IT SECURITY

WHY ALL TYPES OF BUSINESSES ARE AFFECTED?

Hackers or malware do not need a reason to attack your system. We can compare an IT attack with a diseasespreading throughout websites and networks. The disease tries to contaminate anything that can be infected. Systems, servers, websites or any online account can be used for malicious purposes, as hackers wants to obtain any confidential information, access, or bank codes. They confiscate your data and ask for ransom, or even they use your systems or websites in order to hack larger systems… And the worst is that the most harmless elements of your system can be the most dangerous.. For example, an attack can come from an insignificant object such as your company’s printer.

INFRASTRUCTURE AND SERVERS SAFETY: WHAT TO DO?

Step 1: Server Security Audit

It is important to know the level of security of your information system, whether it is an in-house information system or you decided to outsource it’s management.

For knowing this security level, you can set up a server security audit and identify the eventual gaps or breaches of your system.

Step 2: Server security enhancement

Thanks to the server security audit, it is possible to make recommendations in order to strengthen the security of the server. All the components of your system, all elements which protect it, such as firewalls, anti-virus, anti-intrusion systems, ssh, Apache / Nginx configurations, or hotlinking protection, can be used for this enhancement purpose.

Lots of good practices are available in order to enhance the protection of the server. We continuously monitor these best practices and their evolution, and we apply them to your system for an effective and optimized protection.

Step 3: Monitoring and supervisory

Even the most secure system can encounter unexpected problems. For this reason, it is recommended to set up a monitoring of the IT system, including continuous updates, monitoring of the services, identification of the server maximum load, and finally, detection of possible malfunctions, breakdowns, or attempts to attack or intrude.

Step 4: Backups

Finally, the essential step to implement a computer security policy is to provide adequate backups. It is necessary to to calculate the frequency and depth that you need for your backups, but moreover, you need to make sure of the reliability of your backups, preferably externalised on redundant infrastructures.

IT SECURITY WORDPRESS

WordPress is the most used CMS (Content Management System) for creating websites. Therefore, it is also the most targeted CMS by cyber attacks.

A WordPress website with no security enhancement is highly vulnerable and the probabilities of cyber attacks are very important. All websites are concerned, regardless of their size, sector of activity, and number of visitors.

Different levels of protection can be set up for the IT security of your WordPress site.

WordPress Security Audit

The WordPress security audit allows you to list actions that can be done on your website in order to limit its vulnerability and increase its protection.

Basic protection

• Changing backend URL access name
• Limiting the number of login attempts to the admin account
• Applying WordPress Security Recommendations
• Applying the appropriate site files permissions
• Secure the connection address to the administration area
• Limiting the number of login attempts to the admin account
• Managing the complexity of the passwords

Management and maintenance package

• Monitoring and updates of the theme, plugins and core
• Outsourced backups (frequency to be defined)

Incident management

• Communication with the web host in the event of a major incident
• Put back your website online within 2 business days in the event of an incident