15 Ways to Protect Your Business from Hackers

Today we have a guest post from Sachin over at FromDev.com.  And without any further ado, we’ll turn it over to Sachin.


Computer Security Protected Monitor Shows Laptop Internet Safety

There is no business in this internet age that cannot be hacked. Most skilled hackers can hack into any system. It has happened to most of the top tech businesses in the past, and will keep happening in future too.

Let’s face it, we cannot stop skilled hackers. However, we can easily make it difficult for them. I have learned a lot from hacking books. The idea is to make it so difficult that they do not find it worth wasting their time on it.

Hackers often start with an easy to find weak spot and then build on it. If we can eliminate easy to find weak spots from our websites/apps then the effort to continue looking makes them look somewhere else.

This article is divided in two sections. The first section focuses on avoidance and the second section focuses on reactions after an attack.

How to Avoid Being Attacked?

There are common security mistakes businesses make that makes them easy target for hackers. Below are some ways you can avoid these mistakes.

 

1. Use Secure Software

Businesses use software for a variety of reasons. It’s important to carefully pick the software. Make sure any multi user software you buy or build has basic authentication and authorization features available.

2. Educate Employees

Many recent phishing attacks were aimed at employees of a target company. These phishing attacks take advantage of employee ignorance about enterprise security. Educating your employees about basic internet security is essential. Some of the key things you can cover in educating your employees are listed below:

Use strong passwords.

How to identify a phishing attack?

How to spot a spoof website?

Sharing data on social networks and other websites.

3. Don’t Re-Invent — Trust Proven Security Solutions

Many tech entrepreneurs and security enthusiasts tend to re-implement their own way of securing features. It has been the cause of many compromises in the past.

You should trust only security tools and software that are proven safe. This will also eliminate unwanted efforts to develop and maintain such tools. There are dozens of open source and free tools that can be used.

4. Enable Strict Password Policy

Not having strong password is the most common reason for website compromise. Strong passwords are absolutely essential to your security. Some key points to this policy are:

Include letters, numbers and special characters in passwords.

Require longer than 8 characters.

Do not allow most common passwords.

Keep changing passwords every 3 months or less.

5. Change Default Passwords

This is a classic security problem. Many businesses install open source software that come with a default admin password. Not changing this password means a hacker could very easily get admin access on your system.

Default passwords can be easily hacked by a bot attack. This type of attack does not even require a skilled hacker. Anyone can use readily available hacking software to perform this attack.

6. Restrict Access To Privileged Accounts

Attack Or Defence Directions On A Metal Signpost

There are some roles in software that are very critical and have super-admin level access. You can restrict the access to it by various ways. Some ideas:

Allow admin access to limited people.

Limit admin access to intranet / WAN.

Enable multi-factor authentication if possible.

Enable Audits to track user actions.

7. Password Protect All Devices

This is a very simple rule. Not having password protection means the device is an easy target. No Internet facing device should be exposed to the Internet without password protection.

8. Enable Multi-Factor Authentication

Multi-factor authentication is also popularly known as two-factor authentication. This adds an extra layer of security to your software. With use of OTP (One Time Password) devices / apps it has become very easy to enable.

If your software supports this feature you should use it.

Apple, Google, Amazon and other tech giants already support multi-factor authentication on all platforms.

9. Prefer Trusted Cloud Providers

Cloud providers are many, however the choice of them must not be made only based on price. You must consider the providers who can keep your data secure. Cheap cloud provider may cost you a lot if they are easily hacked.

10. Use a Firewall

Firewalls are a must have hardware or software for any business network. It protects you from a lot of unwanted clutter attacking you from all directions. Firewalls cannot stop hacking attempts; however they can reduce them significantly.

11. Use a VPN

Virtual Private Networks (VPN) will allow your business to protect network access from remote location. If you want to provide your employees remote access than you should do it using a VPN. You can always choose to not provide remote access in case your VPN access is not ready.

12. Do Regular Security Audits

Performing regular security audits can identify a lot of common issues in your systems. This audit can be performed by independent security experts, and clear guidelines can be established based on that.

13. Go For Private Website Listing

When buying a website domain name, chose private listing. This will ensure your personal / business details are not visible publicly.

How To Be Prepared For Recovery from Attacks?

In case an attack happens and your data is compromised or corrupted by hackers, you may the tips below helpful.

14. Backup Regularly

Keeping regular backups of you critical data is a standard best practice. You must ensure the backup is not located in the same place as actual data – store them offsite if possible. Having remote backups can help you recover from a disaster.

15. Keep Redundant Storage

Storage of critical data must always be done with redundancy. This is for quick recovery and may help you avoid losing any data in case one of the storage locations is compromised.


 

Author Bio:

Sachin is a tech blogger on FromDev.com : A technology blog about web development tips, java projects, open source tools and book recommendations.


Posted

in

,

by

Tags: