Cybercriminals do not leave any of his attention, even the smaller companies. By the week of the National Small and Medium Business Administration, we have prepared a few tips to help small businesses protect their data from intruders, and its customers — from malicious programs.
Guided by a common false beliefs, many small business owners are hiding their heads in the sand like ostriches. «With me it will not happen» — they convince themselves, when they hear about the targeted attacks, phishing and sophisticated malware. «My business is too small to be of interest to criminals» — they argue in response to the warning about hacking of confidential data storage, network intrusion and attacks against Web-sites.
Even if in the past this confidence could not be objectionable, but now it has no basis. It is becoming increasingly clear that, since the attacks, cybercriminals do not take into account the size of the company. These have the data, and even the smallest companies have valuable information that can be stolen and sold. Time is long past when you could go unnoticed because of the small size. Most small companies are only an intermediate link in the chain of attacks, during which offenders are being implemented in small and poorly protected networks to reach their major partners.
Attacks are becoming larger and more sophisticated, so small and medium size firms find it difficult to keep the defense. Prior to National Week of small and medium business security council CA (Certificate Authority Security Council, CASC) has compiled a list of simple measures that will help small companies protect their online presence. Using these guidelines, the owners of the companies will provide safety visit their sites, search input personal information and commit transactions.
Do not underestimate the importance of passwords
Says Rick Andrews, CTO of Symantec, speaking on behalf of CASC, the first thing to do — to «create strong passwords that are impossible to crack» for the accounts related to the presence on the Internet, including the domain name registrar, hosting , a provider of SSL-certificates, social networks and PayPal. Despite the active search for more sophisticated authentication schemes, passwords remain the primary way to protect accounts on the Internet, so the demands on their reliability is very high.
Criminals not difficult to program computers to «frontal attacks» — a rough enumeration of random combinations of characters. If the password is weak, it does not take long to guess it. PCMag.com Experts recommend the use of password manager to create a safe and secure storage of passwords. If the service provides two-factor authentication, be sure to use an additional level of protection.
Perform the test sites
Web-sites can be infected by viruses in the same way as a PC. Regularly check the site for vulnerabilities and malware. Attackers can take advantage of vulnerabilities to infect a dangerous site program or add malicious code to redirect visitors to another location. Infected sites can be slow to load, display advertising and someone else become a source of infection for the user’s computer. Use checker sites, such StopTheHacker Web-Malware Scanning, which will monitor the site and warn of the danger.
Updated and correct errors in it
Regularly updated if Web-server, and make corrections to the software? Not just the server, but the Web-site require regular patching. If you use the popular content management system (CMS), such as WordPress, or a platform of e-commerce, such as Zen Cart, you should regularly update the software. Hackers often attack plug-ins WordPress, so you need to make timely corrections. Contact your hosting company or serving the site to find out regularly whether all the programs updated.
«On the Web-site updates must be installed in the same way as you install the latest Windows Updates on your PC», — says Andrews.
Customers need to be sure that you are in a legitimate business, and SSL-certificates help verify your identity. No one site should not collect personal information, or to trade online without a reliable SSL-certificate, the presence of which will give users confidence in the security of their information.
Maintain complete control over credentials
Whoever was assigned to work with the site, the company must always maintain control of the domain name, SSL-certificate and by the Web-site. Too often, businesses are hiring a specialist for the construction site, and when he retires, it turns out that the company lost the only person with access to the SSL, domain name and hosting account. In the absence of the original owner of the account is more difficult to add employees to your account or transfer ownership. If the development and maintenance of Web-site attracted the Contractor, be sure to take care that any employee of the company also had access to the accounts. If the employee is dismissed in advance, add the account of the new man. This allows you to continue to manage the certificate, the domain name and hosting account.