Many jewellers and other retailers saw an increase in online purchases during lockdown and it now appears that this trend is continuing post-lockdown, potentially signalling a long-term change in the way consumers shop. With this in mind, your websites security is now more important than ever. Cyber-criminals are constantly looking for improperly secured websites to attack, while many customers say website security is a top consideration when they choose to shop online. As a result, it is essential to secure servers and the network infrastructure that supports them. The consequences of a security breach are substantial: loss of revenue, damage to credibility, legal liability and loss of customer trust.
Web servers, which host the data and other content available to your customers on the internet, are often the most targeted and attacked components of a company’s network. By securing your web server, you protect customers and prospects that use your company website. The following are examples of specific security threats to web servers:
Take the following five steps to protect your company from the threats listed above.
Step 1: Form a plan and utilise the right people.
Because it is much more difficult to address security once deployment and implementation have occurred, security should be considered from the initial planning stage.
Businesses are more likely to make decisions about configuring computers appropriately and consistently when they develop and use a detailed, well-designed deployment plan. Developing such a plan will support web server administrators in making the inevitable trade-off decisions between usability, performance and risk.
Make sure to define appropriate management security practices, such as identification of your businesses information system assets and the development, documentation and implementation of policies, as well as guidelines to help ensure the confidentiality, integrity and availability of information system resources.
Businesses also need to consider the human resource requirements for the deployment and continued operation of the Web server and supporting infrastructure. Consider the personnel you will need on your team—for example, system and Web server administrators, webmasters, network administrators and information systems security personnel. Additionally, consider the level of training (initial and ongoing) that will be required to maintain this team.
Step 2: Ensure that web server operating systems and applications meet your security requirements.
When securing a web server, you must first secure the underlying operating system. Most web servers operate on a general-purpose operating system. Many security issues can be avoided if the operating systems underlying web servers are configured appropriately. Default hardware and software configurations are typically set by manufacturers to emphasise features, functions and ease of use at the expense of security. Because manufacturers are not aware of each organisation’s security needs, web server administrators must configure new servers to reflect their business’ security requirements and reconfigure them as those requirements change. Take the following steps as appropriate to your business:
Step 3: Publish only appropriate information.
Company websites are often one of the first places cyber-criminals search for valuable information. Still, many businesses lack a web publishing process or policy that determines what type of information to publish openly, what information to publish with restricted access and what information should not be published to any publicly accessible repository. Some generally accepted examples of what should not be published or what should at least be carefully examined and reviewed before being published on a public website include the following:
Step 4: Prevent unauthorised access or modification on your site.
It is important to ensure that the information on your website cannot be modified without authorisation. Users of such information rely on its integrity. Content on publicly accessible web servers is inherently more vulnerable than information that is inaccessible from the internet, and this vulnerability means businesses need to protect public web content through the appropriate configuration of web server resource controls. Examples of resource control practices include the following:
Step 5: Protect and monitor web security.
Maintaining a secure web server requires constant effort, resources and vigilance. Securely administering a web server on a daily basis is essential. Maintaining the security of a web server will usually involve the following steps:
Taking proactive measures to secure your website by carefully setting up and maintaining your web server can save your business from experiencing crushing losses of revenue, customer loyalty and proprietary information.