What is Web Security?
(Article 4 of 15): This wiki is part of an expert series that discusses important web security standards to weigh before selecting a web hosting provider and which steps to take to protect a website from hackers. We’re talking ‘Web Security for Dummies 101,’ written for beginners who can’t imagine stomaching a training course, books on the advantages of security testing, or articles about a subject as boring (but important!) as this. For a condensed version of these tips from a whitehat perspective, download our handbook: Ultimate Guide: 15 Ways to Intelligently Host Your Site Like a Pro.
Hosting on the Internet without web site security is like criticizing the PR department of a Mexican drug cartel. It’s just not a good idea. What else is not a good idea? Pretending your site’s security is someone else’s responsibility until the day you wake up to discover your website is down, hackers have stolen your customer’s passwords and personally identifiable information (PII), a non-compliance fine is imminent, your reputation is hopelessly tarnished, and all of your hard work is achingly gone. Prep the typewriter … because your next excruciating move is to send out the bad news to your loyal customers.
It’s bizarre, but despite the growing threats including ransomware viruses like WannaCry and Petya, most small business owners don’t have a site security management plan when it comes to implementing best practices to protect their most treasured assets: their website and their customers. Nor do they have the foresight to determine if they’re in good hands by having clear visibility into their web host’s security strategy (or, as it turns out, lack thereof).
So let us consider a checklist of all the powerful fundamentals and guidelines for how to quickly and easily get educated and perform an analysis before this unspeakable tragedy happens to you (and, sadly, it happens all the time).
#1 – Passwords on Steroids
Don’t Be Lazy
Stop conforming with the masses and go strengthen your passwords right now. They probably suck. 60% of the top 10 most popular passwords contain some variation on the sequential usage of numbers from 1 through 9. So if your password is “123456,” or uber-popular choices like “qwerty,” “qazwsx,” or the #32 most-popular and oh so cleverly derived “f*cky*u,” you’re recklessly playing with fire.