Recently, several high profile websites such as Twitter and Facebook were victims of hacking – resulting in hours of downtime for the micro-blogging site, and significant delays on Facebook. These attacks followed a series of security hacks on websites this summer.
What can we learn from this?
- Poor web security has consequences.
- Online security matters.
- As individuals, we need to improve the way we handle security online.
Here are several security best practices we recommend to our web clients:
- Never store credit card data on your website. Use a reputable third party, Payment Card Industry Data Security Standard (PCI DSS) company instead. By doing so, you’ll save your company the risk of a security breach that could cost your company money in fines, repayment, or any number of lawsuits.
- Don’t use the same password on every account you have. Weak passwords are one of the greatest security weaknesses online. Your password should:
- Have a minimum of 8 characters
- Be a combination of letters, numbers, and punctuation
- Not consist of a real word
- Avoid using personal information such as your:
- Pet’s name
- Significant other’s name
- Street name
- Social security number
- Favorite color/number
- Not include any of the 10 most common passwords according to PC Magazine.
If having a wide variety of complex passwords seems daunting, we suggest you use a password management system such as http://www.keepass.info. This downloadable program enables you to use one secure master password to access your password list.
- Use caution with “secret” questions that can be used to recover or reset your password. Questions such as “What is your favorite pet’s name?” or “Where did you go to high school?” are answers that can easily be ascertained by someone you know or through your Facebook profile.
- At your business, limit internal access to passwords. Only the appropriate person should have access to passwords or secure areas of your website – other members of the company should not have access.
- Work with reputable vendors who are committed to web security. Questions you should potential web service providers include:
- What security measures do you have in place to prevent hackers from accessing my website?
- Do you have your own dedicated servers?
- Do you maintain a firewall?
- Do you encrypt passwords in your database?
At Metro Studios, we take web security very seriously. We never store credit card information, and your secure information is always encrypted. We also stay on top of the very latest hacking and security trends to ensure that everything we build is airtight against potential security threats.