January 12, 2007; 05:24 AM Small
businesses know that an online presence can increase profile, generate
sales and position companies favourably against their larger
competitors. Indeed, recent articles suggest that online retailers have
had their best Christmas to date. But one IT security company warns
small businesses to be aware of the potential opportunities that an
incomplete or insecure website development can offer to a malicious
hacker.
encription Limited, based in Worcestershire, is an ethical hacking
specialist who test IT system vulnerabilities with the owners
permission. They believe that you have to think like a thief to catch a
thief. Tony McDowell, Director of encription says, “The sort of “open
doors” that a web developer can unintentionally give to a malicious
hacker often include placing details on the web site that would allow a
hacker to find valuable information; hosting the web site on a server
that is not secure; leaving comments in the web site program that tell
the hacker how the site works or using easy to guess passwords.
Unbelievably, the average hacker can crack a 4 digit password in less
than 5 minutes.”
A recent survey of several web development companies [Source:
InfoSec Institute/ FRIST] concluded that none of them considered
security when designing a web site. This is not laziness; it is a lack
of understanding of hacking. Learning how to use a web development tool
takes time, but once learnt there are literally hundreds of companies
looking to have a web site developed, and they often choose the lowest
cost. But a little IT knowledge and some great artistic flair should
not blind either customer or web designer to the inherent risks online.
Businesses planning to launch a website in 2007 should bear in mind
the following “Top 5 Questions to Ask a Web Developer”, courtesy of
encription. Their answer should be YES to all of them
• Do you know what code injection is and how to prevent it?
• Have you had your web hosting security tested?
• Is your password policy a minimum of 8 characters mixed upper and lowercase, numbers and letters?
• Do you ‘clean’ your code when you have finished building a site?
• Do you hash passwords in databases?
The “New Year’s Resolution” campaign, developed by encription,
provides small businesses with a cost effective way to monitor their IT
systems and ensure they are secure and protected. Often the weakest
link in your security, and the one the illegal hacker will exploit, is
your personnel. They can unwittingly divulge details of your system and
its passwords.
For more details on the risks posed by a poorly executed website, top
tips for excellent website development, and how you can protect your
business with encription’s New Year’s Resolution, visit
encription.co.uk or call 01905 754440 for a no-obligation consultation.
|