As website security becomes more important than ever, a website owner is loaded with so many ‘best practices’ to follow. Hundreds of blogs are being written, checklists being created and videos being made on how one can assure security of their website. As a business owner, it becomes difficult to follow everything and in the end a developer ends up doing nothing. We thought we’ll ask some top infosec experts what will be their Top One Advise to website owners and cumulate them at one place as top website security tips.
This way, business owners have top 4-tips which they for sure should follow to assure their website’s security:
-
Keep your website CMS and associated plugins up-to-date with the latest security patches – Graham Cluley, Security Expert & co-host of SmashinSecurity podcast
One of the top causes of hacks are unpatched vulnerabilities in websites. It is very important to update your core CMSs, libraries and plugins you are using as hackers are often on a lookout for unpatched systems to exploit them. There have been incidents in the past where vulnerabilities in plug-ins of WordPress and Magento have lead to thousands of websites getting hacked.
-
Use two factor authentication – Aye Dee, Africa & Middle East Public Policy & Security Expert
While Google has made two factor authentication really popular by launching it for Gmail, still a lot of other websites haven’t used a similar system. If you have a website that handles critical information such as credit card, address, medical data etc. of customers then it is recommended to use two factor authentication. This ensures that even if an end customer’s one account is compromised, there is another layer of security on top to prevent identity theft.
-
Sanitize every thing – Matias Katz, Founder of Andsec Conference
This is THE most important thing. Critical vulnerabilities like XSS and SQLi are direct consequences of limited input sanitization. Right from search bar, contact forms to GET and POST requests all should be sanitized to ensure that only required inputs are accepted by the web app. Post sanitization checks: input validation, integrity checks and business logic checks should follow.
-
Listen to security & IT staff – Bill Brenner, Cyber Security Expert with Sophos
According to Bill, in his experience communication gap within the organizations is the cause of security leaks. Bill says “For folks at the executive level, my tip is to listen to your security and IT staff. A lot of the disasters we’ve seen was because people from the lower decks weren’t being listened to on what kind of security procedures/tech needed to be in place.“
While we can never assure full-proof security but can always work towards. The organizations that work towards achieving security are the ones that do not get hacked. As they say, only the paranoid survive!
If you have a website or an app, our solution Astra can help you keep them secure. This way, you focus on your core business and we can take of security! Learn more here.