If your business made it through the past year without a breach, congrats! It was a tough one for site publishers around the world. Countless records were lost and hundreds of millions of individuals had personal information stolen.
But there’s no rest for the weary when it comes to website security. At Black Raven Digital, we’re on-hand to answer your website security and compliance questions – or at least point you to someone who can.
Let’s start with a peek at what to expect in 2020 (hint: it’s a lot more of the same).
If your site has entry fields (to collect email address or payment data), it’s susceptible to SQL injections. Hackers can use form fields to access or even manipulate your site’s databases. They do this by injecting malicious code into a form that makes it do something you didn’t intend for it to do, like extract your customers’ private information.
There are ways to prevent SQL injections that are fairly easy to execute if you know what you’re doing – parameterized statements and object relationship, for instance. Keeping your site up to date, configuring proper error reporting and living by the principle of least privilege are also good places to start. (No idea what we’re talking about? No sweat. we’d be happy to talk you through it).
Cross-site Scripting (XSS)
Cross-site scripting is an attack method hackers use to redirect users to sites that make it possible to steal data. The goal is to steal a login credential, or get the user to connect to a site that will allow a hacker to run malware scripts.
But that doesn’t mean it isn’t your problem. Cross-site scripting stems from a vulnerability on your site that lets a hacker inject client-side scripts. In other words, if it’s affecting your users, then it’s your problem.
Beware of becoming a phishing victim (for instance, be suspicious if you get an email asking you to reset your password).
And beware of accidentally propagating phishing pages. Hacked websites are often used to launch phishing campaigns that deceive users – your users – into giving away sensitive information.
Make sure you’re exercising good judgment on your end, and that you’re using security plugins to protect your site and its users. And if you have questions or concerns, we’re happy to help. Security by design is one of our core values here at Black Raven Digital.