In business, security underpins everything – from customer experience to employee engagement, whether protecting data or physical assets. As organisations focus on working in the digital age and their digital transformation, they need to think about doing things differently from disrupting the status quo to making protecting the security of their online presence, a priority.
According to a Microsoft study, Singapore firms incurred S$23.8b economic losses from cyberattacks in 2017, with much of that loss caused by the impact on the wider ecosystem and leading to decreased consumer and enterprise spending. The Cyber Security Agency of Singapore (CSA) found that almost 40 percent of cyberattacks in Singapore targeted the small and medium enterprises (SMEs) – phishing attempts and ransomware were the most common methods used.
Whether you’re a large global organisation or a small start-up, it’s important to protect your business assets, including your customers’ personally identifiable information. In today’s digital world, nothing is entirely safe from an attack. Loss of data can happen, and unfortunately, most often we do not see it coming. Here are five tips to help protect your customers (and your data!) against hackers and insider misuse:
1. Be cautious with login privileges.
One of the simplest ways to improve your website security is to have tighter login controls.
We recommend having logins that expire after a couple hours of inactivity. It might be annoying to log in multiple times per day, but a login that remains valid, despite inactivity, is a risk to your customer data and your business. All it takes is for a device to fall into the wrong hands — a laptop left on the MRT, or a smartphone in a coffee shop. Putting a firm limit on number of login attempts works too. This way, you’ll be protected against brute force attacks.
2. Hackers and identity thieves cannot steal what you don’t have.
Therefore, do not collect or save customer data you don’t need. For example, you may want to consider using an encrypted checkout tunnel to help eliminate the need for your own servers to view and store the customer’s credit card data. This might be slightly more inconvenient at checkout time for your customers, but the benefits may outweigh the risk of compromising their credit card numbers.
3. Protect customers with a SSL Certificate.
Website safety isn’t just about protecting the stuff you store on your site. It’s also about keeping data safe during its transmission, for which you need a SSL (Secure Sockets Layer) Certificate. SSL encrypts data sent to your servers, so your company and customer data is secured when being transmitted between websites and servers.
4. Regularly test your website for vulnerabilities.
New vulnerabilities are discovered all the time – just because something was secured yesterday, doesn’t mean that it is safe today.
It is important to scan your website regularly to help ensure identity thieves and hackers have not introduced malware into advertisements, graphics, or other content provided by third parties. You may want to consider using a security monitoring service that is continually monitoring and protecting your websites against malware, ransomware and other potential viruses. You can also consider a vulnerability scanner that shows you where your website is weak, where there are holes that hackers look for, and (if it’s a good one) shows you how to remediate those weaknesses.
And you will want to perform system backups frequently. Databases are prone to corruption, broken tables and even accidental removal of content by an administrator, so it can be important to have ongoing security monitoring and backup storage of your company and customers’ data. Your attention to this important aspect of your online presence can help you build trust with your customer and help protect your business.
5. Protect the perimeter, wherever it is.
Today’s network perimeter is ever-changing. As such, ensure that your links have their own quarantine capabilities. For example, there should be physical separation between the network that an industrial business partner can access and one that contains confidential customer data. Data should have layered defenses depending on their level of sensitivity – the more confidential the information is, the more layers of defense needed. If there are limited controls in place, there is little work that the hacker needs to do to exploit those security gaps.
Many websites have admin pages that are, in general, better to keep out of public view since they typically point to areas of your site that hackers are after. Keep sensitive pages off Google by simply adding a Disallow: command to your robots.txt file.
Security is an ongoing process, not a one-time fix to pass an inspection. Your diligence will help to render hackers and identity thieves having a more difficult time to get to your venture’s data. Constantly test your website, give immediate attention to problems, and fix them as they occur. Continued monitoring of your website can help to ensure that the problems are identified and fixed quickly.
Roger Chen, Senior Vice President, Asia Pacific, GoDaddy