[BreachExchange] 3 Basic Practices for Cleaning Your Website Security Strategy

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jun 28 21:02:27 EDT 2018


https://www.smallbizdaily.com/3-basic-practices-cleaning-
business-website-security-strategy/

Now that summer is upon us, small businesses have the perfect opportunity
to revisit and reset their website security initiatives. Taking the
seasonal opportunity for a summercleaning of your website security should
be on every business owner’s radar.

Summer clean to protect your business

A cyberattack can be devastating for a small business, so auditing your
website’s security measures is vital. Although it requires sufficient
resources and knowledge to keep your security strategy up to date, it’s
imperative that businesses make the investment. According to Ponemon
Institute, cyberattacks cost SMBs an average of $1,207,965 in the year
following a breach.

While the coming season makes for a good excuse to revamp your site’s
security strategy, SMBs should prioritize website maintenance and security
audits at least once each quarter. The average website experienced 44
attacks per day in Q4 2017, so while this maintenance can seem tedious for
a busy business owner, it’s vital to keep your security efforts updated and
running efficiently.

Where to focus your efforts

When summer cleaning your website security strategy, the goal should be to
cover all bases. A good place to start is with the following basic
practices:

- Update user permissions list: Reviewing the list of all users with
website editing privileges should be one of the first tasks on your summer
cleaning list. It’s likely that list contains users who no longer need
access, such as contract workers or former employees. As a best practice,
always remove any unnecessary editors to ensure that only relevant and
authorized employees can access website controls. Regularly updating this
list should become a standard practice.
- Automate patching updates: Patching is a golden rule in the website
security realm. However, many small business leaders struggle to keep up
with patching updates, leaving content management systems (CMS) and other
tools vulnerable to attack. Last year, 55 percent of infected WordPress
sites were not running the most up-to-date and patched version of the CMS.

The easiest way to avoid the nightmarish situation of a compromised site is
to automate your patching updates. By working with an outside security
expert or implementing a dedicated security solution, small business owners
can make sure patches are never missed.

- Remove obsolete data and applications: Data and applications that are no
longer needed can present a significant website security risk to small
businesses. If this information were compromised by cybercriminals, they
could use it maliciously against you or your customers, so it’s best
destroyed. For example, if you decide to switch your email newsletter
platform, be sure to remove its plugin from your site. Allowing it to sit
unused and fall behind on updates puts loyal customer data at risk.

Some industries and companies have regulations or policies requiring data
be retained or archived, so be sure to confirm that it is within company
policy or government regulations to delete any data or information before
doing so.

Small business owners already have a lot on their plate. Too often, website
security doesn’t make the to-do list. Unfortunately, a security breach
could spell major trouble in terms of lost revenue or reputation damage, so
frequent cleaning of your website security must become a standard practice.
Creating and adhering to a website security maintenance plan will ensure
that your site is secure while supporting your brand value and overall
business success. What better time to get started than this summer?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180628/354fcc84/attachment.html>


More information about the BreachExchange mailing list