How to secure your website from cyber threats - best practices (part 2)

Sunscrapers Team

9 January 2023, 5 min read

thumbnail post

What's inside

  1. Intro
  2. Basics steps to secure your product
  3. Conclusion

Intro

In the previous article, we have listed the most popular and dangerous cyber threats. In the second part of the mini-series, we will try to write down the most popular ways to help you prevent those threats from destroying your hard work and users’ reputation - and in the end - protect your business.

Basics steps to secure your product

As you can see from the previous part, the number of threats out there is huge. Let’s look at the best ways to secure your website and make your users feel safe using your product.

  1. Keep your software up-to-date

This is a very often forgotten part of the equation. Too many times as a software engineer have I seen a situation where a client pushes new features but is reluctant to deal with technical debt, spending time on upgrades, etc. And this is actually one of the easiest ways to prevent serious threats.

In my opinion, any software engineering process should be capable of spending at least 20% of the time on maintenance, upgrades, and security.

  1. Always use HTTPS

This is a no-brainer. Luckily more and more websites and systems are already encrypted, but if you happen to own a product that doesn’t use HTTPS - please, deal with it as soon as possible.

  1. Password policies

This is a two-way street. Naturally, enforcing some password policies on your users and adding 2FA to your system is a sage choice. Still, people often forget that the same MUST be applied to the company itself - and any company that creates the product for you.

We’ve seen countless attacks caused by a lack of security on the vendor or company side (for example recent Uber attack).

  1. Use good and secure hosting

Another no-brainer - never try to save money on shady hosting services. Spending 30% more on a well-known, good brand is a must. Why? Because most of the time, this extra budget you spend is used to make the hosting service secure and up-to-date.

  1. Try to record accesses to your system all the time

Similar to password policies - it’s not only important on your product side but also vital when it comes to your company policy and your vendor's policy. I will never stop repeating that the weakest link in most systems is the human factor.

  1. Never use default settings for any plugins and modules

Whenever using external systems, plugins, or frameworks, you must always change the default settings. Of course, using them is easy, as they work out of the box, but the danger is enormous. One of the most uncomplicated attacks is to check those values by the attacker.

  1. Backup your backups

Backups are obvious - hopefully. Not only backups of the data that is within the system but also source code, documentation, etc. Naturally, the backups MUST be extra secure and password protected, but it’s also vital to have a backup of your backup. I know it may seem like going the extra mile, but believe me - you will thank me for that suggestion when anything happens.

  1. Spend extra time on server configuration

The great thing about software engineering nowadays is that many things are working out of the box. It’s similar to the default settings I mentioned earlier.

Server configuration is one of the first steps you should dig into. Most servers have a lot of features built in. The basic step would be to instantly turn off anything you do not use - this way. You will know better what you have to control in the future.

  1. Use WebApplication Firewall

A WAF protects your web apps by filtering, monitoring, and blocking any malicious traffic coming to your application, preventing any unauthorized data from leaving it. A proxy server acts as an intermediary to protect a client’s identity. At the same time, WAF operates similarly but in reverse, acting as an intermediary that protects the web app server from potentially malicious actions. WAFs can be software, an appliance, or delivered as-a-service. Policies can be customized to meet the unique needs of your web application or set of web applications.

  1. Be sure your company network is secure

Last but not least. We’ve been talking a lot about your product codebase and its parts. But there is another thing that is very often overlooked.

It’s the security of your company network, as well as the security of the network of your vendors. This is going really an extra mile, but believe me - it’s worth it.

Conclusion

Of course, those techniques are just some examples - the topic is very complex, as the attacks and threats are becoming more and more complicated.

That is why after taking those simple steps, you should always consult a company specializing in a security advisory with the proper knowledge and experience to perform audits.

We strongly encourage you to contact our team so we can take care of your product and make it more secure and reliable - in the end, security easily transfers into your company's worth.

Reach out to us at hello@sunscrapers.com.

Sunscrapers Team

Sunscrapers empowers visionary leaders to ride the wave of the digital transformation with solutions that generate tangible business results. Thanks to agile and lean startup methods, we deliver high-quality software at top speed and efficiency.

Tags

data security

Share

Recent posts

See all blog posts

Are you ready for your next project?

Whether you need a full product, consulting, tech investment or an extended team, our experts will help you find the best solutions.

Hi there, we use cookies to provide you with an amazing experience on our site. If you continue without changing the settings, we’ll assume that you’re happy to receive all cookies on Sunscrapers website. You can change your cookie settings at any time.