One way to enforce such a policy is to rely on software that rates password strength.  Such software can require a minimum strength level for approved passwords.  Most server operating systems have this functionality.  It is also advisable to add this capability to your website to ensure that newly created logins are secure.

Limit the permission granted to only those necessary
For each user, only grant the minimum level of access needed to complete their tasks.  If a customer service representative only needs to view account information, do not grant them the ability to change account information. 

Minimizing permissions greatly restricts the damage that can be inflicted if the user's account is hacked.

Use a content management system
A good way to protect your website is to use a content management system.  Using a CMS ensures you have implemented common security best practices.  Most CMS engines protect against common website attacks such as SQL Injection.  They generally also encrypt all passwords stored in your database. 

For businesses that cannot hire a security expert to review their website, a CMS gives some assurance that they are protected against some common attacks.  Furthermore, a community of users and developers are constantly discovering and fixing vulnerabilities.  By keeping up-to-date of the security issues related to your CMS, you can continually improve your website's security effectively and efficiently.

Conclusion
It is critical to make security a central part of your online strategy.  You should not ask yourself whether someone will try to hack your system.  You should ask yourself whether they will be successful.