If you have been keeping abreast of recent developments in the news, you may have heard about the recent security breach of the JAMCOVID website.
For those who may be unfamiliar, here’s a quick synopsis:
The JAMCOVID app and website were developed by the Amber Group to process travel applications of incoming visitors, monitor COVID symptoms, and publish daily COVID-19 figures.
On Wednesday, February 16th, 2021, an American online publication (TechCrunch), discovered that the JAMCOVID website server was left unprotected without a password. The settings also made it possible for unauthorised persons to download and/or delete files. Ultimately, over 425,000 confidential immigration documents were left unprotected and accessible by the public.
While this seems to be an extreme incident of negligence, unfortunately, website security lapses and breaches are not as uncommon as you may think.
Here are some news headlines of recent local website security lapses:
- Hackers disrupt Build Expo, demanding US$3,000 ransom
- Two banks hacked
- JAAA website hacked
- Cyber vandals hack Louise Bennett's website
- Jamaica National hit by major cyber attack
- Government admits state websites were hacked
Of course, many other cyberattacks directly impact companies’ network infrastructure, causing disruptions to regular work operations.
Many seem to neglect the importance of airtight website security from the developmental stages. When website data is left vulnerable to unauthorised access, hackers, scammers, and identity thieves can easily damage your business’s overall integrity.
Nevertheless, there are things website owners can do to prevent these occurrences. Here are just a few:
An SSL certificate is crucial for eCommerce websites because it secures online shoppers’ data such as their address, credit card number, and contact details. Now, it’s increasingly critical for all websites to have an SSL certificate. Since 2008, Google included an alert in the Google Chrome update, which informs visitors if your website does not have an installed SSL certificate. Not only will this make your website vulnerable to hackers, but you will also likely to have a high bounce rate from visitors leaving an unsecured website.
Restrict File Uploading
It’s easy for intruders and hackers to attach malicious code to your website via uploaded files. For this reason, you should run virus scans on all files that are uploaded to your website. Additionally, you should limit the number of file types users can upload or, if possible, remove the option altogether.
Frequent Vulnerability Scans
Vulnerability scans can uncover hidden weaknesses in your website that might not be obvious but can quickly help hackers to destroy your site. Penetration testing is another excellent method of doing these tests. A simulated cyber attack is done in a penetration test to identify the site’s weak points, allowing you to address them before hackers do.
Limit Back-End Access/Developer Access to the Website
You should be extremely cautious when choosing to grant back-end access to your website. The more persons with admin access to your website, the higher your website’s chances of being penetrated. If it is not necessary for an employee to access your website’s back-end, then you should not grant them access. When you do grant access, make sure the access is limited by role and content type.
Ultimately, when it comes to developing and maintaining your business’s website, you want to choose the best team to get the job done. Website security should always be at the forefront of such endeavours, as this protects your customers’ identities and, most importantly, your business’ integrity. The seemingly high costs of developing a secure website is negligible compared to the costs of legal fees, repairs and data recovery if you fall victim to a hack or leak.
If you would like to find out if your website is secure, click here to take a quick assessment.
Website Security Quiz