• Juvo • March 15, 2022
In 2021, business organisations worldwide saw a staggering 40% increase in cyberattacks over the previous year. By September 2021, the average weekly number of attacks on individual organisations globally reached its peak with over 870 attacks.
Ireland, of course, hasn’t been immune to this effect either.
In May 2021, the HSE and the Department of Health both fell victim to sophisticated ransomware cyberattacks believed to have originated from well-known hacking groups based in Russia.
In both cases, their IT systems were completely shut down nationwide, causing losses of up to €100 million.
The Growing Importance of Cybersecurity
According to figures from Statista, with the ever-increasing threat of cyberattacks on a global scale, the international cybersecurity market is expected to grow to over €300 billion by 2026.
With the Russian invasion of Ukraine also leading to a 25% jump in cyberattacks around the world in the last two weeks, 2022 is already shaping up to be a challenging year for IT security.
How to Protect Your Business – Starting with Your Website
When it comes to protecting your business from potential cyberattacks, securing your website is often the very first step.
Here’s how to ensure that your website is secure:
• Install Core Content Management System (CMS) Updates
Failing to update your website’s core CMS software (WordPress, Magento, Laravel, Wix, Squarespace, etc.) can provide easy access for hackers – 44% of successful attacks on WordPress websites were because of an outdated WordPress core.
To patch potential vulnerabilities, WordPress releases multiple core updates every month. Without them, attackers may be able to contaminate outdated sites with phishing exploits and malware, among other things.
• Third-Party Plugin Updates
Improperly managed third-party plugins can provide another point of entry for attackers to compromise your site. Similar to keeping the core website secure, updating plugins will also make sure that potential vulnerabilities are flagged and fixed whenever necessary.
• Server patches
Sever patching adds necessary fixes and updates to your servers e.g., web servers and Microsoft Exchange servers, should be performed routinely to minimise risks and maximise security.
A 2019 Ponemon Institute and ServiceNow study found that of surveyed businesses who had suffered a data breach, 60% said these breaches likely occurred because a patch was available for a known vulnerability, but was not applied.
• PHP Version Updates
PHP is a programming language used by most websites for server-side webpage creation.
PHP is never actually ‘seen’ by the end client as it’s used to perform backend calculations, data retrieval, etc. on the server. It’s always important to update PHP to ensure that you’re running a version that’s fully supported and regularly patched for security vulnerabilities.
• Password Security
Using unique individual admin passwords for your site isn’t enough. In order to secure your login details from would-be hackers, you’ll need to come up with complex, random passwords and ensure to store them outside of the website’s directory.
• Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA) helps to add an extra layer of security to your logins. With 2FA, even if someone gains access to your password, they’ll still need access to a second factor – usually one-time passwords (OTPs), security tokens, or fingerprint verification – to approve the login.
• SSL Certification
An SSL certificate confirms that your website is secure and that it’s able to transfer encrypted information between your server and a user’s browser. Expired SSL certificates make it easier for hackers to launch ‘man-in-the-middle’ attacks, as well as phishing attacks and data breaches.
Need Help?
At Juvo, our team of experts maintain due diligence around all of our client sites via our website hosting, support, email and spam security, and maintenance agreements – making sure your website, and your clients’ data, is safe and secure in this new world of daily cyberattacks.
Would you like to learn more? Simply send us a message, or call us directly on (+353) 1 525 2534 to talk to us about your website security today.