Web security should be a major concern for anyone that manages their own website, but especially so if you run a business! Running a business through your site often means having credit card numbers, personal data and important internal information stored within the digital realm. In this blog we will look into some vulnerabilities that are common with websites in their early stages, and what you should be on the lookout for when making your own website.
What is a Vulnerability?
A vulnerability allows for an unauthenticated user to breach a targeted website, change certain values and essential takeover said website. With full access to a website hackers/attackers/bad actors can make malicious changes to the website, steal valuable information and more. These vulnerabilities can be present in a number of ways and an astute developer should be able to handle anything that comes their way. There are scenarios, however, that can make managing web security a true pain.
For a look at web security gone wrong, let’s take a moment to look at the Total Donations plugin and the fiasco that came from it. In this scenario a bunch of non-profits, churches and political organizations looking for donations would often utilize Total Donations on their websites. Everything appeared to be running smoothly until a security vulnerability was discovered in the versions of the plugin up to 2.0.5. Surely, this would be fixable, right? Not necessarily the case when it was unveiled that the developers of Total Donations abandoned the plugin!
Abandoned plugins leave websites exposed to savvy hackers with no end in sight, and the best course of action in this situation will be to remove that plugin entirely. It may seem like a hassle, but the security of your site is worth the effort. Plus with all the money flowing through something like Total Donation it is a good idea to make sure that it is secure!
Secure those passwords
Passwords are more often than not a pain to manage if done correctly. First, you have to make sure your password is secure, next you have to make sure you’re not overdoing it and finally you have to remember which passwords go where. That’s a lot of information to keep track of but constantly updating passwords may be more essential than anything else. Take a recent scam that’s been going around: An email (likely in your spam folder) was being sent around in the later part of 2018 that claimed to have salacious videos of whoever the recipient was and demanded anywhere from $800 to $1600 dollars to withhold it from being launched on public sites. In the email subject line: an old password.
This password was likely attained through an old, publicly available data leak from companies such as Yahoo and LinkedIn that had significant web security breaches in the past few years. Now the email itself was automated, and very likely none of the actual users were affected by the claims made in the body of it but that information can still be used against if you if said password was still in effect.
Stay Safe Out There
The internet is still very much in its Wild West phase. While it’s easy to just rely on the big companies to keep you safe, breaches like the Equifax fiasco should give you an indicator that that’s not always the best course of action. Stay up to date on the latest web security news, regularly check your accounts and keep an eye on what type of information is being leaked from these major companies and you will absolutely limit how much at risk your information is out in the World Wide Web. For more articles like this and inspirational imagery to boot, follow us on Facebook and Instagram! Need a website for you or your business that is updated regularly? Contact us today and get started!