The most common kind of security issues with individual websites are due to either of the following reasons:
I. Account Password Disclosure
This happens when one of the machines you used is infected by a Trojan (a type of virus) or the net connection that you used was not protected by encryption. This allows hackers to collect login details to valid internet account. Once they have the login details to manage your account, they can modify any file in your website or upload any malware (i.e. malicious files) at will.
II. Web Application Vulnerability
This happens when one of the web applications you use in your website has a vulnerability. Most web applications have an updating service which lets the users know of a security issue or an upcoming upgrade availability. If this facility is not used by web application users, a vulnerability might be not known, and hackers can use that to upload malware to your site.
What action can you take?
There are a number of actions that you can take very quickly which can have a dramatic effect on improving the security of your website. We have categorised these under 2 headings – securing your hosting space and securing your PC.
A. Securing your Hosting Space
A.1. Check that any applications or scripts that you use are using the latest version
If you run an application like WordPress, Joomla or Drupal for your website blog or an E-Commerce application then you should always check that you are running the most up to date and stable version. The reason that these types of applications are updated from time to time is to improve security as well as to increase functionality so it is vital that you stay up to date.
This also applies to PHP scripts such as contact forms. These types of applications and scripts are susceptible to attack from hackers by which they will usually automate the identification or exploitation of them. It is not that they have necessarily targeted you as a person or as a business, but the tools that they use have identified that you are running an out of date (therefore vulnerable) application.
If you are unsure, just google the application and their latest versions, eg: “Wordpress/Joomla latest version”. You will quickly discover which version is the latest that you should be using.
A.2. Also check any plugins that you use are also running the latest versions
Don't assume that just because you have updated the main application that everything is safe and secure. These days many applications like WordPress, Joomla or Drupal have extra plugins which provide extra functionality but which are separate from the main application. You must also check that you are running the latest version of these plugins and that they are also compatible with the latest version of the your application.
A.3. Review your websites files & remove any suspicious files
Performing a quick check of your website's files should help you to
quickly identify anything suspicious. Look for things with suspicious
sounding names like “barclays”, “paypal” or “hsbc”. These are big brands but also the most common targets of phishing scams by hackers.
A.4. Perform regular audits of your hosting to remove out of date programmes, databases, applications or files
Remember that database you set up years ago to do some testing? You may have forgotten it but the hackers haven't. As we have seen above it could just be a tempting entry point for their malware so by removing any old applications or databases that are no longer needed you will be closing an open door.
B. Securing your PC
B.1. Make sure that your PC is secure
This may sound obvious but so many times people overlook the need to protect their own PC. Malware can access your website in a number of different ways so it is vital to stay up to date. The thing is that many people will assume is that just because they have an anti virus tool that they are protected, but there are extra steps that you should take such as:
- Ensuring your Operating System is up to date
- Keep your browser (Explorer/Firefox), plug ins, anti virus definitions & other applications/programmes up to date. Use the automatic update feature where possible.
- Get a good quality Security Software for your PC
- Run through the list of applications installed on your PC & remove any that you no longer use or which are no longer supported by the vendor
- Observe caution when surfing the net or when opening emails attachments
Obviously this list is not exhaustive but it is a good starting point. Security is not a static subject. It is always moving and it should everyone's responsibility to try to stay ahead of the game.
B.2. Check that your network is secure
Nowadays the use of portable devices and the increasing use of smartphones / tablets to access the internet means that wireless use is growing dramatically. This represents a massive temptation to hackers. If you do connect to a wireless network either at home or when you travel (hotspots) please take care to ensure that a.) your device is fully protected and b.) that the network you are accessing is fully secure and encrypted using the correct protocols (WEP or WPA). If you are unsure it may be better to delay accessing the internet until you can be sure that you are on a secure connection.