The department of Justice announced yesterday that they have indicted Huawei, a Chinese telecommunications company on charges of racketeering and conspiracy to steal trade secrets. The justice department said in a statement that
The 16-count superseding indictment also adds a charge of conspiracy to steal trade secrets stemming from the China-based company’s alleged long-running practice of using fraud and deception to misappropriate sophisticated technology from U.S. counterparts.
This exposes the very real and largely ignored reality that there are malicious entities actively trying to steal information. Unfortunately, this is not just an enterprise-level problem. Data theft and security issues affect all of us.
According to hostingfacts.com, Over 90,000 websites are hacked every day. That’s substantial. Our own research has shown that around 60% of sites are vulnerable to attack for one reason or another.
There are things that you can do however, to protect your site and data. Here are 3 things that, while not an exhaustive list, will help you stay ahead on security.
Keep your software up to date.
This is key. This is the number one thing we look for when scanning a site. If software like Apache or WordPress is not up to date then there is a good chance there is a security hole that is exposed. A hacker will look for the easiest way into a system. By keeping your system up to date it greatly reduces the security holes that have already been discovered
It blows my mind the number of sites that do not use encryption for their site and devices. Encrypting data means that data is secure and cannot be read by a third party without having a key. What should be encrypted? You should make sure that all your communications are encrypted like email, and text messages. Some people falsely believe that their text messages are encrypted. While some carriers claim that they are, the reality is that they are only partially encrypted and are still vulnerable to interception. Apps are your best option in this case.
Don’t use weak and generic usernames/passwords
There are so many sites that use the generic “admin” username for the backend of their site that it defeats the purpose of having security at all. Please please do not use the default username for your accounts. Changing the password on a regular basis is also a good idea. We recommend every 3 months to change your password. There are lists of passwords floating around the dark web. These lists are very real and all someone has to do to compromise your site is find your username/password on a list and they’re in.
Web Security is a serious issue and one that should not be taken lightly. Don’t be become a victim. By following the three steps above you will greatly reduce the risk of being hacked. You feel you have been hacked or would like more information about web security please contact one of our Progress Coordinators.