What does it mean to keep a website secure?

By admin
25 Blog Firewall Service 2280 1193 Final

The answer to this question used to be straightforward: Keep your CMS, theme, and plugins up to date, and remove user accounts that were no longer in use.

Those were simpler times.

In recent years, ransomware incidents, Distributed Denial of Service (DDoS) events, and other types of attacks like XSS and SQL injection have become common threats. Although these risks are more challenging than ever, many IT and Web departments at universities and colleges face resource constraints that make it difficult to secure dedicated cybersecurity experts who specialize in preventing and mitigating these attacks.

This is not a failure of these departments—they work incredibly hard to keep a college's technological infrastructure running smoothly. The landscape of cybersecurity has evolved, and malicious actors have identified that college IT and Web services often face unique challenges compared to other public institutions.

 

What can we do to mitigate this new, increasing threat to college and university systems?

Implement a Web Application Firewall (WAF)

This "one stop shop" for website security can prevent several attacks, including DDoS, Ransomware, XSS, and SQL injection.

25th Hour offers a WAF implementation and monitoring service. We set our clients up with one of the best firewalls in the industry for public-facing websites and other IT systems and tools. A WAF can also increase your website’s speed by acting as a caching engine. That means your site is quickly and efficiently delivered to the end user, increasing performance, user retention, and SEO rankings.

On the off chance that the worst case does happen and one of your systems comes under attack, the web experts at 25th Hour will be there for emergency maintenance to mitigate attacks as they occur.

To learn more about our our firewall service, please contact us here or reach out to Dewey Price, Sr. Director PR & Marketing.

 

Keep your CMS, website theme, and plugins up to date

We mentioned this as the sole step that we took in the early days, and we need to continue doing it. Regularly check to ensure that the core pieces of your website have the latest security and feature updates installed. These updates patch security vulnerabilities and can save you from a breech.

 

Keep your server up to date

Make sure you're running the most recent versions of Apache, MySQL, PHP, etc. If a core part of your website doesn't support the latest version of one of these systems, it's time to replace it. That could mean it’s time for a full website redesign, but it's well worth it to make sure your site is secure.

 

Enforce mandatory password resetting and implement SSO

Require that everyone with elevated permissions on a Web and IT system reset their passwords regularly, like once every 3 months. That way, if a bad actor does get a username and password combo for a service of yours, it will likely be outdated when they attempt to use it. Additionally, enforcing a password strength minimum can make it much more difficult for attackers to brute-force passwords, further improving system security.

 

If we apply everything on this list, where does that leave us?

 

If you can implement all of these items, your website will be much less vulnerable to potential attacks. A WAF will nearly eliminate intrusion and regularly updating your server and website components will close off most attack vectors.

Integrating SSO and enforcing strong passwords with regular resets means your site can still be protected if a username and password combo is stolen.

Attacks against college IT and Web infrastructure are expected to escalate now that they've been identified as easy targets. It's more important than ever to establish increased security measures to protect your website, services and data.

 

​​