{"id":5678,"date":"2018-01-08T12:10:48","date_gmt":"2018-01-08T17:10:48","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=5678"},"modified":"2018-01-08T23:54:21","modified_gmt":"2018-01-09T04:54:21","slug":"top-5-website-security-myths-leave-behind-2018","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/top-5-website-security-myths-leave-behind-2018\/","title":{"rendered":"Top 5 Website Security Myths to Leave Behind in 2018"},"content":{"rendered":"<h2>Here are five security principles you need to rethink in the new year.<\/h2>\n<p>Stop me if you\u2019ve heard this lede before: the internet is evolving and so too is cybercrime. I know, right? That\u2019s like, every single cyber security article you\u2019ve ever read. Ever.<\/p>\n<p>But here\u2019s the thing, it\u2019s kind of true. Whereas once cyber criminals were relegated to a niche part of our Hollywood collective consciousness, now hacking and cybercrime is at the forefront of our attention span. We\u2019ve had high a number of hacks against the private sector. And despite the protestations of the current administration, pretty much anyone that knows their elbow from their rear end can tell you that Russia hacked the United States\u2019 2016 elections.<\/p>\n<p>It\u2019s a lot to swallow, and it\u2019s not going anywhere anytime soon. Just as in the years previous, cyber security continues to be a game of cat and mouse. Pretty soon they\u2019ll be AI-powered cat and mice. The stakes just keep rising.<\/p>\n<p>So what are some steps you can take to stay safe in 2018? Here are five website security myths that need to be left in 2017:<span id=\"newline\"><\/span><\/p>\n<h2>5.) Small Business Owners Are at Less of a Risk of Being Hacked<\/h2>\n<p>No. While you can certainly filter some evidence to say that statistically a small business has a lower chance of being hacked than a major corporation, that&#8217;s misleading. Small businesses are at an even greater risk when it comes to hacking. That comes down to resources.<\/p>\n<p>But let\u2019s start from a numbers standpoint, more than half \u2013 62% \u2013 of all cyber attacks launched are aimed at SMBs per IBM. Per Symantec, while 90% of major corporations have been targeted. 74% of SMBs have too. And then there\u2019s this damning statistic from the National Cyber Security Alliance, 60% or 3 out of every 5 small businesses that suffer a cyber attack end up shuttering within six months of the incident.<\/p>\n<p>Hackers know that while larger companies could make more lucrative targets, they\u2019re also more well guarded and easier to get caught hacking. Smaller companies may lack those same resources making them steadier targets. Don\u2019t fool yourself into think you\u2019re too small to get hacked. You\u2019re not.<\/p>\n<h2>4.) Your Employees Can\u2019t Impact Your Network or Website Security<\/h2>\n<p>While I feel like this myth has been <a href=\"https:\/\/www.thesslstore.com\/blog\/report-biggest-cyber-security-threat-employees\/\">thoroughly debunked<\/a>, apparently some companies still don\u2019t realize that their employees are actually one of the biggest threats to their network and website safety. That\u2019s not said in a malicious way about your employees, either. It\u2019s just that people are <del>stup<\/del>\u2014prone to occasional bouts of carelessness.<\/p>\n<p>Part of this stems from a misperception on the employee level that enough has been done from a company standpoint already. If it\u2019s gotten through your company\u2019s firewall and spam filters, it\u2019s probably safe, right? <em>Plus it says it came from my co-worker, so I\u2019m just going to click\u2026<\/em> Chalk it up to simple ignorance or poor training, but many employees don\u2019t even realize that they could imperil their company with something as meaningless as clicking the wrong attachment.<\/p>\n<p>But make no mistake about it, your employees are a huge threat. Just this past weekend, the state of <a href=\"http:\/\/www.baynews9.com\/content\/news\/baynews9\/news\/article.html\/content\/news\/articles\/ap\/2018\/01\/05\/Florida_hack_exposed_files_of_up_to_30_000_Medicaid_patients.html\" rel=\"nofollow\">Florida had to disclose a breach of over 30,000 Medicaid records<\/a> after someone at the Agency for Health Care Administration accidentally fell for a phishing email. This sort of thing happens all the time. Don\u2019t assume your employees understand the intricacies of web security on their own, train them, talk to them about it regularly. And be realistic about what you can and can\u2019t reasonably expect of employees from a security standpoint.<\/p>\n<h2>3.) A Firewall and Antivirus Software is Enough<\/h2>\n<p>Sadly, those days are over. We\u2019re entering an era of comprehensive web security as a service. You\u2019re already seeing a number of major players like Venafi and Comodo move into that space and it\u2019s hard to argue with the new technology&#8217;s benefits. For starters, the cost of staffing an effective in-house security team, for companies of all sizes, is staggering. We\u2019re talking purchasing hardware, hiring and training staff and then maintaining everything on your own.<\/p>\n<p>SaaS products are helping companies and organizations avoid those costs by essentially out-sourcing everything. That\u2019s because nowadays you need more than just a simple firewall and some antivirus software. You need 24\/7 monitoring, malware detection and removal, it\u2019s probably smart to have a good CDN for better security and performance, plus you\u2019ll need to have a Systems Incident and Events Management team for any major crises.<\/p>\n<p>Just go back and reread that last sentence or so. I admit it\u2019s a run-on, but that\u2019s done for the effect. That\u2019s all the stuff you\u2019d need to pay for on your own to have sufficient security in-house. Or you could pay pennies on the dollar and outsource it to a reputable security company. In 2018, a Firewall and Antivirus Software is no longer enough, it\u2019s time to invest in security-as-a-service.<\/p>\n<h2>2.) Your Password is Strong Enough<\/h2>\n<p>How is it that the internet can convene and decide on <a href=\"https:\/\/emojipedia.org\/hamburger\/\" rel=\"nofollow\">a set of standards for something as trivial as the proper order of ingredients on a burger emoji<\/a>, but establishing consistent standards for good password hygiene eludes us? If you do some research on passwords you\u2019ll read a whole bunch of random advice that all seems to contradict itself.<\/p>\n<p>Let\u2019s start with what not to do: don\u2019t pick something easy and use it for all of your accounts. Yes, I know that\u2019s so much simpler. And who wants to remember a bunch of different passwords for a bunch of different accounts?\u00a0 Here\u2019s what I\u2019ll say, understanding that I\u2019m not going to convince a lot of you to use different passwords, make sure the one you do use is substantially difficult to guess. And not just by a person, but by a brute force attacker. I go for long random strings of numbers, letters and symbols. Avoid words all together.<\/p>\n<p>And remember, if you\u2019re reusing passwords, anyone that steals yours has access to all the other accounts that also use that password. For companies, the better solution is just to use a password generator like LastPass to protect your site.<\/p>\n<p>Also, don\u2019t stop at just a password. Always enable two-factor authentication. I\u2019m not going to lie to you, 2FA adds additional steps and can even be considered\u2026 annoying. But it\u2019s also an extremely important layer of protection that you can no longer afford not to make use of.<\/p>\n<h2>1.) \u00a0If you don\u2019t store customers\u2019 credit card info, you don\u2019t need an SSL\/TLS Certificate<\/h2>\n<p>I have literally written a book\u2019s worth of material on this exact subject. And I mean literally. Grammar.ly sends me a report every week that tells me just how many thousands of words I\u2019ve devoted to this subject. Thousands upon thousands of words. The creative writer inside of me is dying in the most agonizing fashion.<\/p>\n<p>But let\u2019s talk about SSL.<\/p>\n<p>Yes, it\u2019s true that SSL was once a product designed more for e-commerce and websites that collected personal information. That\u2019s because an SSL Certificate is essentially a piece of software that you install on a web server to protect communication. Once installed and configured properly, the certificate enforces secure HTTPS connections that prevent the data being transmitted within from being stolen or manipulated.<\/p>\n<p>You could see why this sort of thing would be important for financial transactions and medical records and that sort of thing. Well, the browsers \u2013 led by Google and Mozilla \u2013 have determined that HTTPS should be the new standard for the internet. Or, to put it another way, all connections made between websites and the people that view them should be encrypted\u2014they should all be secure.<\/p>\n<p>It makes sense, but it\u2019s also going to cause a fairly massive shift on the internet. As of right now the research varies on how much of the internet is encrypted, but suffice it to say a sizeable chunk of the internet is not currently using an SSL certificate. And that\u2019s going to become a problem sometime around March or April when Google Chrome begins to mark any website still making HTTP connections as \u201cNot Secure.\u201d<\/p>\n<p>And nothing is going to crater your website\u2019s business like a highly visible browser security warning that says your website is \u201cNot Secure.\u201d<\/p>\n<p>So in 2018, regardless of what kind of personal information you\u2019re storing and processing, you need to add an SSL\/TLS Certificate to your website.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here are five security principles you need to rethink in the new year. Stop me if you\u2019ve heard this lede before: the internet is evolving and so too is cybercrime&#8230;.<\/p>\n","protected":false},"author":6,"featured_media":5679,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16],"tags":[179],"class_list":["post-5678","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","tag-ssl-certificates","post-with-tags"],"views":10786,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/01\/iStock-869726394.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/5678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=5678"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/5678\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/5679"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=5678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=5678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=5678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}