How to Protect Your Business from Malware

How to Protect Your Business from Malware

It’s an unfortunate fact of life that if you do any part of your business on the internet (even if it’s just a simple website or blog), then you’re at risk of an attack from hackers. While we tend to read about the large corporate hacking targets most often in the news and think of hacking only in terms of big companies, in truth every business with an online component is a target.

Even if your website doesn’t collect any personal information from your customers, or have any financial assets that could be stolen, it might still have value to hackers. For example, a hacker that compromises your website could gain access to your web server and use that server to send spam, store illegal files or engage in other illicit online activities.

Stay Current on Security Updates

Hopefully you’re already in the habit of staying current on all the security updates for whatever web platform your website is based upon. For example, WordPress users who stay up to date on all of the underlying security updates are generally quite safe.

But the current trend in web business and web commerce (a trend that is continuing to accelerate) is using custom functionalities and custom applications along with the standard web platform. For WordPress users, one common type of custom web application is a “plug-in” that’s used to provide a new function on the website. These plug-ins can take many different forms, and are currently being used by many websites.

WordPress Plug-In Safety

Many WordPress websites use plug-ins that are available either on WordPress’ own plug-in directory, or through the plug-in author’s own website. One advantage of sticking with plug-ins that are available through the WordPress plug-in directory is that you’ll be able to read feedback from other users who have already tried the plug-in.

For this reason, you might want to avoid using any new plug-ins until there is enough feedback for you to feel comfortable that any security risks are minimal. Positive feedback is certainly no guarantee of a secure plug-in, but that feedback should be helpful to your decision-making process.

If your custom application is truly custom (in the sense that you retain a programmer to build the application to your specifications), then the best way to protect your business is to be confident that the programmer or company that’s making the application for you is highly qualified and has created other secure applications in the past.

Test and Verify

In addition, if your business is large then you may have the budget available to hire a computer security consulting firm to review and verify the security of the code that makes up your custom applications. If you’re unable to hire a security firm to test the security of your custom applications, then you can gain some level of comfort by using the various open source tools that are available, including those at http://w3af.sourceforge.net and http://www.websecurify.com.

Because your web presence is so valuable, it’s ultimately up to you to be confident that whatever custom applications you include on your website don’t compromise your overall site security.

Share