Hacking, 5 Tips From “The Front Line”

Royal guards securing a building
Category: 

Yes, of course we all know about hacking. Many, many of my customers think that a simple "antivirus and good password" approach will keep them safe. Sadly, as I deal with cleaning up the results of successful hacking, I know from personal experience that this really isn't enough.

I speak from one who is on “The Front Line” of hacking attacks. More annoyingly, steps to significantly increase hacker resistance really aren’t that hard, costly, or time-consuming. Trust me, a little bit of time, reflection and action will bring results way beyond the effort invested. Some of these tips are for any of us using the internet, whilst others are specific to website owners.

Meanwhile, would you kindly cut, paste in 24-point font, print, and hang on your office wall the following statement:-

“It is more time effective to be preventive than restorative”

I could take over an hour of your time to go through my “top twenty” tips, but meanwhile here are some basic, simple ones to give you a ”quick win”

  1. Schedule regular time to update your website software (between 30 to 60 minutes a month).

    Likewise with your devices. Software developers release security patches to prevent vulnerabilities from being exploited. This really is basic stuff. “Check for updates” is your friend. A recent major enterprise-wide hacking attack was traced back to a machine that had not been “patched” (updated) for a number of years. Often, the size of the files and speed of update is hardly noticeable. It really is so quick and easy.

  2. Use a different password for every online account you use (including your own website account).

    Yes, it’s a pain, but you can use a Password Manager to simplify your life. Think of it this way - would you want one single key that would fit your car, front door, house safe, etc, etc?  Sure, it means you only have to carry one key rather than several. However, what happens if that key gets stolen?  Meanwhile, hackers find ways to crack passwords down using common “hash values”. (hash = an encrypted form of your password which is stored in a database. This is the bit that gets stolen when hacks occur.) I’ve attended security events run by the local Police where they demonstrated how to hack someone’s password in under 5 minutes. Yes, it really is that easy, and different passwords are a simple and effective response. To take it one step further, please check the strength of your passwords. This website https://howsecureismypassword.net/ will tell you how long it would take a hacker to break your password.

  3. Run regular security scans on your site.

    Once again, I’m sharing my direct and recent experience here. Probably 80% of sites have some kind of significant vulnerability. Sadly, they are not hard to find if you take time to find them. Maybe we all need some scary motivation here; a question - would you rather be the first to know of an issue on your site or would you rather be told by one of your customers? There are plenty of tools available to do this. To name just one (or two): wpscan.io focuses on identifying vulnerabilities in WordPress sites. Sucuri Site Check is a security issue reporting tool for all websites. Of course, you could also contact your friendly web maintenance company...

  4. Regularly close unused online accounts.

    This is the equivalent of leaving a copy of your car and house keys, plus credit cards on a seat in a pub which then closes down and gets broken into. The bad guys find your valuables, and use them. Oh dear! It is so easy to create accounts online and forget about them. 3 years later, that website gets compromised and BOOM, a hacker gets a hold of your personal data. The significantly scary issue is that you may never find out. However, if you have the courage to do it, visit the famous ';--have i been pwned? site. Why would you need courage? Because you’ll be wondering who the heck are those companies that were responsible for compromising your data. Therefore, regularly go through the list of accounts you have and make sure to cancel or delete those you don’t need. You can use your password manager to help you find what they are. Again, this is a simple but effective method. We can help.

  5. Use a dedicated email address to sign up to online services.

    Your personal email address, like a personal mobile number should remain, well, “personal”. I always recommend my customers to only share their personal email address with individuals they know. Using a separate mailbox for newsletters, online accounts and less-personal stuff means you are more likely to reduce the amount of SPAM you receive in your personal mailbox as well. Once again, simple and effective. But only effective if you actually do it….

 

Anything else? Well, there’s much to tell, but I’d rather do this in person. Keeping websites secure, attractive, efficient and effective is what I do, day in, day out.

Give me a call and let’s see if I can keep you safe from the bad guys.

 

Credits: Photo by Toa Heftiba on Unsplash

Comments