There are few things more terrifying than losing your identity or finding out that all of your critical data is gone or compromised.
Hackers may attack anyone at any time; it is up to you and your security practices to prevent loss of data and secure your systems.”
This is one of the many reasons that there’s an entire month dedicated to celebrating and enforcing online security. October was National Cyber Security Awareness Month – an event hosted by the Department of Homeland Security and the National Cyber Security Alliance encouraging everyone to do their part to keep their online lives safe and secure.
As a web host, we’re well aware of the part we play in this constant effort – and we follow stringent security practices both in our offices and our data centers to help protect this sensitive information. Our clients are important to us and attacks on our customers reflect both on us as a company and our default security practices. While we cannot prevent all attacks, it is in our best interest to secure all of our servers as well as possible.
At Liquid Web, we go to great lengths to share best practices with our customers in order to help them become more secure.
We sat down with members of our Security Team at Liquid Web and asked them what are the most common security misconceptions that need to be countered with online security implementations.
It’s Not Personal (It’s Code)
It’s easy to get caught in the mindset that you’ll never be attacked – after all, what have you done to anyone? Similarly, if you are attacked, you may wonder what you did to cause it. Avoid this line of thought; your actions did not cause this to happen.
Remember that cyber attacks are often not personal. Attackers are simply looking for low hanging fruit, vulnerable code and unpatched servers, often through bots and other automated methods.”
If you or you’re server have been the victim of an attack, it was likely for no other reason than your systems were one of the computers that were vulnerable and found programmatically. The hackers didn’t come after you – they came after your outdated plugin, for example. Remember, anyone and any server is at risk and it comes down to your security practices to lessen this risk. The best method of defense against these automated attacks? Don’t be low hanging fruit! Keep strong passwords, updated software and plugins, and stay on the defensive! Even taking just a few basic steps can make or break the difference between being protecting your data and being the victim of an attack. Review your firewall settings, lock down as much traffic as possible and close off any ports that are not specifically required by your websites and applications. If something does not absolutely need to be accessible via the public internet, lock it down to only internal access.
Everyone Has a Role in Cyber Security
As your web host, we make sure your data is secure via encrypted networks, physically locked-down buildings, updated server software, and much more. However, as we can only control so much, many of the steps toward security are paths that only you can take.
Home and work computers, website code, and your email are all common attack vectors that need to be secured by you with updated code, complex passwords, and smart practices.”
Sending critical data to or updating your website via a public WiFi connection or on an unsecured machine can open you up to attack in both the short and long term. Remember, you are the only one that can make sure your home laptop has up-to-date antivirus software installed or that your website’s code is clean and secure from hackers and injections. To help your efforts, create a security policy for you, your business, and even your family, to secure the most common potential attack vectors. Never rely on a single person or organization to protect you. Humans are always the weakest link in security and it is vital that each of your employees or team members have a strong understanding of the risks they open when accessing company resources without proper security implementation. Each employee should know the common attack vectors, be able to identify and report phishing emails and attacks, and should exercise caution in excess when protecting or accessing valuable and sensitive data. If you are hosted with Liquid Web, feel encouraged to ask us questions. We want your server and data protected as much, if not more, than you do!
Security is a Journey That Never Ends
While changing your password and checking for outdated software today are excellent first steps, they are not enough to ensure you will always be secure. Unfortunately cyber security is not a one-and-done issue and it is a never-ending process. You need to regularly review your systems and security policies to make sure you’re still protected and up-to-date with the latest security trends.
Tips like changing your passwords every month, implementing two factor or multi-factor authentication, and monitoring your software for updates are often the most necessary and first method of defense and should be required by your security policy.”
The general public may only focus on cyber security one month out of the year, but the truth is that it should always be a priority and never overlooked.
Security is a journey without end and is a constant, evolving process – one that is vitally important for your organization to stay on top of. Attackers live all across the globe and because of this fact, you are open to attacks 24/7/365. You may get all of your security practices in line today, but without staying on top of new developments and exploits, you could be at risk tomorrow. It is important to have a strong security team and the knowledge and eye to back it up. Hackers can be smart and if they want you specifically target you, there may be no stopping an attack other than extreme diligence and a strong response team.