Current Digital Security Trends
Cybercrime continues to be an increasingly complex problem to solve and looks to only be getting even more challenging as technology continues to advance. Each year, small businesses and enterprises are becoming the targets of cyberattacks in record numbers as the need to have a strong digital presence grows more important than ever, especially with the uncertain environment created by COVID-19.
Now, more than ever, the last thing we need to worry about is our website, business, and/or identity being stolen or taken offline.
There are many reasons why we should be thinking more about security than we already do. The obvious reason was previously mentioned – you do not want your stuff to be stolen/hijacked, and for most people that’s already a decent incentive to play it safe. However, if that’s not reason enough, there are other less dramatic and more common tactics that hackers use which should also be considered. This includes:
- Bot scouting to scan for potential targets. This can involve direct contact over phone, scanning your website for weaknesses, email address collection, spamming via website form, etc.
- DDOS attacks that overload your website with fake traffic for the simple effect of damaging your business.
- Even low level malware can allow your site to work but sneakily inject code to some of your website visitors, making it hard to detect. This will get you flagged by Google and other search engines, eventually and ultimately require manual review to get your website back online. This damage to your reputation can take a long, long time to fix.
- Your computer or phone has actually been compromised. Sometimes the source of a hack is the device used, not the website itself. Malware scans are a common solution to identifying if this is the problem.
These are only a few examples, but the general idea is that once your website is compromised, it is very hard to undo the damage done. Even in a best-case scenario, victims often get a feeling of uncertainty in the aftermath of a cyberattack. After all, it’s impossible to know if everything is locked down tight. The scope of damage caused can be impossible to calculate at times, which is why we can all agree it is an expensive catastrophe that is best avoided in the first place. Luckily, there is a lot of information out there, and when utilised properly, it can give you the peace of mind to know you’re doing everything possible to prevent this from happening to you. Plus, if your website is hosted with us, we’re already defending against most of these digital attacks already.
Identifying Common Hacking Targets & Behaviours
In order to prevent and reduce the chance of being hacked, we need to first understand how and where they are getting in. At Social Tap, we primarily build our websites using WordPress, so that will be the main example of our focus here (although much of this can be applied to other CMS’s as well). Covering the main methods of attack doesn’t 100% protect against everything, but it is definitely the most efficient way to block out nearly all attacks before they even have a chance to try anything. For starters, WordPress is a good standard to go by due to its popularity as the #1 CMS out there, so it’s a great case study with a lot of data and a lot of support. Unfortunately, this also makes it a huge target for hackers. While WordPress itself is very secure, it can often be breached due to human error / oversight. The same benefit of being able to own one’s website also comes with some big responsibilities, including the assumption of technical expertise that not all users possess.
WordPress users, not necessarily WordPress itself, are the target of most of these attacks. A likely reason for this is that many WordPress users may not be very technical, therefore bigger gaps in security are more common.
In fact, it isn’t uncommon to see website DIYers install 30-40 plugins without really knowing who or what they are trusting – just that it seems to work and is free. Too good to be true, right? As one can imagine, this leads to a multitude of potential security issues, along with a myriad of compatibility issues between various plugins. Common ways WordPress websites are breached and/or breakdown:
- XSS scripting. 30% of web applications are vulnerable to XSS.
- Email Phising, scam emails.
- Malware on the user’s computer / device that has access to the website.
- Out of the box settings on WP are not configured correctly.
- Hosting company has not utilised enough security to protect the website.
- Website theme, plugins, core are not actively maintained / updated. ~90% of attacks involve this component in some capacity.
How We Handle Security at Social Tap
Our priority is the protection of our clients’ information and digital property, and we are very particular about it. Unlike with other generic providers that just clean things up after the fact, we take a proactive approach. Every new website hosted with Social Tap benefit from the following security measures:
- CDN layer firewall – Prevents bad traffic/behaviour before it even reaches the website.
- Application layer firewall – Prevents bad traffic/behaviour if it manages to get past the first layer.
- 2 Factor Authentication – Protect your login access, even if hackers somehow get your password.
- Application Monitoring – We actively monitor and notify if anything out of the ordinary happens on your site, including downtime, suspicious traffic, errors, etc.
- Bot Prevention Technology – Actively evolving rules that exclude bad bots from scouting the website, spamming forms, or skimming your email.
- Managed Updates – We routinely update your website and ensure compatibility between plugins. This is a more effective approach than many services where they simply auto update all and often break things as a result.
- Daily Backups – Backups are taken each day and held for 3 weeks to ensure we can restore an earlier version if needed for any reason.
- Social Tap Website Builder – Our custom theme also has built in performance, security, and quality of life improvements that make WordPress both safer and more convenient that a standard installation.