Web Development & Security

Web Security   •   Feb 22, 2019

Website and Web Development and Security

For the second year in a row, hacking activity reached a record high in 2017 with over 1,500 data breaches. This year, hackers are keeping up pace as the Identity Theft Resource Center has already reported 90 incidents as of April 1.

Data breaches have been in the forefront of public attention as major corporations like Facebook, Google and Equifax are under fire for having millions of customers’ personal information leaked or exposed. Also there are other less known breaches like Panara Bread, Sears, Kmart, Delta Air Lines, Best Buy, Saks Fifth Avenue and Lord & Taylor.

The companies listed above are all large corporations with massive security departments yet they are still susceptible to security and data breaches. So, how does this affect small and medium-size businesses?

I hear a lot of clients and friends of mine say, “Why would hackers target me, I’m not a well know corporations like Google or Facebook?”. The truth is that smaller businesses are just as likely, or even more likely to be hacked or breached. Below are just a few statistics that directly relate to small business security:

  • 58% of malware attacks are categorized as small businesses.
  • In 2017, cyber-attacks cost small and medium-sized businesses an average of $2,235,000.
  • 92.4% of malware is delivered via email
  • 60% of small businesses say attacks are becoming more severe and more sophisticated.

How We Protect You

At the Van Curen Group we take security seriously. Every time we deploy a site our team takes a few extra steps to ensure our sites follow security best practices and that we’ve covered for all known vulnerabilities.

Steps for all Websites and Mobile Applications:

  • Follow the best security practices for the languages and frameworks used.

  • Ensure all software, languages, and plugins are up-to-date with the most recent compatible versions.

  • Run penetration testing tools like Vega Scanner to find any known vulnerabilities.
  • Change passwords and usernames from defaults to complex strings.

Extra Steps for Mobile and Web Applications:

  • Run a vulnerability scanner on the code repository.
  • Obfuscate your code before production.
  • Blacklist known malicious IP’s and countries that should not have access.

Extra Steps for WordPress Sites:

  • Install the WordFence WordPress Plugin.
  • Move and protect the default wp-config.php file.
  • Setup daily scans.
  • Block malicious IP address.
  • Monitor for anomaly’s in traffic and unauthorized login attempts.
  • Ban unauthorized login attempts.
  • Change the default login link.
  • Install SSL encrypted certificate with AutoSSL or LetsEncrypt if none are already provided.
  • Run wpscan penetration testing tool to scan for vulnerabilities.
  • Ensure all plugins and themes are up-to-date.
  • Update the default php version.

New Security Services

Basic:

  • Run monthly updates.
  • Install 2FA (Two Factor Authentication)
  • Monitor abnormal traffic or access attempts.

Pro:

  • Run weekly updates.
  • Install 2FA (Two Factor Authentication).
  • Monitor abnormal traffic or access attempts.
  • Advanced Threat Defense – Protecting from the latest threats as they emerge.
  • Monthly site audit.
  • Communication and support.
Contact Us