In mid-May, a massive, unprecedented worldwide cyber attack left hundreds of thousands of computers crippled in over 150 countries. The WannaCry ransomware attack used stolen NSA technology to spread throughout the internet and demand ransom from users in the form of Bitcoin, temporarily halting the daily functioning of major organizations like the NHS in Britain, Russia’s Interior Ministry, and more.
While Microsoft did take precautions by releasing recommended security updates and patches to their network prior to the debilitating hack, many organizations were left vulnerable simply because they neglected to address these updates within their own systems. Whether this is due to a deprioritization of digital security requirements or even a lack of available resources, the global cyber attack highlighted the extensive vulnerabilities within an astonishing number of high-profile organizations. WDG’s development experts break down some of the top ways organizations in any industry can manage proper digital security.
1. Choose Your CMS Carefully
Using a solid website content management system (CMS) with a wide community of contributors and vast network of developers can help ensure greater site security. With platforms like WordPress and Drupal, clients are setup on a highly-supported, curated, and well-maintained open source CMS. These offer massive manpower to ensure timely software updates and security patches, as well as allow organizations to benefit from the collective genius of their expansive development communities. Not sure which CMS is best? Check out our extensive breakdown of different options and learn how to choose the best CMS for your organization here.
2. Keep Everything Up-to-Date
Plugins are vitally important for keeping websites ahead of potential security breaches. Ensure the ability to create and utilize custom plugins to reinforce site security, such as those that block particular IP addresses. Equally important, developers must also practice up-to-date coding and development standards, and should use modern versions of platforms such as PHP and Apache. WDG developers, for example, use only coding structures and syntax patterns that have been proven secure and effective in order to maintain industry best practices.
3. Maintain Best Practices
Sites should be maintained by enforcing modern cryptographic suites using updated algorithms as recommended by Mozilla. WDG’s team also strictly enforces SSL protocol; this means the site has a valid SSL certification with https protocol, preventing non-secure web browsing and transactions for user logins and other site transactions.
4. Leverage Industry Knowledge
It’s important to use key services from proven vendors to help maintain site security. For example, our knowledgeable development team can make informed recommendations to help clients choose appropriate services that best prevent security breaches, such as Cloudflare, certain IP bans, set up for content delivery, load balancers for the server, and more. We can help identify and integrate key plugins for site security or analytics, as well.
5. Value Vendor Relationships
Vendor relationships should be reliable and provide direct value for the client. WDG’s development team maintains direct relationships with several major vendors, for example, ensuring direct lines of contact for clients. It’s important to leverage these connections to benefit clients directly. Post-launch support services, for example, allow us to maintain site stability and safety through one-on-one relationships with vendors like Blackmesh and Pantheon.
Monitoring site uptime with a systematic approach is equally intrinsic in maintaining site security after launch; if the site were to go down, an organization should have the ability to be in immediate contact with the host to help resolve the issue. WDG’s development team continually monitors site status, and are logged into the system directly to help address any issues that may arise.
6. Ensure Post-Launch Support
Once the site launches, it’s vital that clients have an easily accessible resource for any needs that may arise. Services range from maintenance and updates to scheduled enhancements and improvements. At WDG, these cover a gauntlet of options, including regular, in-house database backups, keeping plugins up to date, and keeping track of new plugin and module versions while executing updates accordingly.
Maintaining a strong knowledge base, best practices, and close vendor relationships will help ensure site security. By repositioning site security as a primary concern and following these best practices, any organization can stay ahead of major breaches and protect site integrity continuously.