Three Steps Accounting Firms Should Take to Improve Website Security

June 22, 2017

Scott Dine

Scott Dine

Partner + Technical Director

3 min read


Three Steps Accounting Firms Should Take to Improve Website Security

Three Steps Accounting Firms Should Take to Improve Website Security

by

Principal + Technical Director

Protecting your digital platform

I still remember a tense situation from a few years ago that drove home to me the vital importance of strong website security. We responded on behalf of our clients to a severe global botnet attack targeting websites built on the WordPress platform. While our implementation of time-tested security best practices reduced the vulnerability of our our clients, we experienced the effects of the attack on our servers as they blocked hundreds of thousands of login attempts from 2000+ IP addresses. Thankfully, the impact on server performance was minimal.

If you haven’t had Catalyst Group address these security concerns for you, here are some basic steps you should take to secure your website:

  1. Remove user accounts with common names.
    During this attack, the botnet most commonly guessed obvious account names such as “admin”, “test”, “administrator” and “root”.
  1. Use unique, secure passwords.
    While the botnet has in the past been programmed to attempt the above usernames with the most frequency, it is changing to include, among others: “editor” and “moderator.” Counter this by using a unique, secure password. Use capital letters, numbers and symbols to spell words not found in the dictionary. Most importantly, note the fact that I specified your password should be unique. Hackers gain passwords by compromising sites like Dropbox, LinkedIn or Yahoo, then add the stolen passwords to their brute force dictionary. Create gibberish acronym passwords from phrases specific to you and easy for you to remember. For example:

    “My dog Spot likes to chew on the rug” might become “Mdsl2c0tr”.

  2. Install a security plugin.
    While many services will do the trick, I like Sucuri. Sucuri is compatible with the vast majority of websites and offers simple but effective website security that locks out anyone with a suspicious IP from accessing your login page. It’s backed by a team of “real people” support professionals that will act fast if a crisis develops.

Nothing will render a website 100% hack-proof, but there are steps you can take today to greatly reduce the chance of a serious breach. If you have concerns about your website security and you’re not sure where to start, call or email me at 317.296.6439 or sdine@thinkcatalyst.co to schedule a consultation about the best practices you can implement immediately to protect and secure your website.

Share this: