Recently the internet has been buzzing about the recent Equifax hack and the breach of some 143 millions customers personal data. If you haven’t heard of the breach, on July 29th Equifax discovered that a software vulnerability had been discovered and hacked between May – Jul 29, 2017. They have since hired a firm to assess the damage, but they waited until September to inform the public of the breach. There is also a report from CNet that the breach does not just affect US Consumers, but will affect people around the globe. The CNet article is quoted as saying “The latest comes from Argentina, where Equifax reportedly used the word “admin” as both the username and password for an employee web portal designed to protect both employees and customers who submitted credit disputes.”, you can read that article in full here.
So as someone who owns a website what can you do to easily protect your website and the data you may collect? There are actually some really simple steps you can take to protect yourself and your customers.
Don’t use default User Names and Passwords
The fact that there is a report that Equifax used “admin” for their user name and password for a piece of software that allowed people to file credit disputes is really dangerous. Whenever you purchase software it usually comes with some generic user name and password to help you log in the first time, if you are still using those credentials please change it, like today! If you have a third party set up the software for you, also consider changing the password. Another piece of advice on passwords is, if you have had the same password for some time consider updating it periodically.
Make sure your CMS is up to date
If you are using a content management system like WordPress, updates are released on a regular basis that are either bug fixes or enhancements. Don’t be one of the websites that never update leaving yourself vulnerable to be hacked.
Keep your plugins up to date and buy premium if it is available
A great thing about WordPress is plugins, but are you keeping them up to date? If a new version comes out make sure you are updating to it. Now there is always a small chance that an up date of a plugin can wreck havoc but the chance of that verses a hack is pretty small. I know we all love freeware and open source but if a developer offers a premium version consider registering and making the purchase. The benefit is they will keep it up to date and monitor possible vulnerabilities, plus you typically get support as well. Last thing is if you have a plugin that is older, not being updated, in fact it appears to no longer be in the WordPress Plugin Repository or compatible with your latest version of WordPress it might be time to ditch it and find a new one. Of course not all plugins will be in the WordPress Repository, an example would be if you have a developer that created one custom just for your website, those are usually private.
Have Security Monitoring for your website
Most people don’t even know this is an option. But yes you can actually have security monitoring for your website. There are companies out there that offer this service as stand alone or as part of a maintenance package. JS Web Solutions offers such Security Monitoring when companies sign up through our website WP Service Call and have a maintenance agreement. We have comprehensive knowledge, get real time notifications if your website is down or if an unauthorized person is trying to access your website.
Why you should consider having a Website Maintenance Package
If you dont have time to keep your website up to date, consider a website maintenance package. Benefits can be having cloud backups of your website, so if something does go awry a previous version can be put up in minutes, limiting your down time, you have someone that is knowledgeable, and can fix an issues when updating your CMS or plugins. There is Security Monitoring and reporting for basic coverage. JS Web has low cost options for our customers that need a maintenance package, plus we have a support ticket system to help you and if the problem is with your host and not your website we can help identify the issue and get your website back on track and safe.