International Fraud Awareness Week – How to Keep Your Website Secure

International Fraud Awareness Week, celebrated annually from 17th – 23rd November, is an opportunity for businesses to promote anti-fraud awareness and educate businesses and consumers alike about how to combat the ever-growing threat that looms over the digital age.

Companies lose an estimated 5% of their revenue annually due to fraud, according to the 2018 ACFE Report to the Nations.

fraudweek.com

Fraud comes in many forms including, but not limited to:

  • Corporate fraud
  • Consumer fraud
  • Tax fraud
  • Identity Theft

Why Do People Commit Fraud?

This short video provides an important insight into why it is that people commit fraud.

What is Website Security?

Website security is any action that you take, or application that you use, to make sure that website data isn’t exposed to cybercriminals and prevent exploitation of websites.

More than 50,000 websites get hacked each day.

Common Website Security Threats

There are many types of online security threats to your website. Below are just a selection of the most common types of threats.

Spam

Although we are getting more intelligent at deciphering spam emails from legit communications from brands, spam can be much more malicious than just an email. For example, Bots can add many links into the comments section of your website to create backlinks. Some of those links can include malware (Malicious Software) that when clicked on may harm your visitors.

Viruses And Malware

Malware and viruses are software that can harm your computer, and come in all shapes and sizes.

230,000 malware samples are created each day.

Malware tends to attack your computer to gain access to personal data or to use server resources. It is also used to make money with adverts or affiliate links by gaining access to your websites permissions.

DDoS attacks

DDoS (Distributed Denial-of-Service) attacks prevent your website users from visiting your website by overloading the server that your website is hosted on with pretend IP addresses. This then causes the server to grind to a halt – making your website inaccessible.

If the server isn’t tended to by the host, then the server is left wide open to malware.

Search Engine Blacklists

This is not so much a security threat as it is a search engine performance threat. If your website has been spammed with dodgy links in comments sections and they contain links to malware, search engines can penalise your website for hosting those links – even if it’s not your fault. This means that all of your hard-earned time and effort working towards a strong SEO strategy is compromised. Scary, right?

If your website is flagged as unsafe, then your site can be blacklisted and you will disappear from search results. To undo such horror can be a timely process.

Security Quick Wins – Things You Can Do To Protect Your Website

There are a number of steps you can take to make sure that your website is safe from potential attacks.

Use HTTPS Protocol

Switching from HTTP to HTTPS provides your users with the knowledge that they can browse your website safely and securely.

A website needs to install an SSL certificate to make it secure. What’s more, Google rewards websites who have made the change to the HTTPS protocol by favouring those sites in search engine results pages (SERPs) – it’s a win-win!

Example of a website that is not secure without a padlock icon | Kanuka Digital
Example of a website that is not secure without a padlock icon.
Example of a secure website with a padlock icon | Kanuka Digital
Example of a secure website with a padlock icon.

Keep Software Up-To-Date

Make sure that you update software as soon as you can. Usually, the software updates that are released by the developers contain fixes for security vulnerabilities that may otherwise leave your computer open to security threats.

Choose A Secure Web Hosting Plan

A good hosting provider will make sure that their servers are protected as best they can against possible security threats. However, sometimes cheap hosting can appear like a great option, but you must be careful and question why it is so cheap. Usually, this is because the levels of security are much lower than their more expensive counterparts.

Change Passwords Regularly

We hear it all the time, change your password regularly, but in reality how often do many of us actually do this exercise? Many people have the same password for everything. And some even have passwords that are just not strong enough.

If a hacker managed to get hold of your login details they can gather important information such as bank account details.

Make sure your password is strong by using a mixture of:

  • Letters
  • Numbers
  • Special Characters
  • Upper case letters
  • Lower case letters

There are a number of free online tools out there that can help you generate secure passwords such as this random password generator from Avast

Example of Avast's free random password generator | Kanuka Digital
Example of Avast’s free random password generator.

Secure Your Personal Computer

Make sure your website has up-to-date antivirus software installed on your devices. This will help stop hackers from using your personal devices as gateways to accessing your FTP and injecting malicious files into your website.

Make sure you scan your website regularly using your antivirus software.

Backup Your Website

Make sure that you make regular backups of your website. This will ensure that you always have a fallback option if the worst happens and you lose your website.

Restrict File Uploads

Allowing website users to upload any file to your website comes with an element of risk. You may encourage users to upload their own photos of your products in use in a review section.

One way to deal with this is to have these images stored in a separate location to the website files, and then fetch those files when they are needed to be displayed.

When accepting file uploads, ensure you limit the accepted file format to expected values. When handling user-supplied files avoid storing them within a publicly accessible directory. If appropriate, prevent an uploaded file from being executed on the server.

The ideal solution is not to allow users to upload any type of file.

To Sum It Up

There’s a lot to think about when it comes to website security, and we should all be extra vigilant and aware of just how real these threats are. Even if we can’t see the threat, it doesn’t mean it’s not there.

Send us a message

Get in touch today to find out more.


Prove your humanity 9 + 1 =