Many organizations have limited resources. A few days ago I was scrolling social media and saw in a group that a nonprofit’s website was hacked. The organization helped survivors of sexual abuse. The hackers placed erectile dysfunction ads throughout it. There are things that organizations can do to prevent this, or any attack, from happening.
We live in the digital age. And, you have to assume that your website and any digital accounts are vulnerable to attack. Remaining proactive is essential. Of course, there are some robust technical security options that your site manager can do if he or she is an expert. One of the most important things you should do is ensure you have an experienced website manager who is well versed in security for all of your systems.
Updates: The first thing to do always is keep all of your software up-to-date. You also want to make sure your operating systems are all current. Digital companies are continually updating their software and operating systems based on vulnerabilities that they find.
Back-up: I know many organizations who don’t take this seriously. That’s a mistake. Back-up your information every day, even multiple times-and when you do, make sure you are doing an onsite back-up to servers and also off-site.
Security: Security is essential. And there are some things you should do here:
- Change passwords on a regular basis.
- Ensure your site, in particular on any donation or log-in pages, use the HTTPS protocol. It provides security and prevents any hacker from accessing your website and diverting it elsewhere as information is transmitted.
- Limit who can upload files to your website.
- Consider installing website security tools such as (some of which are free): OpenVas, Acunetix WP Security (plug-ins for WordPress sites), and ScanMyServer.
Error Messages: Ensure any error messages that may appear on your website due to potential broken links are limited to only what is necessary. The more information you provide, the higher the risk becomes for hackers to learn your passwords or information regarding your server.
Administrative Pages: Make sure your website manager is not allowing search engines to index your administrative pages. The way to do prevent this from happening is to use “robots_text” files.
Firewall: Make sure you have a web application firewall (WAF). The purpose of firewalls are to monitor your site and prevent hacking, spammers, and bots.
Devices: When you plug any device into the network and computers, it is essential to ensure that the device is scanned every time for malware.