Preventing Cyber Attacks

The Definitive Guide On How To
Protect Your Website Against CyberAttacks

  cy·ber·at·tack / noun

Updated: March 11, 2022
By: RSH Web Editorial Staff
Cyber Attack
Menu

For a business to suffer a cyber attack is bad. For a business with an entire company branch specializing in IT security and data loss prevention to suffer a cyber attack.

That is exactly what happened to DLA Piper. One of the worlds largest law firms, employing more than 4,000 attorneys in more than 40 countries. They have a wide range of branches, including: Intellectual Property, and IT Security. Nine days later, the company was still struggling to get its systems back up and running.

Cyber Attacks Can Happen to Anyone!

How Can You Protect Your Business?

It is virtually impossible to run a business today that doesn’t use electronic data and record keeping in some fashion. As a result security risks are an unfortunate but a real threat for just about every business.

CyberAttacks

A cyber-attack is a malicious act by persons, groups or organizations against a computer system or website that is intended to destroy, to damage, or take control in order to carry out illegitimate operations or steal data.

There are steps you can take to help protect yourself and your Website

Monitor Your Website

You can bet that even if your not monitoring your website, hackers are. And all the time just waiting for you or an employee to make a simple mistake.

Keep your Computers up to date

One of the simplest strategies you can do is ensuring that your entire network is up to date. This means paying attention all notifications regarding updates to your operating systems, your anti virus software, web browsers and firewalls. Ignoring any of these will leave openings in your security system.

domain website hosting

Create Strong Passwords

Most all Security Experts state that you should never use the same password for all of your accounts. Once into one account - they are into all your accounts. Try to create diverse passwords that combine numbers, symbols and other factors to ensure it is safe and secure. Use strong random passwords, changed often, and guarded closely.

Control Access

Hackers should never to be in your networks, website, or data. But neither should some employees. Many businesses allow their employees to access all kinds of sensitive resources that they have no reason to access. By restricting access to key assets, like your website or emails you minimize the risk of a careless employee handing over the keys or opening doors they should not open.

Patch those Weak Points

Many attacks on businesses are exploits the hackers found before you did. And no doubt because they were looking for the exploits when you were not. For many businesses those holes are in their websites, and mainly caused by either poor security configuration or a failure to update programs and third-party plugins (WordPress).

Be Careful with Plugins

One of the great things about developing a website today is that you do not have to develop much. There are thousands of developers who offer great tools at affordable prices that can be plugged in and running in a matter of minutes. But that comes with a downside, if those plugins are not free from major vulnerabilities. Like the case of a famous SEO plugin for WordPress that was used by millions but was recently found to have a major security hole.

Outsmarting the Smart Devices

Mobile Devices have become a critical tool of many businesses. Particularly as employees use them for both personal and business tasks. But they come with risks. Especially privacy and security risks, The theft of a smartphone or tablet, or an employee who downloads malware can expose valuable business information or create a back door for hackers.

Block .EXE files in emails

A .EXE file is a file designed to execute a program of some type. Most of the programs you interact with on a daily basis from your web browser to your video games are using an .EXE files to run. But there would be very few legitimate reasons to send .EXE files via email. Configuring your gateway mail scanner to filter out .EXE files can help you avoid some of the worst malicious attacks.

Change Your File Associations

.EXE files are not the only files that can put your computer at risk, though they are some of the most common. But there is an entire collection of other risky file types as well.

Fortunately many of these file types can be forced to run using a text editor like Notepad or TextEdit. And by setting your machine to run them in Notepad instead of executing their code, you can stop attacks that make use of these file types. It will just open a .txt document with their code in it, rendering it harmless.

To set in Mac Right-click (Control-click for single button mouse users) on the file and select "Get Info" from the contextual menu. Then click on "Open with" - Selected file type

For Widows, Open Control Panel, click on “Programs”, then click on “Set your default programs”. The window that appears will list all the file types your computer recognizes and the programs associated with them.

We suggest setting the following list of file extensions to open with Notepad or Mac to TextEdit.

  .JS  .JSE  .HTA  .WSC  .WS  .WSH  .WSF  .VBS

Doing this can stop 90% of the infected email attachments from running, which is how 95% of mailware infect your machines.

Blog Hosting

Screen Who You Hire

Be careful on who you hire and make sure they are the kind of people that will follow your security rules, understand their role in protecting their workplace, and not engage in behavior that can put your business at risk.

Cybersecurity Training for Your Employees

Your employees can be your best defense or your greatest vulnerability. “Untrained employees are the biggest risk for Businesses”. Training needs to be conducted regularly, not just once a year. It also needs to be varied, both in method (such as in-person, email, blogs) and with different topics (such as password security or visitor access) to engage your employees.

Be Proactive About Malware

Since 2016, over 4,000 ransomware attacks have happened daily in the U.S. If that pace continues, by the end of this year there could be more than 100 million varieties of malware. Most malware consists of smart and dangerous Trojans that seem to get smarter every day. If you are not proactive about avoiding malware chances are they will get in.

Think Like a Hacker

Who would want to hack into your business, computer or website. What would they be looking for? Keep asking yourself that question.

Look at your website like a hacker would. Look at your employees and their behavior, your email, the way you protect your information and what kind of information it is.

The view from outside is always different than from the inside.

From the Department of Homeland Security

https://www.dhs.gov/topic/cybersecurity.

The following preventative strategies are intended to help our public and private partners pro-actively look for emails attempting to deceive users into "clicking the link" or opening attachments to seemingly real websites:.

Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on

Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them

Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate!

Blog Hosting

Other Practical Tips to Protect Yourself

Set secure passwords and do not share them with anyone. Avoid using common words, phrases, or sharing personal information.

Keep your operating system, browsers, anti-virus and other critical software up to date. Most security updates and patches are available for free

Verify the authenticity of any requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request

Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.

For email make sure to turn off the option to automatically download attachments.

Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be

Learn More about Cyber Attacks.

Cybersecurity best practices. Stay safe from cybersecurity threats - SBA

Cybersecurity involves detecting, and responding to cyberattacks - ready.gov

Reducing your exposure to cyber attack - NCSC.GOV.UK

Preventing and Defending Against Cyber Attacks - Homeland Security

Protect your company from cyber attacks - Mass.gov

Preventing and Defending Against Cyber Attacks - CISA

Protect your business from cyber threats - business.gov.au

Advice about common security issues for non-technical computer users - us-cert.gov

Information about current security issues, vulnerabilities, and exploits - us-cert.gov

Weekly Summary of New Vulnerabilities - us-cert.gov

Online Security Tips - OnGuardOnline.gov.

We welcome your comments, questions, corrections and additional information relating to this article. Please be aware that off-topic comments will be deleted.
Or if you need specific help with your account, feel free to contact us anytime
Thank you

COMMENTS

Thomas R
This is very useful for the small business, thank you


Tweet  Share  Pin  Tumble  Email.

More Articles Of Interest