Hackers never give up. Here’s how to keep your website safe.
I just spent the better part of this beautiful Saturday
morning bullet-proofing a web application. No, it hadn’t been hacked. But it
was a target. In fact, like clockwork our logs indicated an automated hack
attempt every hour down to the second. The hack attempt was trying to reach
non-existent pages in order to find a back door to our database. Fortunately we
stopped them. This time.
I wish I could say moments like these are rare, but truth is
we must always be vigilant when it comes to keeping our sites and data secure. It’s
easy to become complacent when times are good, or when schedules are tight. But
it’s equally important to monitor your site and error logs to stop these hack
attempts before they get in. While they’re testing the waters, we need to sink
their ship before they sink ours.
First off, are you absolutely certain your development team
has taken ALL the precautions necessary to reduce the risk of a hacked site? If
you’re working with an IT firm, are you confident they are doing their best to
protect your site? While no one can guarantee any site is 100% protected, you
can reduce the chance of a break in by following these steps:
Keep your site’s code up-to-date
Outdated code can be full of holes and become prime targets
for hackers, especially automated attacks using known vulnerabilities. If your
site has login functionality that hasn’t been reviewed or updated in the last
couple of years then you are vulnerable. Even if your site was developed
recently, it could still be vulnerable if the developer used outdated
Keep an error log
Your site at the very least should capture and store errors
in a database log or flat file. You should capture the type of error, when it
occurred, what screen(s) or procedure(s) threw the error, and if possible the
name and/or IP of the user. If you don’t have an error log get one—it’s a
fairly simple process to capture web site errors and store them for a trusted
developer. An alternative is to email these captured errors, but that can be
server intensive and flood a user account with redundant emails, not to mention
the user account must be actively monitored.
Review your error log
An error log doesn’t do you any good unless you review it
regularly. Count on at least weekly if not daily monitoring to at least get a
sense of troublesome spots in your site. This will also help you detect if hack
attempts are being made so that you can circumvent them before they do real
Test your site for
If you’re doing eCommerce you may already be familiar with
PCI Compliance scans. These are a great tool to scan your site on a regular
basis to identify any vulnerabilities. They’re also an excellent way to make
certain your site doesn’t get out of date as these use the latest known methods
for security testing.
Do you need a technology ally?
I’m available to personally coach you through the process of understanding how to remove bottlenecks in your business and help you use innovative technology and common-sense marketing to improve your business and increase your revenue.
If you’re ready to take the next step for your business, complete your free Project Assistance Questionnaire and learn more about how I can partner with you to increase profits, save time, achieve your goals and raise your business to new heights.