Most businesses in today’s internet driven world make sure they have a website without much thought to the benefits and dangers of website ownership. Often businesses are unaware of where their website is hosted or who controls it. This in itself can lead to disaster when it comes time to make changes but there are far greater risks for website ownership.
A common mistake businesses make is to think that just because they don’t use a website for money transactions, they don’t need to worry about internet security; this couldn’t be further from the truth. While websites that handle billing information do require a higher level of security all websites are vulnerable to attack. The most dangerous type of security breach and the one that gains the most media attention is when a website is hacked and information is stolen from it. This form of attack can happen when a website’s encryption software is lax or when a password file is left unprotected on a public server. Another form of attack is common among modern web2.0 websites.
Most modern websites make use of at least some dynamic user interaction content. This may come in the form of a Blog, a user forum or even a simple contact us form. All of these applications make use of either a database or a dynamic scripting language, both of which can be exploited. Code-injection type attacks are often carried out by automated bots and systematically test every aspect of a website looking for weakness. If a vulnerability is discovered the owner of the botnet could be granted access to a specific page of your website or gain control of your entire network.
While every website is slightly different most of the security concerns laid out above can be prevented. Proper SSL certificates for secured pages and the inclusion of form CAPTCHAs are two easy ways to improve the security of your website but optimum coverage you should have a complete network analysis.
Websites are designed to increase a company’s revenue either directly with online sales or indirectly as a marketing piece and so it is important to understand all threats. When it comes to hostile hacker attacks solid code and encryption are crucial but sometimes it’s just as important to ensure that you understand your webhost contract. Whether technical or analytical, ignorance is the greatest danger to website security.
– Richard Keene
IT Computer Support of New York
Design and Optimization Department