Internet security for websites is an important topic for business owners and the consumers who visit their sites. Security breaches on websites are an almost daily occurrence in the news and consumers are vastly more aware that even small sites with lax security could lead to major headaches for their private and financial data. A recent study found that 90 percent of consumers in the U.S. and the U.K. were worried about online security. To help assuage these fears, Google has embarked on a #NoHacked campaign to help webmasters get their sites fortified against potential cyber attack. Here are three of the things they’ve discussed so far that can help webmasters.
Basic Tools to Prevent Hacks
Google started their campaign by sharing a few common tactics that business owners should be using to protect their sites. These include basic things like, having a strong password, updating software and apps with latest security protocols and researching how a particular website host handles security issues. Handling these simple things at the start can help prevent many of the most common forms of cyber attack.
Google also notes their Search Console, which is Google’s way of communicating with website owners about issues on a site site including if Google engineers have detected hacked content. Similarly, webmasters can set up Google Alerts on a site to notify the administrator if there are any suspicious results for the site.
Two Factor Authentication
The time has come to show that relying solely on passwords to protect access to online sites isn’t necessarily an ironclad way to keep data safe. There are many ways cyber criminals can try to access a password locked account and for those who are willing to continually hammer at it, it’s only a matter of time before they break through the door. One way to fortify internet security for things like websites and apps for consumers is to use two-factor identification. Essentially, when someone tries to enter the password needed to access an account, they will also get a code sent to the user’s mobile device. Accessing the account requires the regular password as well as the randomly generated code sent to the user’s cell phone. This makes it harder for someone to access an account simply by deducing the password.
Google offers a few ways to do Two Factor Authentication, Google currently offers 2-Step Verification for all of its accounts, including accounts from Google Apps domains. Users can use their phone, a hardware token like a Security Key, or the Google Authenticator app to verify an account. These options give the consumer additional flexibility when traveling or when they don’t have access to the mobile network.
Phishing
This is the one of the most common forms of cyber attack because it requires very little resources and all the criminal has to do is wait for someone to take the bait. Phishing sites and emails mimic legitimate sites and trick consumers into entering confidential information like username and password into these sites. A common tactic is to pose as a site like Facebook and say they need to go a special address to fix some sort of issue.
While many people like to think they’re too smart to fall for phishing scams, a recent study from Google found that some phishing sites can trick victims 45 percent of the time. One way business owners can help protect their customers is by reminding them that official communication from the site won’s ask for certain kinds of information. Recently, the IRS has started sending out press releases that inform the public that the only way the IRS would contact them would be through the mail, and that any online or phone attempts to collect IRS debt are scams. Phishing is a really big problem, but proactively warning consumers can prevent some of the trouble.
For more information about things business owners can do to protect their site against potential security threats, read this article on why it may be time to abandon your Adobe Flash site.