COVID-19 has brought us extended lockdowns, pervasive uncertainty, and fundamentally changed the...
5 security tips, and why you should care about them
It seems like everyone and their dog is willing to raise a big scary security flag and waive it around in the interests of being seen as an expert. Now, don’t get me wrong, security is important (and a big part of the decisions we make here at Commerce Vision), but that whole waving a red flag at a bull thing seems a bit outdated and frankly… not very helpful.
So here’s some (hopefully) helpful tips to help with your website security.
Some places go overboard with the strength of the passwords they expect and yes, it can be incredibly frustrating. Still, these things are worth considering:
Tip 1: Password strength
Alright, I know most of you have heard this one a thousand times but I promise there’s a good reason the world of internet security keeps harping on about it. Let me throw some data at you.
Keeper Security put together a list of the most common passwords based on data breaches that happened in 2016. There’s some pretty common culprits… Are you ready for these? In order, we have:
I’m really hoping I don’t see any faces of shame amongst you all. If you change them right now I promise I won’t tell anyone…
I know it can be challenging to try and remember a unique password for every service you use online. If you really struggle, you’re not alone. And you might want to look at using a password management tool like 1Password (check out this handy comparison chart I found to help you decide which one might be best for you).
Tip 2: How old is that FTP password?
Alright Helen, why should I care?
I’m glad you asked, dear reader! Often times when employees leave we remember to revoke their access to systems like email, or their door pass… but how long have you been sharing around that same old FTP password?
We like to think that all employees leave with happy hearts and good intentions but let’s be a little bit more down to earth. Not everything is coming up Millhouse all the time, so it pays to be a bit careful with details that can have massive impacts on your site. After all, your FTP password is the online equivalent of a door pass, so it pays to know who still has the keys.
If you do think it's about time to get that pesky password changed, feel free to get in touch.
Conveniently, that leads us to our next tip:
Tip 3: Who has access to your CMS?
Ah yes, those pesky CMS users… with potential control over your entire site… Oops. Do a quick audit to see who has access to it right now. Is it only people who need it? Could you look at restricting their current access to only the segments they need by creating custom CMS roles?
Tip 4: Who STILL has access to your CMS?
When was the last time you checked to make sure only current staff have access to the CMS? Login to the CMS and hit that little ‘CMS Users’ tab to see a full list of who’s there now. Is it just those who should be? Didn’t Joe leave 6 months ago?!?
Tip 5: Upgrading
There’s a lot you can do to help the security side of things, and there’s a lot we do for you. It’s worth having a look at that little version number up the very top of the CMS:
What version is your website on? Ideally, I’d love for all of our customers to be on our 2016 release at minimum (which is 3.90). I know there’s a lot to go through for an upgrade – because every good upgrade includes testing. Consider adding a business process to look at upgrading at semi-regular intervals so you never fall too far behind. It also helps to have a good idea of what your test cases look like, and to ensure they evolve as your site does.
Alright guys, I’ll stop harping on now. I hope you’ve got at least one titbit to take away from today’s post (even if it’s just that ‘password’ is still in the top 10 most compromised passwords THIS many years on).
Let me know if you want to chat security, CMS, or just want to talk to my lovely self.