International Fraud Awareness Week – How to Keep Your Website Secure

International Fraud Awareness Week, celebrated annually from 17th – 23rd November, is an opportunity for businesses to promote anti-fraud awareness and educate businesses and consumers alike about how to combat the ever-growing threat that looms over the digital age.

Companies lose an estimated 5% of their revenue annually due to fraud, according to the 2018 ACFE Report to the Nations.

Fraud comes in many forms including, but not limited to:

• Corporate fraud
• Consumer fraud
• Tax fraud
• Identity Theft

Why Do People Commit Fraud?

This short video provides an important insight into why it is that people commit fraud.

What is Website Security?

Website security is any action that you take, or application that you use, to ensure that website data isn’t exposed to cybercriminals and prevent exploitation of websites.

More than 50,000 websites get hacked each day.

Common Website Security Threats

There are many types of online security threats to your website. Below are just a selection of the most common types of threats.

Spam

Although we are getting more intelligent at deciphering spam emails from legit communications from brands, spam can be much more malicious than just an email. For example, Bots can add many links into the comments section of your website to create backlinks. Some of those links can include malware (Malicious Software) that when clicked on may harm your visitors.

Viruses And Malware

Malware and viruses are software that can harm your computer, and come in all shapes and sizes.

230,000 malware samples are created each day.

Malware tends to attack your computer to gain access to personal data or to use server resources. It can also make money with adverts or affiliate links by gaining access to your websites permissions.

DDoS attacks

DDoS (Distributed Denial-of-Service) attacks prevent your website users from visiting your website by overloading the server that your website is hosted on with pretend IP addresses. This then causes the server to grind to a halt – making your website inaccessible.

If the host doesn’t tend to the server, then the server is left wide open to malware.

Search Engine Blacklists

This is not so much a security threat as it is a search engine performance threat. If your website has been spammed with dodgy links in comments sections and they contain links to malware, search engines can penalise your website for hosting those links – even if it’s not your fault. This means that you will compromise all of your hard-earned time and effort working towards a strong SEO strategy. Scary, right?

If your website is flagged as unsafe, then your site can be blacklisted and you will disappear from search results. To undo such horror can be a timely process.

Security Quick Wins – Things You Can Do To Protect Your Website

There are a number of steps you can take to make sure that your website is safe from potential attacks.

Use HTTPS Protocol

Switching from HTTP to HTTPS provides your users with the knowledge that they can browse your website safely and securely.

Read more to understand the importance of website security for users when purchasing from your website.

A website needs to install an SSL certificate to make it secure. What’s more, Google rewards websites who have made the change to the HTTPS protocol by favouring those sites in search engine results pages (SERPs) – it’s a win-win!

Keep Software Up-To-Date

Make sure that you update software as soon as you can. Usually, when developers release software updates, they contain fixes for security vulnerabilities that may otherwise leave your computer open to security threats.

Choose A Secure Web Hosting Plan

A good hosting provider will make sure that they protect their servers as best they can against possible security threats. However, sometimes cheap hosting can appear like a great option, but you must be careful and question why it is so cheap. Usually, this is because the levels of security are much lower than their more expensive counterparts.

Change Passwords Regularly

We hear it all the time, change your password regularly, but in reality how often do many of us actually do this exercise? Many people have the same password for everything. And some even have passwords that are just not strong enough.

If a hacker managed to get hold of your login details they can gather important information such as bank account details.

Make sure your password is strong by using a mixture of:

• Letters
• Numbers
• Special Characters
• Upper case letters
• Lower case letters

There are a number of free online tools out there that can help you generate secure passwords such as this random password generator from Avast

Secure Your Personal Computer

Make sure your website has up-to-date antivirus software installed on your devices. This will help stop hackers from using your personal devices as gateways to accessing your FTP and injecting malicious files into your website.

Make sure you scan your website regularly using your antivirus software to reduce the chances of fraud or hackers.

Backup Your Website

Make sure that you make regular backups of your website. This will ensure that you always have a fallback option if the worst happens and you lose your website.

Restrict File Uploads

Allowing website users to upload any file to your website comes with an element of risk. You may encourage users to upload their own photos of your products in use in a review section.

One way to deal with this is to have these images stored in a separate location to the website files, and then fetch those files when you need to display them.

When accepting file uploads, ensure you limit the accepted file format to expected values. When handling user-supplied files avoid storing them within a publicly accessible directory. If appropriate, prevent an uploaded file from being executed on the server.

The ideal solution is not to allow users to upload any type of file.

Fraud Awareness Summarised

Fraud awareness is extremely important, not only for business but in day-to-day life too. There’s a lot to think about when it comes to website security, and we should all be extra vigilant and aware of just how real these threats are. Even if we can’t see the threat, it doesn’t mean it’s not there.