You have probably read plenty of technical articles about security and may even consider yourself a security expert, but these five security holes are not in your firewall, web application, or operating system. They are in your life, and in some cases, patching these holes could go a lot further in protecting your web presence than any expensive security auditing every would.
- Ignorance – There are those who would say ignorance is bliss, but they obviously never had a website or server get hacked. Many security problems with software or web apps are well known and highly publicized. Knowledge, therefore, can be your greatest asset. Stay informed and do not pretend there are no security problems with your website or server just because you do not know about them. Investigate and be certain.
- Unsecured home computer – It sounds far-fetched to think that your home computer could have any effect on a remotely-hosted website, but if you are the person who manages the site, it is a possibility. If someone can gain access to your computer, he might be able to gain access to your website using your credentials. Keeping your computer secure could save your site.
- Low-security data center – In this case, we are not talking about firewalls. This is just plain garden-variety security. What type of access is permitted? Can someone just walk in off the street, or do they need access cards or even biometric authentication? Is the site monitored? Are there live guards or just remote security monitors?
- User X – Most security problems begin with user error. Somewhere in your organization or your user population there is User X, the user who takes every shortcut possible. This is the user whose password is “password” and who has not updated his or her computer since Y2K. These people are the weakest links, and you should either strengthen them or remove them.
- Fax machines – Some companies still have fax machines. Undoubtedly, a few of them have even insisted you fax documentation to them for maximum inconvenience. These same companies will leave their fax machines in central, common areas where anyone could walk in, pick up a “secure” document, and walk off with someone’s sensitive data. If that data happens to be related to your company’s website, disaster may be just around the corner.
These security holes are easily fixed, but many people probably have not considered them. Security goes far beyond code. It extends to anyone who might ever have access to your website.