Three web security reminders from the recent Huawei Indictment

The department of Justice announced yesterday that they have indicted Huawei, a Chinese telecommunications company on charges of racketeering and conspiracy to steal trade secrets. The justice department said in a statement that

The 16-count superseding indictment also adds a charge of conspiracy to steal trade secrets stemming from the China-based company’s alleged long-running practice of using fraud and deception to misappropriate sophisticated technology from U.S. counterparts.

This exposes the very real and largely ignored reality that there are malicious entities actively trying to steal information. Unfortunately, this is not just an enterprise-level problem. Data theft and security issues affect all of us.

According to hostingfacts.com, Over 90,000 websites are hacked every day. That’s substantial. Our own research has shown that around 60% of sites are vulnerable to attack for one reason or another.

There are things that you can do however, to protect your site and data. Here are 3 things that, while not an exhaustive list, will help you stay ahead on security.

Keep your software up to date.

This is key. This is the number one thing we look for when scanning a site. If software like Apache or WordPress is not up to date then there is a good chance there is a security hole that is exposed. A hacker will look for the easiest way into a system. By keeping your system up to date it greatly reduces the security holes that have already been discovered

Use Encryption

It blows my mind the number of sites that do not use encryption for their site and devices. Encrypting data means that data is secure and cannot be read by a third party without having a key. What should be encrypted? You should make sure that all your communications are encrypted like email, and text messages. Some people falsely believe that their text messages are encrypted. While some carriers claim that they are, the reality is that they are only partially encrypted and are still vulnerable to interception. Apps are your best option in this case.

Don’t use weak and generic usernames/passwords

There are so many sites that use the generic “admin” username for the backend of their site that it defeats the purpose of having security at all. Please please do not use the default username for your accounts. Changing the password on a regular basis is also a good idea. We recommend every 3 months to change your password. There are lists of passwords floating around the dark web. These lists are very real and all someone has to do to compromise your site is find your username/password on a list and they’re in.

Web Security is a serious issue and one that should not be taken lightly. Don’t be become a victim. By following the three steps above you will greatly reduce the risk of being hacked. You feel you have been hacked or would like more information about web security please contact one of our Progress Coordinators.

Jacob Billings
PhD Candidate - Complex Systems

I am a software engineer, linguist, and researcher of Complex Systems. I hold a bachelor's degree in Middle Eastern Studies from the University of Utah, a Master’s degree in linguistics from Francisco Marroquín University in Guatemala City, and I am a doctoral candidate in Complex Systems at the Polytechnic University in Madrid, Spain.

Software Development: I bring over 20 years of experience in developing software for multiple clients in various environments. I have a solid knowledge of PHP, Javascript, MySQL, NoSQL, Python, and Java.

Over my career, I have had the opportunity to work on projects for some of the most recognized brands on the planet. Brands like Marriott Hotels, Microsoft, Ashland Chemical, Capital One Credit Cards, Cadbury Schweppes, GE and more. This has given me an in-depth understanding of my client's challenges as they grow. I know how to get a company from startup to maturity with technology. My specialties are in E-commerce(specifically Magento), process automation, and security.