October is not only the celebration of Autumn and Halloween, it’s also Cybersecurity Awareness Month. This annual campaign aims to provide cyber awareness for all technology users.
Cybersecurity is the core of what we do, so we want to take time this month to help educate all internet users the importance of staying safe online.
In order to help raise awareness, we have compiled a list of Top Tips & FAQ’s for staying safe online.
Ensuring you have a strong password to protect your personal and financial information is critical. This is especially true in the era of world spread corporate hacks where a single database breach can reveal thousands of usernames, emails and passwords. We recommend changing your password every 6 weeks. If you have passwords for lots of programs, we recommend using a password manager to help store these safely for you. Never write them down!
Tip 2. Update your software
To ensure your device stays in tip-top condition update your software regularly. This runs true for all computers, laptops, mobile phones and smart devices. We see huge numbers of websites hacked daily, simply because of out of date software. We advise that you should update your systems as soon as any new software is released.
By changing your Admin Path from yourwebsite.com/index.php/admin or yourwebsite.com/admin to yourwebsite.com/store/’something-else’, the attackers will need to work much harder to locate your admin page for attack.
Tip 4. File change monitoring
How can I tell if I've been compromised? Usually, the first sign we notice is that files start to be introduced, changed or deleted on your machine. It can be tricky to identify when a hacker has done this without technology to monitor changes. Keep a close eye on what is going on within the system, as detecting malicious activity early could save your files.
Tip 5: Manage key users
Most companies will have multiple members of staff logging into websites daily. It is key that you are aware of all users you have on your system, as well as having a set of unique credentials for each user. Assign the appropriate permissions to them for their role within your business. For example: if you grant escalated privileges to a user temporarily, ensure that you reduce their privileges once they’ve completed their work.
Tip 6. Logging
Monitoring, reviewing and storing a log of all activity on your website is key to detecting attacks and enabling you to defend yourself. If you handle payment card data (and most Magento sites would fall into this category), you need to be analysing this data (at least) daily to identify threats. You also need to store at least 12 months of security log data to meet the Payment Card Industry Data Security Standard requirements.
Research from the Foregenix Digital Forensic and Incident Response team over the previous 10 years found 95% of all hacked e-Commerce businesses have fallen victim to one of three major threats:
- SQL Injection
- Application Vulnerability Exploits
- Injected code (malware)
A properly configured managed WAF protects you against these attacks. A WAF will provide a website with “virtual patching” when a zero-day vulnerability is released. This protection will buy a web admin time to test the patch and then update the system in their own time, knowing that the site is being protected and monitored.
Tip 8. Backups
Sadly unfortunate things happen to us all, computers crash, data gets lost and corrupted. We advise backing up your files daily so that in an unfortunate situation you are breached, you have all the files you need to get you up and running as soon as possible again.
Tip 9. Test, Test and Test again
Your business is growing and changing – attacks are morphing and changing too. The internet is a dynamic, evolving entity and the threats are constantly changing. Regular security testing will help you to keep abreast of those threats, stay current and informed.
Tip 10. Beware of browsing
Online shopping comes second nature to use these days, having credit cards on phones and paying contactless is just part of the world we live in. We have to keep in mind that if a hacker were to access our phone, laptop or computer that they would most likely be able to access all this card information, and therefore use them fraudulently. Be sure to never buy anything online on a guest WiFi network, and also make sure you are on a secure browsing page.
Malware is essentially Malicious Software. Malware is a term to describe viruses, trojans and worms. The software is secretly designed to install itself on users systems. Nearly one-third of the world’s computers have been affected by malware, this is a figure which continues to grow rapidly as we rely more on computers, phones and technology.
What’s a WAF?
How can I tell if im being hacked?
eCommerce has changed the way we shop and has brought huge benefits to consumers and businesses, but it comes with increased risks. Criminals are increasingly exploiting the weaknesses in businesses’ IT systems, applications and processes.
Why am I at high risk of being breached?