Could Your Web Developer Be Putting Your Business at Risk?

January 12, 2007; 05:24 AM
Small businesses know that an online presence can increase profile, generate sales and position companies favourably against their larger competitors. Indeed, recent articles suggest that online retailers have had their best Christmas to date. But one IT security company warns small businesses to be aware of the potential opportunities that an incomplete or insecure website development can offer to a malicious hacker.

encription Limited, based in Worcestershire, is an ethical hacking specialist who test IT system vulnerabilities with the owners permission. They believe that you have to think like a thief to catch a thief. Tony McDowell, Director of encription says, “The sort of “open doors” that a web developer can unintentionally give to a malicious hacker often include placing details on the web site that would allow a hacker to find valuable information; hosting the web site on a server that is not secure; leaving comments in the web site program that tell the hacker how the site works or using easy to guess passwords. Unbelievably, the average hacker can crack a 4 digit password in less than 5 minutes.”

A recent survey of several web development companies [Source: InfoSec Institute/ FRIST] concluded that none of them considered security when designing a web site. This is not laziness; it is a lack of understanding of hacking. Learning how to use a web development tool takes time, but once learnt there are literally hundreds of companies looking to have a web site developed, and they often choose the lowest cost. But a little IT knowledge and some great artistic flair should not blind either customer or web designer to the inherent risks online.

Businesses planning to launch a website in 2007 should bear in mind the following “Top 5 Questions to Ask a Web Developer”, courtesy of encription. Their answer should be YES to all of them

• Do you know what code injection is and how to prevent it?
• Have you had your web hosting security tested?
• Is your password policy a minimum of 8 characters mixed upper and lowercase, numbers and letters?
• Do you ‘clean’ your code when you have finished building a site?
• Do you hash passwords in databases?

The “New Year’s Resolution” campaign, developed by encription, provides small businesses with a cost effective way to monitor their IT systems and ensure they are secure and protected. Often the weakest link in your security, and the one the illegal hacker will exploit, is your personnel. They can unwittingly divulge details of your system and its passwords.

For more details on the risks posed by a poorly executed website, top tips for excellent website development, and how you can protect your business with encription’s New Year’s Resolution, visit encription.co.uk or call 01905 754440 for a no-obligation consultation.