PROD

Live/Production Environment


Github


PHP error level (4983):
E_RECOVERABLE_ERROR,E_USER_WAR

SERVER OS: Linux ip-10-0-2-133 3.10.0-514.21.2.el7.x86_64 #1 SMP Tue Jun 20 12:24:47 UTC 2017 x86_64

SOFTWARE: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.31

PHP VERSION: 5.6.31

$_SERVER['HTTP_HOST']: prod.blog.melbourneit-aws.com

$_SERVER['SERVER_NAME']: prod.blog.melbourneit-aws.com

$_SERVER['PHP_SELF']: /index.php

$_SERVER['DOCUMENT_ROOT']: /mit-data-efs/www/html/prod.blog.melbourneit-aws.com

$_SERVER['HTTP_CLIENT_IP']:

$_SERVER['HTTP_X_FORWARDED_FOR']: 54.81.232.54

$_SERVER['SERVER_ADDR']: 10.0.2.133

$_SERVER['REMOTE_ADDR']: 10.0.1.188

$_SERVER['REMOTE_HOST']:

$_SERVER['SCRIPT_FILENAME']: /mit-data-efs/www/html/prod.blog.melbourneit-aws.com/index.php

$_SERVER['SCRIPT_NAME']: /index.php

$_SERVER['REQUEST_URI']: /security-tips-keep-website-protected-hackers/

$_SERVER['ORIG_PATH_INFO']:

$_SERVER['HTTP_REFERER']:

Blog home

7 security tips to keep your website protected from hackers

Written on 23 January, 2018 by Iona Yeung
Categories: NewsWebsite Security

The privacy and security of a website is critical for small businesses. It’s needed to protect your customer’s data but it also protects your website from data breaches and viruses. With cyber attacks on the rise, it’s now more important than ever to ensure you have security measures in place to protect your website. A business disruption can be a costly exercise.

60% of businesses who experience a cyber attack go out of business within 6 months.  If your website needs a security update, here are 7 things you can do now to safeguard your business.

1. Back up your data

What would happen if you lost all your business info i.e. customer contacts, invoices, emails…etc? Would you still be able to run your business? Whether it’s a virus or an accident with your computer, losing data is not uncommon. Back up your data at least once a month onto a hard drive and to an offsite storage service such as OneDrive (available with Microsoft O365), iCloud, Backblaze...etc.

2. Use HTTPS for your website with a SSL certificate 

If you accept online payments or receive personal information from your customers, a SSL certificate ensures all website traffic between your web server and user’s browser is secure and cannot be read. When your website has an active SSL certificate, you’ll see that your website address changes from HTTP to HTTPS.

website security tips3. Change your passwords

If you’re using one password for all your business logins, it’s time to change them. Ideally you should have a different password for every website you need to login to. Increase the strength of your passwords by mixing numbers, letters (lower and upper case) and symbols. Use unrelated words broken up with numbers and symbols i.e.“Hotel3Planet5iceCream!”. It offers the same level of complexity against computer attacks and much easier to remember. If you have trouble remembering all your passwords, consider using a password manager which keeps them protected and easy for you to access", says Fred Salem, Product Manager at Melbourne IT.

4. Keep your devices secured

These days your office isn’t limited to your desk. If you or your team receive work emails on your phone or tablet, have the security measures in place to prevent anyone accessing confidential data. Set up passwords for all your mobile devices and be ware of the files you download on all devices.

5. Software & system updates

Updating your anti-virus software may seem like a task that can wait but taking the preventative measures will save you from headaches in the event of a cyber attack. Anti-virus software detects potential viruses that can compromise critical business information. While you're updating your software, you'll also want to consider updating your systems and action the following

  • ensure your operating systems are up to date. The January 2018 Windows security updates are available now,
  • enable layers of protection on your server (this requires changes to your server and may require IT help),
  • apply firmware updates from your device manufacturers (firmware is the program used to run your device).

6. Be aware of phishing emails

If you have a work email, it’s likely you’ll receive unsolicited emails from time to time. However, there is a difference between spam and a malicious email. Phishing emails can come in the form of a request for payment, to open an attachment or to click on a link. Be aware of targeted attacks where a sender may pretend to use one of your internal addresses, these typically claim to be your internal IT or Security department. If you receive an email from an address you don’t recognise, do not open attachments or click on any links.

7. Educate your team

If you have a team, it’s important to educate them about website security and privacy. Host regular training to ensure they’re equipped with the knowledge to keep their work and personal devices secured. This is especially important if they work on laptops or their phones as that is often the weakest security point. Look into establishing a Bring Your Own Device (BYOD) policy to ensure external devices don’t compromise your network.