As a web designer with a small business, you probably have a local area network (LAN) for you and your team to work on projects. While you may not think anyone would bother to hack into it, the simple fact is that all websites are under a constant threat. Swarms of automated scripts roam the Internet, just waiting for an opportunity to compromise a website.
You may be right in assuming that you can easily recover from a hacker attack because all your graphic files and other design applications are available on CD-Rom and you can also easily repair any attempts to deface your website, but data theft is not the primary reason for hacker attacks.
Hackers are actually looking to hijack your server. The temporary use of web server allows them to serve illegal files because it can act as an email relay to send out spam messages.
With that caveat in mind about why you can’t afford to neglect security, here are 3 tips to get you started in keeping your computers and network safe:
Tip #1: Stay on top of software updates.
When you get busy on a project, you may be too preoccupied to bother with keeping all your software updated, but it is an essential step to protecting your business from a hack attack. This applies to both server-side operating systems and software you have running on your website, like a content management system.
Older software versions may have security holes that hackers can exploit. These are akin to leaving an open window at the back of your house that allows burglars to climb in. If you’re using a content management systems, or other third-party software, vendors often send out security patches–so be sure to apply these when notified.
If you’re using a virtual networking product like VMware NSX, you should get a security system. Trend Micro, for example, tightens up security through micro-segmentation.
Tip #2: Take password protection seriously.
Passwords have been around for so long now that most people tend to waffle when they are asked to choose a complex password with numbers, letters, symbols, and a minimum of eight characters.
Strong passwords will protect your server as well as access to your website administration section. They will also protect the accounts of any clients who need to login to a special section, like, for example, a membership portal, you have for them on your website.
Tip #3: Be wary of file uploads.
As a designer, you and your clients are probably uploading and downloading graphic files all the time. However, you are taking a big risk if you allow users to upload files to your website. The fact is that all files may not be as innocent as they look. Some may be packing a script that when executed leaves your website wide open to a hacker invasion. You need to treat all files that are uploaded into your system with suspicion, even if they are being uploaded by trusted staff or even clients. Users may innocently load up files that are not what they seem. An image file can be faked. Opening the file and reading its header or checking the image size is not actually verification of its authenticity. This is because image formats have a section that stores comments—and these could contain malicious PHP code that your server would then execute.
So, how do you prevent fake or malicious graphic files from entering into your system? First, avoid giving any users the power to execute any uploaded files. Second, rename the file that you intend to upload to verify the file extension. You can also change file permissions so that the file can’t be executed.
Summary
As a designer with a small business, you need to take steps to protect your computers, servers, and networks. While this may not be exactly within your technical expertise, you can always hire someone to help you with it. Ignoring security is a luxury your business cannot afford.
