How Secure is Your Website?
Today I’m going to talk about web security and how to keep your much-valued site protected. E-commerce sales is projected to be at 15.9%, or $2 million, of all retail sales by the end of 2016 according to E-Marketer. Sometimes, it’s only matter of time before a website falls vulnerable, so it’s critical to always remember to prepare an umbrella before the rain hits, as they say.
What is the cost when a website is hacked? Does it really matter? Imagine if your years of hard work and all the collated customer information you’ve collected was stolen. The losses of revenue during this downtime would be significant. From a recent survey, average times that were required to fix a website is approximately around 7 days. In the United States alone (as of August 2015), cyber crime had reached an annual loss of $16.45 million in the technology sector. That’s a huge number, and it’s looking like it’s note going to slow down anytime soon.
Now we get serious
Web security is primarily made up of the two parts: the server and the web application or e-commerce system itself.
On the hosting server, a very strong and robust operating system — such as Red Hat Enterprise Linux, CentOS or Ubuntu — is needed to install a firewall program that can detect and block any threat to the server. At least once a week, it’s critical to update all the application inside the server, in order to make sure all the application is up to date.
The application itself, however, should have components that are entirely updated. No matter how strong your firewall is, if there is any vulnerabilities on the application, the hacker could easily gain access.
Next, a web application firewall, a.k.a WAF, is implemented between the client and the server. Its function is to filter every code in and out from the website, and hide the server’s real IP. Some WAF systems also function as Content Delivery Networks, a.ka CDN, which can improve the website performance — some would argue this is the first line of defense.
Then, it is time for a testing. A penetration test is a ‘Planned Attack’ to get any vulnerabilities on the application before the hacker takes advantage of them. This will ensure that all the security levels are up to date and can withstand any attack. For more advanced tests, these can be arranged twice a year, once in three months or once a month (depend on the how critical the application is).
Last but not least, the web application needs backup and recovery on a consistent basis. Any application runs the risk of breaking down at any point in time. This can be caused by many factors; hardware failure, power failure and even being hacked after an extreme penetration test — never underestimate the potential of a hacker. Website monitoring can also be used to make sure you’re alerted when something poses a threat.
When everything is in place, it’s then time to truly enjoy the business!