Get a Quote

A collection of tips that everyone can do to help keep your website, and everything else, safe from hackers.

3rd March 2017
Thomas Marsden Team

Hacking is a big problem for websites, especially those with online admin facilities. While all care is taken on the developer and hosting end to keep your website safe and secure there are so many alternate ways hackers can gain access not only to your website admin, but other areas of your businesses and personal life that are in the online space.

We thought it would helpful to compile a list of our top tips to keep you safe online and therefore keep your website admin username and password secure as well.

1. Keep your operating system and software up-to-date

Running old versions of your operating system or software applications is a sure way to leave yourself opening to security issues. Most modern operating systems like macOS and Windows 8 run security updates on a weekly, sometime daily basis.

It is also crucial to keep your web browsers updated as well, as this will generally be where you enter secure details such as passwords and credit card details. We recommend using Google Chrome if you are on Windows or Mac as it generally has the most security defences in place.

We suggest consulting your IT provider for their best suggestions and help to streamline any upgrade processes, most of which can be set to automatic these days.

2. Run anti-virus & malware detection software

It might seem like an old one, but having anti-virus and malware software installed and setup to perform regular scans can be a great defence against viruses or malware which may be downloaded from websites or email attachments.

Some popular options available are:

  • Norton 360
  • ESET
  • McAfee

Again, we suggest consulting your IT provider for their best advice.

3. Use a complex password

Although it may be annoying to enter and remember when logging in, using a long and complex password means that if your username and password are part of a security breach, then it is more difficult to be decrypted by hackers.

Most reputable websites store your password as an encrypted set of numbers and letters in their database, this means that if it is stolen, they need to translate it before it can be used to access your account. Hackers have ways around this encryption, but the longer and more complex your password the longer it will take them to decipher.

A strong password should:

  • Have a minimum of say 12-14 characters, or longer is even better
  • Not be a word from the dictionary
  • Include symbols, numbers and a mix of upper and lower case characters
  • Not include easy substitutions such as 1 for i or 0 for o, an example of this is ‘H0use’

Using a reputable password management tool is also helpful for saving long passwords securely without the hassle.

4. Use different passwords across different accounts or websites

Following on from the above point, in the case your user details and password are stolen a clever hacker could try various other services with your email address and the same password. Varying your password across sites and online services will prevent this.

5. Enable two factor authentication if available

Two factor authentication is the most commonly used on online banking sites and usually to perform specific functions such as bank transfers or email address changes for example. This process requires you to enter a code which has been sent to your mobile device via sms to confirm you are who you say your are and your access has not been forged.

Most major online email services and social networks now offer 2 factor authentication options, but it may not be turned on by default. Some will prompt you at login to adopt this process which we certainly recommend.  

6. Be careful with clicking links or downloading attachments from emails

Along with the annoyance of email spam comes another tool in the hacker arsenal, the spoofed email, which is basically a forgery or fake of legitimate emails sent out in bulk, usually from hijacked email accounts or servers with the aim to dupe users disclosing personal details.

As a rule of thumb, be very cautious with any email that arrives randomly asking you to login or reset your password, update billing details or similar, no matter how legitimate the format of the email looks.

Sometimes there may be a legitimate reason for a service to contact you to update account details, and if so pay close attention to the domain name the link is taking you to, or even visit the website via a google search and login that way. If in doubt, give them a call to confirm the email is legitimate.

7. Use a VPN on public wifi

Public Wifi’s, especially those in hotels or cafes overseas, can often be unsecure. This can either be due to an incorrect setup or the more concerning, when they are setup to capture users secure details by monitoring of traffic, which may be with or without the owner of the businesses knowledge.

If you do need to use a public wifi, we suggest using a secure VPN service that will encrypt all of your internet traffic and ensure that data you send and receive remains secure.

Some popular VPNs available are:

  • Express VPN
  • Nord VPN
  • Cloak

In Summary

In summary, treat your online security like you would real world security, things like locking your car or house, investing in a security system or safe go along way to keep you safe, so do all the above mentioned tips for your online world.

The best line of defence is to be aware and cautious with your passwords and other sensitive details online and if you only do a couple of the above, then keep software current and use a strong password.

PS. As mentioned a couple of times in this article, these are recommendations, please do consult your IT provider for the best advice for your particular situation.