fbpx
Digital Marketing Services… Done For You ℠

How to Protect your Company’s Website from Exploits like Heartbleed

 Renew Marketing    Internet Marketing

How to Protect your Company’s Website from Exploits like Heartbleed

Heartbleed was one of the most serious web security flaws ever discovered. It affected approximately two thirds of the world’s computers and sent companies scrambling to patch the problem.

Today, virtually every major website has patched the OpenSSL exploit known as Heartbleed. Of course, the battle for web security and privacy isn’t over. It will never be over.

How do you protect your company’s website? How can you avoid problems like Heartbleed in the future? Here are some security tips that will ensure your website stays protected:

Update WordPress and website plugins

Millions of website owners use WordPress. If you’re one of these millions, then you need to keep WordPress up-to-date.

Keeping WordPress up-to-date is easy. WordPress will release periodic updates to its platform. You receive a notification on your WordPress dashboard and click to update.

However, that’s not all you have to do. Your website also uses WordPress plugins. Plugin developers are already releasing new updates and many of these updates patch serious security errors. Click on your ‘Plugins’ tab on the left hand side of WordPress to download and install all required updates.

One of the major advantages of WordPress is that it’s easy to update. If you can click your left mouse button, then you can update WordPress. Check your WordPress dashboard weekly and install any updates as soon as possible.

When working with Renew Marketing, we handle all security updates for you.

Update other software and CMS platforms

If you don’t use WordPress, then updating your software is even more important. No matter which Content Management System (CMS) you use to manage your website, forum, or community, you need to make sure that you are updating the software regularly.

Most CMS developers automatically notify you when updates are available. Others force you to sign up for a mailing list. Staying on top of the latest security updates is the easiest way to protect your website, your company, and your customers.

Programming tips

If you’re not directly involved in the programming side of your company’s website, then you should pass this information onto someone who is involved

-Protect yourself from XSS: XSS is cross site scripting and it’s a hacking attack where someone tries to send malicious scripting codes into your site using web forms – like a contact form. The best way to prevent XSS is to check the data being submitted and encode or strip out any HTML.

-Remove descriptive error messages: Sometimes, when you log into a website with a bad password, the website will tell you that your password was close to being correct or that it was recently changed. This isn’t always a good idea: if hackers try to access your admin account, then it could give them a higher chance of accessing sensitive information. Limit the information shared on the username/password entry page as well as any error pages or 404 pages.

-Avoid SQL injection: SQL injection involves manipulating a web form field or URL parameter to access a protected database. To prevent SQL injection, always use parameterized queries. All popular web programming languages allow for parameterized queries. Although it’s an extra step, it’s a step that could protect your company’s website from serious attacks.

Setup HTTPS if handling sensitive customer information

HTTPS stands for Hyper Text Transfer Protocol Secure. Today, most popular websites which handle user account information, passwords, and credit card data use HTTPS. In fact, if you’re dealing with a website that doesn’t use HTTPS but wants you to input personal information, you should probably avoid that site.

With HTTPS, all information passed between you and the server is encrypted. It’s an effective way to safeguard your company and prevent customer data leaks.

To setup HTTPS you need two things:

-A static, dedicated IP address

-A Secure Sockets Layer (SSL) certificate

The SSL certificate is purchased like a subscription and costs approximately $80 per year. Your web host sells SSL certificates. After purchasing SSL certification, it may take a day or two to setup. Once certification is complete, your website can be accessed at https://www.YourWebsite.com

Read the news

One of the best tips for avoiding security problems like Heartbleed is to read the news. Half the battle is just showing up. You can stay tuned to tech blogs like Wired.com or Gizmodo.com, but if the security news is really serious, then all of your standard news sources – like CNN, Yahoo, or your local newspaper – will likely pick it up, which is what happened with Heartbleed.

After hearing the news, you have two responsibilities:

-Determine if the news affects you, your website, your company, or your customers

-Take action to prevent further consequences

If you can do that, then you’ll easily be able to prevent problems like Heartbleed from affecting you.