Threats from Cyberspace: What Businesses Should be Aware of and How to Ramp Up Your Website’s Security
Article by Bernard Chen & Henry Ng
Graphics Design by Jericho Ramos
In a recent mass data breach in Singapore, the medical profiles of around 1.5 million patients registered in SingHealth’s databases were exposed to cyber hackers.
This spree of illegal activities was recently put to a stop on July 4, 2018, and had been capturing patient particulars since May 1, 2015, more than 3 years before it raised suspicions.
Cyber attacks are neither new nor a threat of the past. Barely 1 month before, cyber attacks took place within the time frame of the Trump-Kim Summit on June 12. 88% of attacks against Singapore was estimated to be from Russia. These were mostly reconnaissance scans targeting vulnerable devices to collect sensitive information.
What this means for Singapore’s IT Infrastructure
If Singapore’s biggest group of healthcare institutions has become vulnerable to breaches, businesses are expected to do more to prevent such deliberate and organised cyber attacks.
SMEs and businesses with weak organisational infrastructures on their web portals or websites are particularly vulnerable against sophisticated cyber invasion. These are platforms containing transaction records, stakeholders, and various confidential information of business administrators. Unauthorised access would not even be detected until years of data have been stolen.
According to Minister-in-charge of Cybersecurity, Mr S Iswaran, we need to reinforce IT gatekeepers in the public and private sectors by drawing meaningful lessons and policies from this incident. Leading the web design and development industry in Singapore, our expertise in the heart of digital and information technologies allows us to recommend best practices in cyber security.
4 Proven Ways to Safeguard Your Business Against Hackers
Majority of visitors turn away from contacting businesses on unsecured websites, and for good reason. As platforms where money, purchases and information are commonly traded, it makes sense that websites are vulnerable to cyber breaches. With years of experience in incorporating anti-hack security features into web design packages for our clients, we actively employ best practices when it comes to protecting websites from cyber attacks.
1. Be Vigilant in Management of Information and Software
It is recommended that you research and adopt well-known practices in the management of tasks offline or online. Whether you are managing your website on your own or with others, it is always better to err on the side of caution.
- Perform regular anti-virus scans and purges. Most hacking originates from Trojan programmes or malware. These can track entry points to crucial information on your computer and provide backdoor access to the hacker without your knowledge.
- Access personal and confidential data from computers with reliable anti-virus and anti-malware software. Computers in public spaces, such as internet cafes and airport terminals, could have been tampered with or exposed to malicious software.
- Avoid opening spam emails, suspicious links or documents by known or unknown sources. There have been cases of hackers and cyber terrorists impersonating reputable organisations.
- Add a web application firewall (WAF) to further protect your website and preempt cyber attacks New websites are commonly targeted as they may not have established anti-hacking protection in place.
2. Protect Yourself when using Open-Source CMS
Open-Source software refers to a software with a source code that is subject to non-proprietary use, modification or distribution by developers. Most websites are managed using Open-Source Content Management Systems, which means it is all the more important to make sure yours is well-protected.
- Upgrade to the latest version of the CMS to overcome known vulnerabilities from previous versions.
- Use a different admin login URL. WordPress and Joomla use /wp-admin and /administrator as part of the login page’s default URL.
- Avoid using “admin” or “Admin” as your login ID or password.
- Keep complex passwords for your cPanel and Admin Login page. Mix numbers and alphabets with special characters into your password.
- Restrict CMS access from certain countries suspected of engaging in cyber attacks.
- Segregate CMS responsibilities. Personnel who manage content on certain web pages do not require access to confidential membership or enquiry forms submitted.
- Avoid engagement of freelancers. Without proper authorisation and professional knowledge, they may install obscure plugins or extensions with subpar reliability and security. There’s a higher chance they may also lack the experience to ensure secure hosting and cyber protection.
- Keep your add-ons and plugins simple and minimal. This plays into raising security and functionality as well.
- Choose web agencies wisely. Regardless of the same WordPress CMS, not all web agencies provide an implementation of the best practices to secure your website against malware and hackers.
Find out what to consider when choosing the right web agency here.
3. Get Secure and Reliable Web Hosting
There are many different types of hosting providers available, each with a certain set of specialisations or working methodology.
- Make sure your web hosting company provides adequate backup measures when your website malfunctions. Good hosts readily show their web security policies to emphasise their up-to-date security features.
- Purchase an SSL Certificate. SSL stands for Secure Sockets Layer. It ensures communication between your website and browsers is secure, and sensitive information pertaining to login details, cash card numbers, etc., is encrypted.
We talk at length about why an SSL Certificate is necessary for your website here.
- Verz Design’s web hosting package comes with free daily malware scans and removal, coupled with round-the-clock and up-to-date cybersecurity.
4. Backup your Website
Learning how to save the latest version of your website protects you from loss of important and sensitive data. The backup is a safety net for a recovery of your website, in the event that your web hosting company’s backup fails or is corrupted.
- Access your cPanel to ‘generate’ or recover a complete backup of the entire site.
- Perform regular backups and keep them in a safe and local storage until you need to upload your files back onto the server for security or maintenance purposes.
- Verz Design’s hosting services come with automatic weekly backups, enforced through our partnership with Vodien. We also advise that you clear your server of sensitive information every 3 to 6 months.
Prevention is Better than Cure
We believe that these recent unfortunate events highlight the importance of cybersecurity. It leads to awareness in cyber attacks before they manifest in more severe consequences, like leakage of highly confidential information.
In taking care of your website, and for that matter, your entire business infrastructure, your overall cyber defence should adopt several measures. These include using a trusted cybersecurity software, collaborating with a competent web hosting company, and good personal practices in safekeeping the privacy of information.
This greatly reduces the likelihood of encountering a cybersecurity breach. Should malicious breaches fall through the cracks, they can be better detected and contained in a controlled environment as well, minimising losses at the first line of defence.
Be it at a national or enterprise level of threat, the consequences of cyber attacks call for immediate action from SMEs and governments alike. If hackers possess the resources and technology to infiltrate into our national database, we need to step up and do what we can to protect ourselves.
The integrity of businesses is of utmost concern to Verz Design. We have always been firm advocates that there is no excuse for a poorly protected infrastructure when you can invest in long-term preventative measures.
Worried if you’re doing enough for your cybersecurity? For a non-obligatory consultation about our anti-hack solutions for websites, drop us a call at 6841 1680 or email us at [email protected]!