What do you know about your website?

by
What do you know about your website? Cyber Awake

On Tuesday I wrote a little about the opening hours of a cyber security review, going through some of the obvious technical areas that everyone thinks of, anti-virus and (hopefully) a ransomware secure back-up, to some of the less thought-about areas, the use of paper and how your team should print securely. We also talked about being careless with paper. That got me thinking about other areas where cyber security just fades away.

I started to work on today’s article when I posted these two blogs to the Smart Thinking Solutions, daily cyber security news site:

Two WordPress vulnerability posts in a day – WPGateway zero-day vulnerability – Smart Thinking Solutions

Do you use FishPig ecommerce software? You don’t know. Then check now because it may have been compromised. – Smart Thinking Solutions

What do you know about your website, the people who host it and the people who design it?

So – you met with the web designers and approved their design, added the functionality you needed and that online shop your marketing people had always wanted. You even ran a social media campaign when the site launched and recommended the designers to others. But did you check out their cyber security?

You should have.

That site reflects your reputation. It also gathers personally identifiable information (PII) and sensitive information – remember you added that ecommerce shop at the last minute, because that was what the marketing department wanted? Do you know if your site is running the FishPig ecommerce solution? If it is, do you know what your web developers will be doing about it? Will they report to you if they installed it as part of your build, and brief you on the situation?

Then there is the issue of who actually coded the site. Was it someone sitting in an office in your hometown, the next county over, London or in a small town somewhere in the Philippines, who is doing it for a fiver? The people working on your site will have had intimate contact with the code, the structure, payment systems, passwords and usernames. (Kommineni and Parvathi. 2013). 

Why the Philippines? Well, when a client suffered a cyber security incident my investigation led me there. The client told me they trusted these people, hired though a micro-outsourcing site, although they could not have identified them as they have never seen a photo or had a video conversation with them.

There are many more questions we ask when we create the “what is normal” document for our clients, but I am limited to 500 words here. So here are two that you can ask your web developers straight after you have finished reading this:

  • Where is the incremental back-up of our site and blogs?
  • How many people have access to administrator level credentials and do they use MFA?

If you are a web developer and this blog makes you feel uncomfortable – contact me and I will happily spend an hour on Teams with you to find out if we can help.


Clive Catton MSc (Cyber Security) – by-line and other articles

More Information

Further Reading

Where are the boundaries for your cyber security? – CyberAwake

Then there was a third problem with WordPress… BackupBuddy – Smart Thinking Solutions

References

Kommineni, M., & Parvathi, R. (2013). Risk Analysis for Exploring the Opportunities in Cloud Outsourcing.

(This paper has a well researched table of the risks of micro-outsourcing)

Contact us for consultation

Wake up to cyber threats..

What do you know about your website? Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close