OK so I am sure you have noticed all the negative press that Giuliani, has been getting since President-elect Donald Trump named him as an informal adviser on cybersecurity. They have all been pointing out the security flaws on his web site https://Giulianisecurity.com. I have personally look at his site as you can see by the screen-shot above.
I gotta say I really don’t see any issues with the web site security. I think the design leaves a lot to be desired, the fact is the security is so good, I can not even view the web site. Do i think this might have been a bit overboard as far as security goes sure.
Let’s be serious for a minute and talk about website security. Cyber Security is a serious issue that every company needs to be concerned about in today’s digital world. With WordPress holding a whopping 25% footprint of all web sites on the web, and growing daily it is something all developers need to be concerned about. There are some basic security measures that you can take to secure your site. Let’s focus on WordPress since that is what we specialize in, here are some of the obvious ones;
- Keep your website up-to-date
- Keep all of your plugins up-to-date
- Delete all theme templates that you are not using.
- Delete all Plugins that you are not using.
- Install a monitoring Service or Plugin on your site.
- Install a credible Security Plugin on your site.
- Change the default table prefixes on your database.
- Use strong passwords on your site and update them regularly.
- Use 2 step authentication on your site.
- Use a Secure Socket Layer Certificate.
- Choose a reputable web hosting company.
- Choose a reputable web firm or developer to maintain your site.
There are ton of other things you can do to secure your web site. Harding your website against hacking attempts is a part of developing websites now-a-days, and if your developer or development firm can not answer the questions you have about security, then you might want to move on to another developer or firm.
A great Security Firm I have worked with in the past is Sucuri, they are one of the top Security firms in the country in my opinion. Danny and Tony really know their stuff and they hire some of the best talent out there, I have learned a lot from my time working with them, and we still use their services when we feel we are getting into deep.
At DSKnigths we employ the latest security tactics to secure our clients sites. That said, I want to point out no one is totally secure, yes let me say that again no one that has a computer connected to the internet is totally secure. if you want to make sure that your system is totally secure, un-hook your modem, and lock your computer in a vault and don’t let anyone else know where it is or let them use it.
OK so that might be a bit overboard right? Security is one of those things you have to find a happy medium between convenience and inconvenience (security) because that is what security really is. Security is a series of inconveniences. You are trying to make a inconvenient for someone to hack your site, but there a very few ways to make it inconvenient for those people and not make it inconvenient for everyone else.
The security of your web site is not just up to your developer or firm to take care of. Over 50% of hacking incidents start at the client level. What I mean is all the sticky notes hanging on your monitor with all of your passwords, out of date antivirus software on your company network, emailing your company password list to one another, just to name a few. There are several more cases where social engineering is use where a hacker calls up your company or email and impersonates another employee or outsourced firm and obtains a password that way. With the countless ways website intrusions can happen it is a collaborative effort between the client and developer or firm to try to stay ahead of the hackers and try to cover all the bases they can to make it harder for people to hack your site. Security by Obscurity is not security at all, make a concise effort to execute the security plan you have set up for your company, and regularly review and update your disaster recovery plan to change with your companies landscape.
In closing if you’re reading this Rudy, and you need a development firm well versed in security, feel free to contact me and we can get you fixed up. If you have any further questions or concerns about web site security give us a call and we can help you set up a security and/or a disaster recovery plan for your company.