Cyber-crime is one major threat to internet users that cannot be under-estimated. It costs far more damage than we often estimate. From simple errors of negligence to serious compromises that lead to major data breaches, internet crime. It costs the global economy more than $400 billion annually and it’s increasingly hurting business operations.
How to secure your website from attacks using the .htaccess file
Imagine that your website is exploited by a hacker and all relevant data lost. How do you address the issues of your clientele base, statistics of payments and renewal dates, statistics of short-term subscriptions and the reputation of your website?
Despite its seeming unpopularity, cyber crime is a huge problem and the task of dealing with it is equally profound. In 2019, targeted attacks against small businesses was reported to have nearly doubled and of the one in five that experienced a cyber attack annually, 60% will close their doors within six months as a result. So, the cost is enormous and that explains why you must take your website security seriously.
In this article, i will explain 6 ways to keep your website protected from cyber attacks.
Read also: How to Prevent Spam on Your Joomla Website
1. Be password-savvy: This is an issue that has been re-emphasized over and over again. If your password is still Password@123; it’s time to get serious. Create unique codes for each of your accounts, and make sure they are at least 8 characters long (with a few special ones thrown in). We suggest you use the cpanel password generator if you have access to your website control panel.
You also need to be weary of the email attached to your web hosting account. The password for such email must be equally strong because if anyone can gain access to your email, then the person should be able to reset your password and also gain access to your account.
As a rule, do keep to the following:
- Avoid using dictionary words. These passwords are easy for hackers to figure out using an electronic dictionary.
- Don’t use personal information. Any part of your name, birthday, Social Security number, or similar information for your loved ones is a bad password choice.
- Avoid common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.
- If the web site supports it, try to use special characters, such as $, #, Most passwords are case sensitive, so use a mixture of upper case and lower case letters, as well as numbers.
- Passwords become harder to crack with each character that you add, so longer passwords are better than shorter ones. A brute-force attack can easily defeat a password with seven or fewer characters. Kaspersky has an online password strength checker.
- To help you easily remember your password, consider using the first letter from each word in a sentence, a phrase, a poem, or a song title as a password. Be sure to add in numbers and/or special characters.
- Create different passwords for different accounts and applications. That way, if one password is breached, your other accounts won’t be put at risk too. Do not use the same or variations of the same password for different applications.
- Despite admonitions to the contrary, one easy way to remember your passwords is to write them down and keep them in a securely locked place. Never leave them on a Post-It note on your monitor, in an address book, in a desk drawer, or under your keyboard or mouse pad (or any other obvious place).
- Consider using a secure password manager. The Firefox browser has a password manager already built in. The Firefox password manager and 4 others are reviewed
- If you have already established a password that is not strong, change it! Web sites have a variety of procedures that govern how you can change your password. Look for a link (such as my account) somewhere on the site’s homepage that goes to an area of the site that allows password and account management.
2. The security of your email is as important as that of your website. This is because every website is always linked to an email address. This is one key area that has been neglected but it&#39;s as important as the other items. However, it should also be mentioned that most website hacks have not been linked to weak email passwords. I will still recommend you take your email security important to be protected all round from those who will go all out;
10 tips Guide to protect you from email intruders
- Obtain comprehensive security software. Be sure that the security software you select is like McAfee Internet Security and protects you and your PC from viruses, worms, Trojans, unwanted e-mail (spam), phishing scams, and other malicious software. It should also have a firewall like McAfee’s products, which can monitor your Internet connection and stop unwanted traffic to and from your PC. Be sure to keep your security software up-to-date. Ideally, you want it to be like McAfee’s Internet Security Suite that has automatic updates and upgrades.
- Share your e-mail address with only trusted sources. Only your family, friends, and trusted business contacts should have your personal e-mail address. Do not post your e-mail address on Web sites, forums, or in chat rooms. If you post your e-mail address, you are vulnerable to receiving spam or having your e-mail passed on to others. If you would like to subscribe to a newsletter or Web site and receive confirmation e-mail for online transactions, consider using a generic e-mail address that is not linked to any of your personal information.
- Be careful when opening attachments and downloading files from friends and family or accepting unknown e-mails. You can obtain a virus, worm, or Trojan simply by opening e-mail and attachments, and by accepting files from your friends, family, or others. If you choose to download files, make sure your security software is enabled and pay close attention to any warnings provided.
- Be smart when using Instant Messaging (IM) programs. If you use an IM program to communicate with friends and family, be careful when sending any personal information. Protect yourself by using a nickname for your IM screen name. Never accept strangers into your IM groups. Be smart about how you use your personal IM at work because your employer may monitor and view your personal messages.
- Watch out for phishing scams. Phishing scams use fraudulent e-mails and fake Web sites, masquerading as legitimate businesses, to lure unsuspecting users into revealing private account or login information. To be safe, if you receive an e-mail from a business that includes a link to a Web site, make certain that the Web site you visit is legitimate. Instead of clicking through to the Web site from within the e-mail, open a separate Web browser and visit the business Web site directly to perform the necessary actions. You can also verify that an e-mail is in fact from a legitimate business by calling the business or agency directly.
- Use e-mail wisely. E-mail is a great way to keep in touch with friends and family, and as a tool to conduct business. Even if you have good security software on your PC, your friends and family might not have the same protection. Be careful about what information you submit via e-mail. Never send your credit-card information, Social Security number, or other private information via e-mail.
- Do not reply to spam e-mail. If you don’t recognize the sender, don’t respond. Even replying to spam mail to unsubscribe could set you up for more
- Create a complex e-mail address. With a complex e-mail address, it makes it more difficult for hackers to auto-generate your e-mail, send spam e-mail, or target your e-mail for other types of attacks. Make sure you come up with an e-mail address that you can easily remember. Try to use letters, numbers, and other characters in a unique combination. Substitute numbers for letters when you can. A sample complex e-mail is: Tracy3Socc3r2@samplee-mail.com.
- Create smart and strong passwords. Make it difficult for hackers to crack your password. You can create a smart password by incorporating capital letters, numbers, special characters and using more than six characters. An example of a strong password is: KK+Go1dM!n3.
- Never enter your personal information into a pop-up screen. Sometimes a phisher will direct you to a real organization’s Web site, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Install pop-up blocking software to help prevent this type of phishing attack.
3. Encrypt emails and valuable information. If a hacker does breach your system, encryption makes it that much harder to get away with critical data. Voltage, DataMotion, and Proofpoint are industry leaders worth checking out. Encryption is often applied in two different forms, a symmetric key or an asymmetric key. A symmetric key, or secret key, uses one key to both encode and decode the information. This is best used for one to one sharing and smaller data sets. Asymmetric, or public key cryptography, uses two linked keys – one private and one public. The encryption key is public and can be used by anyone to encrypt. The opposite key is kept private and used to decrypt.
Data encryption best practices
A complete guide to data encryption is beyond the scope of this 101-level article, but in general, the following principles are good to follow if you want to encrypt data securely and efficiently:
- Keep your encryption key secure! This should be exceedingly obvious, but it can be easy to make mistakes that allow unauthorized parties to access your data. For example, if you leave your encryption key in an unencrypted file on your PC, there is a good chance that someone could find it and wreak havoc. A few solutions could be to: separate the keys from the data, separate the duties and access limits of users, and rotate your keys on a schedule.
- Encrypt all types of sensitive data, no matter where they are stored or how unlikely you think someone is to find them. This should also be blatantly obvious, but if you follow IT security headlines, you know that lots of big-name companies have been breached simply because they left important data unencrypted and someone gained access to it. By encrypting your data, you make it much harder for someone who is able to breach your systems to do something bad.
- Assess data encryption performance. Effective data encryption entails not just making your data unreadable to unauthorized parties, but doing so in a way that uses resources efficiently. If it is taking too long or consuming too much CPU time and memory to encrypt your data, consider switching to a different algorithm or experimenting with settings in your data encryption tools.
4. Back up your data: Copying your key company data onto a cloud-based system, such as Dropbox or OneDrive, or a USB hard drive takes minutes, and will save you time and anxiety if your system is ever compromised.You can backup your entire website online. cPanel hosting environment and other hosting applications have one-click backup tools which are very handy. You can use the back up tool to maintain a healthy backup just to protect you from very serious disaster
5. Maintain updates: This is an aspect that had been neglected by many. It is important that you check for updates daily on your most critical websites to be able to take action as quickly as possible once there be need for an update. Always ensure that your keep your website up-to-date especially if you run a content management system. Keeping your system updated with the most recent software updates will help you overcome exploitation associated with discovered vulnerabilities.
6. Finally, you will need to check up specific security suggestions associated with your website design tools so that you can implement relevant security advises. The popular website design tools are WordPress, Drupal, Joomla, Magento, OsCommerce, (not in order of popularity). Check specific security guides for these applications to stay safe.