Web security is as important as home security yet I am constantly amazed by the lack of respect and poor actions by people when it comes to protecting their passwords and keeping their websites safe.
Most people are either too busy, or simply believe “I’m too small, why would anyone want to hack me”.
However, what most people don’t understand is the two biggest threats to your organisation are automated bots and your own employees.
Today’s ‘hackers’ are rarely people working in dark rooms. More often than not a ‘hack’ is perpetrated by a ‘bot’ or piece of software that trolls the internet looking for open doors.
In much the same way Google bots troll your site to work out how high it should rank on the search page, the hacker bots are doing the same thing, but with negative intent in mind. They exploit holes in your software and security.
Second is disgruntles employees, who still have access to your resources long after they have left the building. They can log into system and change passwords, update files or steal client files. I’m sure you know someone who’s had their client list or address book taken by a previous employee.
Security is important. Not only because a breach can be a significant cost, embarrassment and interruption to your business, but also because more and more we are collecting and storing important and confidential information on our users and clients.
The fact we are collecting this information makes us greater targets.
Further our software is more connected then ever and vulnerabilities in our network, can often threaten other businesses we are connected too.
Like locking your doors and windows, and keeping valuables out of site at home or in the car, there are some basic things you can do which significantly increase your security and reduce your vulnerability to attack.
- Update software
This is the single most important thing you can do. It is amazing the number of people we see who have never (or rarely) run software updates on their LMS, Website and even operating systems.
All those pesky upgrade emails you get from Microsoft, Moodle or WordPress actually serve a purpose. Not only to add new features or functions, they also close security holes found inside the software itself.
Hackers take note of the release information and quickly change their ‘bots’ to look for the holes in earlier versions. If your site is not up-to-date when they come knocking, you will get a breach for sure.
- Password Security
Keep password unique.
Don’t use the same password for all of your access and never share them around the office or with other users. Each user should have their own usernames and passwords.
Also think about where/how you are storing them. A file on your internal server or cloud storage (think Dropbox) called “Passwords” is definitely not the best approach
- Password Uniqueness
Think about what you are using as a password too.
Avoid things like ‘Password’ or ‘Qwerty’ and try and have them include letters, numbers and characters. Here’s a list of the 25 most popular passwords from 2015. Is your password on this list?
Whilst using your kids or business name in your password might make it easier to remember, it also makes it easier to guess or crack.
- Password Strength
Whilst simple passwords are easy to remember, they are also easy crack. Try and keep passwords long, and add a mix of numbers, characters, capital letter and even non alpha numeric characters.
A good tip is to use sentences, instead of words.
Try something like “catslikeboxes” or “dogschasecars”.
Look at this password closely, it actually says ‘DogsChaseCars’, but if someone is looking over your shoulder as you enter it on the keyboard, the changes of them remembering it (or guessing it later) are very slim.
This approach can help make passwords easy to remember, but harder to crack.
- Change your password regularly
Good practice it to change your password regularly. Most people never change their passwords. This bad habit makes it easy to access your files – especially if I’m a former employee.
You should aim to change your passwords at least every 3 months, but more regularly if you can.
Check who you give what permissions to. Not everybody needs administrator rights. Keep user and permission levels in line and delete or make inactive users who no longer need access.
This goes for contractors and even people working on your system you trust. Set them up on temporary accounts and delete them as soon as the work is done.
If you do get hacked, the most common approaches are the delete file or install ‘ransom wear‘ which holds your system hostage until you pay some sort of ransom. Sometimes hackers will even put tracking software inside your system so they can watch what you’re doing and find other vulnerabilities. Perhaps they watching you enter your username and passcode for your online banking.
Having a backup allows you to easily recover your original files and minimises downtime or disruption.
If course, when you backup you also need to test your recovery.
If I had a dollar for every time we’ve seen a client try and restore a backup for the first time, only to find the file is corrupted and what they thought was a robust backup regime was in fact flawed.
These quick tips above are like locking your doors and windows and will substantially improve your security and reduce the likelihood of a breach.
Whilst nothing is 100% guaranteed to keep out someone who is determined to get in, being a little more cautious and making it harder from the start is more likely to have the ‘bot’s and hackers move on to easier targets.
There are a number of other things you can do server side to improve your security, but these often require a programmer or someone with server experience. If you have someone who can help with this it’s well worth having the conversation and asking what you are doing for security and what improvements can be made.
It’s a lot easier to do this now, than to deal with a breach once it’s happened.
If you want to talk website security (and how OTrains fully managed hosting services can help) we’d love to chat. For clients hosting both Learning Management Systems and Websites with us, our managed services ensure that all files are up to date and backups are tested and recoverable.
And our unlimited user’s policy means there are no reason not to issue every user with their own username and passwords.
To learn more about OTrain, and our managed services, please visit our website at www.otrain.com.au, or call us on 07 3040 3310.
OTrain puts training online.
With OTrainU our cloud based Learning Management System and our creative Studi.O team; OTrain is on a mission to Save the World from Boring Training.
Plus with a catalogue of Ready to GO! online training content, and our Training Success Club to help make your training work, OTrain is your logical choice as an online training partner. OTrain is Simply put, a better way to train.
Learn more about OTrain by visiting www.otrain.com.au or calling us on 07 3040 3310
About the Author
Shane Ridley is the Founder and Managing Director of OTrain. With a background in Workforce Development, Shane has been involved in everything from staffing and developing workforces in Greenfield sites to working with 100 year old companies. 1 man operations to multinationals.
A serial entrepreneur, Shane has also successfully started and grown 5 businesses, on 3 occasions taking them from concept to $1M+ in revenue.