Different Website Threats Require Different Security Outlooks
If you have a website, whether it’s a personal site or a for-profit site, you have to be on the lookout for security holes. There are many different types of attacks that can be launched at a website, but they generally have only a few different motives behind them.
– Identity Theft
These threats are usually accompanied by their own types of hack. For example, DDoS—Distributed Denial of Service—attacks were up in 2010, according to a report released by TrustWave Holdings. This type of attack floods a website with requests, which ends up shutting down the service altogether. This type of attack is usually malicious and simply cripples a site. For a business that relies on their site to make a profit or for someone who uses their site to get news out, however, this can obviously create a huge problem. These attacks are launched for many different reasons, sometimes for political reasons and sometimes as a show of force from a hacker who has been disparaged by a site’s owner.
Profit-driven attacks sometimes involve identity theft and sometimes do not. Usually, these attacks will be designed to get the security credentials of a site’s users and to use those credentials to make bank transfers or to take other actions that sometimes result in money for the hacker. The hacker may also take credit card numbers and other information and sell them, if they don’t use them themselves. Small site owners usually don’t find themselves being the victims of these attacks, though their sites may be exploited for information. A good example of this would be a mortgage or loan site that doesn’t properly secure customer information in transit when customers apply online. If a hacker sees this, you can be almost certain that they’ll be trying to find a way to intercept that information as it’s transmitted.
The number one thing you can do to protect your site visitors from this type of attack is to avoid collecting unnecessary information about them on your site. For example, if you have a site with a membership section, there’s really no reason that you need people to provide their addresses, phone numbers or anything else. Many sites with small membership sections make this mistake, and it can result in very real problems. If you collect information such as this, it’s your responsibility to make sure that it’s protected.
When you logon to your site as an administrator, never do it from a public place. This is an easy way to get hacked. Also make certain that you don’t share your administrator credentials with anyone. The person may be trustworthy, but you have no way of knowing whether the people with whom they may share that information are trustworthy.
You’ll also want to be very certain that you use a secure server for any financial transactions. Your web host can set these up for you and they’re not terribly expensive anymore. The costs of recovering from a hack are far higher than the costs of having adequate security to ward off the malicious individuals who do it!