• icon-blog-top

    Welcome to the FlexiDB blog.  Read all the latest news about FlexiDB, the software, demo sites, exhibitions et cetera.

  • How to create layers of protection for cyber security

    8th December at 9:06am GMT
  • Security precautions are more important than ever, so how can you protect yourself from threats?

    One of the major threats of the modern world is cyber crime. Following World Computer Security Day on November 30, we decided to take a closer look at how you can keep your website secure.

    Technological advancements are moving the world towards becoming a place where almost anything we can imagine is accessible and within reach. But the more technology we build, develop and connect, the more potential vulnerabilities we create, and need to protect.

    Eliminate cyber vulnerability with layers of online defence

    “Security is like layers of an onion.” You may have read this statement elsewhere, but this is the secret to creating a good security solution. Different software packages will have different responsibilities, but may defend against the same attack. There is no silver bullet, no single software package or plugin that will make a site impenetrable, but there are key ways to layer protection in order to enhance your web security.

    On a basic level, you should ensure you always use strong passwords and change these regularly. You can also avoid vulnerability by updating all of your software and plugins frequently, because the latest versions patch a lot of security holes.

    For more advanced protection, it is a good idea to employ some expert help, in the form of security software, to keep your sites nice and secure. We’ve listed a few of the most popular options below.

    Top choices for professional web security services:

    Sitelock

    The only provider to offer complete, cloud-based website protection that finds and automatically fixes threats, prevents future attacks, accelerates website speed, and meets PCI compliance standards. Includes daily scanning, automatic malware removal, web app firewall, a global CDN for a fast website and a 24 hour support team.

    Sucuri

    A comprehensive security stack for any website, regardless of technology. The cloud-based protection platform (a custom Website Application Firewall and Intrusion Prevention System) proactively mitigates attacks against a website. It provides a layered approach and there’s a free plugin for WordPress.

    Wordfence

    A popular security plugin for WordPress, Wordfence continuously analyses the latest threats, developing new protection and detection rules. With a Threat Defense Feed, Web Application Firewall, Malware Scanner, and other tools, Wordfence offers a complete security option that is a good choice for all levels of users. The system has strong password enforcement settings and limits the number of failed login attempts.

    iThemes Security Pro

    WordPress security plugin designed to harden WordPress and protect content, making it easy to secure and protect your WordPress site. iThemes Security Pro’s WordPress User Security Check assesses the security of all your WordPress user accounts at one time.

    Other ways to add layers to your protection:

    Web server security modules

    Another level of security is to use a firewall security module. A popular one is ModSecurity, available to both Apache and Nginx. You can use these to define different rules to stop people from accessing a page. This is similar to Wordfence, but works on server-level, instead of working on the application. If you do not own a server, it’s a good idea to ask your web host how they are being protected.

    Basic authentication

    This usually comes in the form of a pop-up asking the user for login credentials. It sits on server level but doesn’t need server configuration access. It is secure but can be inconvenient for the user to repeatedly type in different credentials, particularly if you have different passwords for different parts of the site!

    Look out for HTTPS and the green padlock

    HTTPS pages typically use a secure protocol to encrypt communications, such as SSL (Secure Sockets Layer). If your site passes user data or financial information, you should usually get some official SSL certification.

    For example, the FlexiDB framework passes user data through a range of systems. Our databases can hold large volumes of data, including important statistics for businesses, like sales figures and reports, so data security is of highest priority to our team.

    We ensure there’s a secure transport layer between users and our server. When creating databases with FlexiDB, you’ll notice a green padlock by our domain name https://login.flexidb.com/. The green padlock shows that traffic to and from the website is encrypted and cannot be decrypted if it is intercepted.

    screenshot-2016-12-07-13-24-15

    Why encrypt?

    This protection shows that you are connecting directly with the website, and there will be no external access to sensitive user information, including financial or personal details and passwords.

    All websites that pass user data or have e-commerce functionality should be secure. HTTPS is becoming the norm, and the cost of certificates is no longer an obstacle, with a number of free certificate providers available. We recommend Let’s Encrypt, which is a free, automated, and open Certificate Authority.

    Having issues with a yellow symbol appearing on your padlock? This is a sign that some elements on your page may not be secure. Make sure any external scripts you have running on a webpage (including fonts, images and widgets) are using HTTPS, not HTTP.

    Should I encrypt?

    Although HTTPS isn’t necessary for all websites, it can be beneficial even when no data is being passed, because HTTPS is a ranking factor for Google. (Plus, it helps users build trust with your brand when they associate your domain name with a green padlock and a secure connection!) WordPress users can either manually enable SSL on their sites, or simply use a plugin.

    Can you encrypt without SSL?

    Another option is to use an encryption algorithm. For example, Blowfish is a symmetric-key block cipher, which allows you to securely pass encrypted data even if it doesn’t use SSL. You don’t need green padlock to do this because it allows you to use encryption without an SSL connection.

    We use encryption in FlexiDB, so data can be passed securely between FlexiDB and WordPress even without HTTPS.

    Encrypting for an IoT future

    Cyber security reaches far wider than the world wide web. It is becoming an increasingly vital consideration for all kinds of technology, particularly as more smart, connected devices are being developed.

    IoT links to all aspects of life, from life-saving HealthTech to incredibly sensitive FinTech data and smart devices that connect with our homes.

    Unfortunately, these advancements create new vulnerabilities. There is even potential for computer viruses to infect digital implants within human beings.

    Recently, a scientist from the University of Reading, Dr. Mark Gasson, infected himself with a computer virus to prove that cybernetic computers are not immune to wireless virus transmission. His experiment highlighted the security vulnerabilities in cybernetic chips and implants.

    How will we continue to encrypt and protect new digital environments from the risk of cyber threats? Tell us your thoughts…

    If you have any questions about FlexiDB as a secure platform, or would like some further security recommendations, contact tess@flexidb.com.