Credit reporting agency Equifax has suffered, perhaps, the most serious hack in history. Information regarding an estimated 143 million has been compromised. What’s worse, it’s already been spread across three countries. More shockingly, Equifax sat silent on the hack for over a month, leaving millions of people exposed. Sure, there will be lawsuits. And hopefully those lawsuits will set forth some better requirements moving forward. This will probably cost Equifax billions of dollars before things settle down.
However the Equifax hack drives home a more serious concern: your website and the data of your users is at constant risk. What are you doing to help keep it secure? Unscrupulous hackers are constantly probing for weaknesses, hoping to exploit vulnerable data. While the Equifax hack will eat up headlines, such massive hacks are relatively rare. However, smaller websites are constantly at risk. Google has found that hacks increased by 32% in 2016 over 2015, and currently the search engine is blacklisting as many as 20,000 websites a week for being infected with malware.
Webmasters and developers who don’t take the time to secure their websites are at constant risk of being hacked. Sure – you are probably keeping backups of your website, but what are you doing about the data your website collects? These days it is especially important to protect any sensitive user data that you are collecting, even if that simply means email addresses and passwords. Equifax, for example, is now facing a $70 billion dollar class action lawsuit, along with countless other lawsuits. See – when you collect data from your website users, you are responsible for making sure that that data is secure. So – I wanted to put together some tips for all webmasters out there to help ensure that your website, and the data it collects, is safe and secure.
Make sure your website and any add-ons (such as plugins) are up-to-date. Many hacks occur because of old code and webmasters failing to address vulnerabilities with a simple update. When designing a website, it’s best to use as few plugins as possible, and to use only trusted software providers – but let’s face it. That’s not always the case. Sometimes you color outside the lines – and that means it’s your responsibility to keep things updated.
Use Two Factor Login
Two factor login does exactly what it sounds like it does. It makes whatever you are logging into require two steps to log in. So, you might type in a password, than have a text sent to your phone number. This text will obtain a code that you type in. Two factor logins can be hacked, but they are much harder to do. Also, make sure you have a strong password. By now, this should be common sense, but so many people continue to use weak passwords. No kidding, Equifax was using “admin” as its login and password in Argentina, leading to yet another data breach. By now, there are no excuses for weak passwords. Can’t come with up a strong password on your own? We gladly offer a free password generator you can use.
Use Secure Sockets Layer
Secure Sockets Layer (SSL) aren’t just for peace of mind. They are actually quite effective. A SSL will help ensure that data passed between the user’s browser and your website is secure. On your website, this will be referred to simply as HTTPS, and it should be set up site wide. Yes, implementing SSL costs a bit of extra money, but it is worth it.
Don’t Store Sensitive Data On Your Servers
The best way to protect data is to put it in cold storage, or to place the data under another service provider that protects its data. For example, if you are planning on running an eCommerce store, choose a payment processor that places a priority on securing payment information and data. Should a breach occur on the payment processor’s part, you and your customers may have legal recourse against the payment processor.
How to Protect Yourself from The Equifax Breach?
While the main purpose of this article is based on protecting your website, servers, and your users; I understand that a major concern for everyone following the Equifax breach is to protect themselves. As such here are some suggested steps you can take to protect yourself.
- Check the Equifax website to see if your data has been compromised:
- For those concerned about the possibility that using the Equifax website or the provided services limits their ability to participate in a class-action lawsuit against Equifax, you can rest easy. New York State Attorney General Eric Schneiderman has cleared this up:
— Eric Schneiderman (@AGSchneiderman) September 8, 2017
- Freeze your credit at each of the three major credit bureaus.
- Read the following articles for additional tips & information regarding protecting your personal data during the Equifax breach aftermath.