Is your company’s website secure? Maybe not

There’s no shortage of systems that can be attacked within an organization. But one that may go overlooked frequently is also one of the most vulnerable: the company’s website. 

According to IDG Connect’s Website Security in Corporate America survey, 33% of companies never conduct vulnerability scans or assessments of their websites. Yet only 11% said they don’t know how secure their websites are.

That doesn’t jibe. If you’re not regularly conducting testing of the site’s security, you can’t know for sure whether or not it’s vulnerable to attack.

Possible threats

There’s no shortage of threats to your site. Possible attacks could include:

As the most public-facing part of your organization, the website presents the easiest target for hackers’ mischief. And it could be a gateway from there to more sensitive information.

In order to protect your organization:

  • Use a variety of monitoring systems. Survey respondents who described their sites as “totally secure” used automated scans (50%), internal assessments (23%), third-party assessments (17%) or other methods (29%). Any one of these can be effective, but the more you use, the better the coverage could be.
  • Check for vulnerability reports. Many plug-ins and tools are hastily programmed and introduce vulnerabilities. Update these tools as soon as possible, and keep an eye out for listed vulnerabilities.
  • Change account passwords frequently. As always frequent password changes are a must, no matter what account they’re for. If your web admin’s password is the same as any other on your system, a hacker may be able to steal it and wreak real havoc on much more sensitive information.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy