Login | June 19, 2013
Tips to make a website far less hackable
RICHARD WEINER
Technology for Lawyers
Published: August 10, 2012
Some professional hackers are sophisticated criminals who can break into any computer system and get what they want.
But hackers don’t want to work very hard. They want to get into a website and take information in the easiest possible way. There is no reason to make it any easier for them.
There are several very simple steps that computer users can take to greatly reduce their hackability.
First, encrypt every piece of data. An interesting fact that came out of the recent hack of Yahoo passwords was that Yahoo stored those passwords in text format making them immediately available without the hackers running any encryption software. Even though only about 5 percent of those 450,000 passwords were active, that is enough to do some serious damage, of course.
Next, keep all software updated to the minute. Hackers are set up to exploit discovered weaknesses in programs before the patches are installed by individual users, so install them immediately as soon as notification comes in from the software provider. This includes patches to the operating system (Microsoft sends out these patches regularly, for instance) and word processing programs like Word and Adobe where most people generate most of their client’s confidential data.
The next suggestion is to never run a computer in administrator mode. Much malware is written to load itself on computers that run the administration and will then run in the background there loading in more malware. Check to see if the computer is in this mode because that is often the default mode when new individual computers are installed.
The next easy way to avoid hackers is to “whitelist” safe programs. A whitelist limits a computer to running only approved programs. This would not allow a computer to run background malware. This is the opposite of an anti-virus program which will allow any software to run unless the antivirus thinks it is malware. Whitelisting is much safer than the blacklisting of an antivirus program. Most antivirus companies also sell whitelisting software.
Lastly, set up access points that require more than just a user name and password for computer access. One suggestion is to also add a USB-based key that a user has to physically plug into the computer top make it work. Other solutions include voiceprinting and faceprinting.