Website Security Software

If you run a web site you know how important it is to protect your website. Your reputation, your business and your client's business depends on it.

These software are complex, and require loads of reading to do. They may be fine for big companies with technical staff to do but for a small business it is onerous.

The hosting companies do not really provide any security.

There is also the issue of application level security - let us suppose you have installed popular services like Drupal, Zencart, or phpBB. All of these have security issues, some of which are known and get patched in the latest releases of software. It is an onerous task to keep up with the latest releases, patch them and still make sure that your site is working.

You can get security audit company to do auditing. Two issues, such audits are expensive and offer no fool proof guarantees.

A similar issue exists with regulatory compliance with standards like PCI-DSS. Such regulatory compliance often lulls us into a false sense of security without providing real security. The reason is that regulatory standards are slow moving in nature and capture the state of threats at particular point in time. Security threats evolve on a daily basis. Compliance with regulatory standards is necessary but not sufficient to guarantee security.

So what is the solution?

After having run against a similar situation many, many times. Here is a relatively simple solution

• Back up all your software offsite
• Back up your backend database daily or every few hours or even constantly. The kind of backup you do depends on the level of risk you have
• Run an easter egg detection software. A common mode of attack is for phishers to place phishing files on your server. This is BAD. Your website reputation is destroyed and pretty soon you may find your website being blocked by browsers as a known phishing site.
• Patch your application software to latest versions.