Online security is more relevant than ever. Worldwide, companies and governments are confronted with the threat of cybercriminals, and consumers are also regularly targets of hackers. This week it is Cyber Security Week And last weekend, the House of Representatives announced that a new knowledge center will be established in 2018 to enhance the digital security of companies.
A knowledge center for vital sectors (such as energy and telecom companies), the National Cyber Security Center (NCSC), already exists, but SME entrepreneurs cannot turn to it. Because these companies are increasingly struggling with digital attacks and, according to caretaker Minister of Economic Affairs Kamp, there is insufficient awareness of the dangers and protective measures, the Digital Trust Centre will open next year.
Moreover, new European privacy legislation will come into force in 2018. The General Data Protection Regulation replaces the current Personal Data Protection Act and imposes additional obligations on companies, including in the areas of data breaches, ICT, training, and personal privacy. Companies that do not comply with the rules as of May 25, 2018, risk substantial fines.
Today's digital age presents us with promising opportunities, but cybercrime is a downside to this. At Best4u, we know that virtually every online product is at risk. Cybercriminals strike and cause damage through ransomware, malware, SQL injections, and DDoS attacks. Without the right countermeasures, your WordPress website will not escape the cybercriminal's sights either. Meanwhile, regulations are being significantly tightened: not only large companies but also SME entrepreneurs are expected to have digital security and everything associated with it in order.
What's next?
Okay, it is clear that as an SME you need to take action (and shouldn't wait too long to do so). But what can you do to reduce the risks of cyberattacks and comply with all regulations? Cybersecurity has been a priority for Best4u since our company was founded 13 years ago. We closely follow the continuous developments in the field of online security. This enables us to keep your online product optimally secured and protected against cyberattacks using various measures.
We have bundled all these measures and associated activities into our security & support package. To inform you as thoroughly as possible, we explain in detail in this article what the dangers and our solutions are, and of course you can contact contact us for additional information. Read on for more information about this package.
The dangers and Best4u's solutions
Updates
WordPress is an open-source CMS, which means that developers not only regularly develop new plugins but also work daily on developing updates for the system in terms of security, speed, and user-friendliness. These updates must be implemented to ensure that a website continues to function optimally. An unmaintained WordPress website will eventually be used by hackers to send spam into the world using your website as the sender. Hackers can also take your website offline, insert strange characters, or create extra pages with advertisements for products like Viagra. As a company, you naturally do not want this. However, blindly clicking the update button is not wise. It can even cause your website to go offline.
Therefore, Best4u first performs a risk analysis before every update. This involves examining the new information being offered and whether that information is safe for the website. Only when any potential risks have been identified can a website be updated safely.
Backups
Imagine that, unexpectedly, your website gets hacked, crashes while updating WordPress or a plugin, or you make a mistake. In such cases, a backup ensures that your website is back online quickly. We therefore recommend making a daily backup of your website. This can be done in various ways within WordPress. However, most people are unaware of this. That is why we offer you a backup service at Best4u. This way, you can be sure that, should something unexpectedly go wrong, you always have a backup available that we can restore for you, ensuring you are back online quickly in emergencies.
Plugins
Another danger is posed by downloading plugins. Plugins allow you to add functionalities to your website. Officially, there are nearly 52.000 plugins for WordPress, and beyond that, there are thousands of unofficial variants. Plugins can expand and enhance your website tremendously, but a check is necessary here as well. After all, it is never entirely predictable how a plugin interacts with a theme or with another plugin. It is also a risk to directly update old software that has already skipped several newer versions.
To recognize the risks of updating WordPress, resolve potential issues, or revert to an older version of the website, some knowledge of CSS, HTML, MySQL, PHP, the administration environment (e.g., DirectAdmin or cPanel), phpMyAdmin, and FTP is required. It is therefore advisable to have Best4u install any plugins you wish to add to your website.
SSL
An SSL certificate provides visible security for your website. With an SSL certificate, you encrypt the data traffic between the browser and the server so that confidential data is protected and cannot be intercepted. Websites with an SSL certificate can be recognized by the green padlock in the address bar. At Best4u, we provide websites hosted with us with an SSL certificate by default.
Monitors & scans
Keeping your WordPress website up to date is an important first step to strengthening your website's security. In addition, there are many more measures that ensure malicious actors will not 'abuse' your website. By monitoring your website and performing regular malware scans, we keep a close eye on your website's security. We use the CXS malware scanner to scan files from the server for malware.
A hacked website costs money and time, but on top of that, you can also end up on Google's blacklist. As a result, your website becomes practically unfindable on the internet. To prevent this (and to be able to resolve it quickly), monitoring and scanning your website is indispensable.
Server-level attacks
At Best4u, we are responsible for a very large number of live websites. These websites all run on servers that must process multiple attacks simultaneously at virtually any time of day. Therefore, we must continuously detect and block attacks at the server level as well. These attacks are diverse, but can be categorized into groups, measures, and the interests of the initiator. Often, the initiator aims to uncover known weaknesses through the attack, such as outdated software and common passwords.
Our servers are managed by managed hosting partner Rootnet. Through the following measures, among others, they ensure, in cooperation with us, that attacks at the server level are detected and blocked.
Analyzing traffic
By analyzing website traffic using software, Rootnet monitors whether recognizable patterns occur in that traffic. A recognizable pattern can occur, for example, if a computer repeatedly tries out passwords on a website's login page. The computer in question (IP address) is then blocked for a period of time via a firewall. This automatically cancels the attack. Using this technique, several dozen new computers/IP addresses are blocked per minute.
Recognizing malware
Rootnet maintains a database containing over 100.000 previously recognized malware or viruses. Every new file created on the server, such as an added photo or a page expansion, is scanned at lightning speed to check for patterns that match a virus or malware in the database. Upon detection, Best4u is notified. We will then investigate the file further and, if necessary, remove it immediately.
DDoS protection
DDoS (Distributed Denial Service Attack) attacks are attacks in which hundreds of computers simultaneously access the same website(s). Simply put, the server becomes so overloaded with traffic to that website that all other traffic to the server is brought down. Rootnet employs multiple defensive techniques to detect and prevent such attacks.
One of these techniques makes it possible to redirect all internet traffic to a server via a 'washing station' upon detection of a DDoS attack. This 'washing station' contains specialized equipment from various manufacturers that strips the internet traffic of DDoS traffic, after which the traffic is forwarded to the server. Because this switching process occurs automatically during an attack and takes only a few seconds, website users often notice hardly anything of such an attack.
24/7 Managed
Monitoring is active 24 hours a day, and dozens of points are measured on our servers. If anomalies are detected, a Rootnet engineer receives a signal. In this way, attacks that are not automatically recognized can still be blocked at an early stage. Attack techniques change continuously, making it always necessary to manage and monitor servers 24/7.
Want to know more?
Ensure today that you protect your online product against dangers such as DDoS attacks, malware, and other harmful practices, and choose security & support from Best4u!
The support and security experts at Best4u can tell you much more about the measures needed to protect your online product. Would you like to know more about this, or are you interested in a security & support package? Please feel free to contact us. contact contact one of our advisors on 0575 512 125 or email to support@best4u.nl.