Why should brands pay attention to hacking news?
With all the hacking news buzzing around the newsroom, it can easily become a concern for companies to think of their businesses as being vulnerable to these attacks. Beyond your developers thorough understanding of best practices in site security, it is beneficial for multiple branches of any business to be taking note to possible vulnerabilities in their brand. Companies should be using these news stories as reminders of how to improve their site security and not become overwhelmed by them.
You’ve probably heard one or two news stories in the past few months about “data breaches”, “hacking scam” or “phishing attacks”. All of these hit users with a ping of anxiety as they realize how connected all there accounts are to each other, “Register through Facebook” sound familiar? So how do you as a business owner, an influencer or personal user guard yourself from the inevitable vulnerability that comes along with public sharing?
Here are three tools any brand, business or personal user can use to be proactive against cyber attacks.
Utilize your CMS “Automatic Updates” option.
Many CMS platforms such as WordPress and Shopify will alert you to new updates to themes, plugins or extensions to your site; third party purchasing sites (i.e. Themeforest, Envato, etc..) may also alert you to small updates or news as well. Keep track of these emails and forward them to the appropriate channels. Even the smallest update may address a security issue with the program.
Using the word “attack” brings a menacing beast to mind that barrels through the front lines of your site security, but the truth is many times attacks are more like small pokes. There are several ways hackers “attack” a site. Imagine plugins, themes and apps as “extensions of your site”, building blocks that are added to the foundation of your site, and are a key indication to hackers as to how active an admin or developer is on a site. Your theme is five updates behind? All hackers will see is a soft spot on your site.
Staying aware updates and keeping them up-to-date is a great way for businesses to be proactive and remain secure.
So kick off your shoes, pour that third cup of joe and watch that slow percentage counter makes its way to the finish line! You’re just that updated!
SSL, Google’s built in security guard.
Google’s algorithm rewards https secure sites, while warning visitors when they are landing on an insecure site.
What is an SSL?
SSL (Secure Sockets Layer), which is often also referred to as Transport Layer Security, is an encryption protocol that is added to secure any data that is sent to or from any browser to your web server.
That green little padlock in the upper right hand corner of your screen is your first line of defense while you’re surfing the world wide web. Having an “https” versus “http” in your url tells both Google and the user that the connection between server and browser is secure. Since 2014, Google has been encouraging developers to implement SSL in an effort to secure/warn users who are submitting sensitive information online; such as personal information or credit card numbers.
Google continues to drive this new standard by devaluing non-secure sites regardless of the nature of the site; whether it be personal or an ecommerce site. Ecommerce sites are highly scrutinized for not having an ssl, since they drive a high volume of users to input sensitive information (i.e. Credit Card Numbers, Addresses, Phone numbers, etc…). So you can rest easy with the knowledge that your cart full of coffee related items will be purchased through a secure channel.
What If you are not sure if your domain is currently associated to an SSL? SSL certificates can be easily searched or you can contact your web hosting service and inquire about purchasing one.
Want to see Google’s url bar notification that the current page is not secure in real time? View warning example here!
Google’s Invisible reCAPTCHA.
Have you ever tried signing into a site, completing an order or submitting a question and were asked to prove you weren’t a robot? Then questioning why you are constantly asked to prove you’re a human? The reason is there are actually robots or “bots” out there trying to find those soft areas of a site.
Some bots are programmed to find forms or any input where the user does not have to go through a second layer of security. Think about websites which allow you to submit a file. You wouldn’t open a random file that is sent to you through an email, right? Yet many websites offer a “virtual dropbox” for their users which leaves an opportunity for hackers to try to upload a virus directly through that slot.
Now Google has developed and launched a new free plugin called Invisible reCAPTCHA which allows users, to in the basic terms, validate themselves through their interactions on the site.
Google defines Invisible reCAPTCHA on its security blog as, “reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.”
So no more distorted words, photo grids and checkboxes?
Not entirely. If the risk analysis engine is not entirely confident you are a valid user it will prompt the user to further validate themselves. Check out the video below to learn more about Google’s new security BFF.
If we were to start listing off the ways a hacker could gain access to your site, we would be here for days. So why not focus on the ways you as a developer or business owner can take preventative action against web site vulnerabilities.
Keeping your site up-to-date is one of the many ways to show hackers that you are active on your site and looking for suspicious activity. Seeing consistency in activity on a site shows anyone that you are aware of any updates or changes to your site. Purchasing an ssl is not only highly encouraged by Google, they are now discouraging users by warning them that your site is potentially a security risk. SSL’s are generally very easy to purchase and install, most of the time directly through your web hosting service, so the dread of an extensive change is not an issue! Lastly, giving your user more hoops to jump through is normally not the best UI/UX experience but in this case Google is constantly developing new tools for developers and businesses to secure their sites without frustrating it’s customers. Who knows reCAPTCHA may go from our frustrating frenemy to our new security soulmate!
Securing your site not only gives you as a brand or business piece of mind, it also gives your users the confidence that you care about their experience as well as their personal information. These tools definitely go noticed by users and Google will be happy another site is secure!