[Article updated on 8/8/2024.]
Even major players like Facebook, Yahoo and Digitec Galaxus have been affected by hacker attacks. However, the current focus is mainly on SMEs, which are experiencing the majority of cyberattacks in Switzerland. There are a few simple yet crucial steps you can take to protect yourself and your organization:
1 – Always Up-to-Date: The Key to Maximum Security
Keeping your devices and software consistently up-to-date is one of the most fundamental and crucial steps for enhanced online security.
Regularly update every piece of software, including scripts and plugins, that you use on your website, no matter how small.
Also, remember to update your device's operating system (Microsoft, Apple, etc.) and your internet browser (Chrome, Opera, Safari, etc.).
Open-source versions are publicly accessible, and hackers can discover potential vulnerabilities through their source code.
If you use WordPress for your website, you can activate onlineKarma's online protection – we continuously maintain your website throughout the year: WordPress Maintenance
2 – Encrypt or Lose: Why HTTPS/SSL is Essential
Websites, emails, and similar communications should always be encrypted with HTTPS/SSL. If your website doesn't already use HTTPS, it's high time to implement it (this is also a requirement under GDPR).
Websites that still use HTTP (Hypertext Transfer Protocol), the standard protocol for data transfer between your server and the user's browser, are vulnerable to hacker attacks (current news on hacker attacks).
HTTPS/SSL encryption is especially important for websites with e-commerce and for all websites that use forms with sensitive user data or personally identifiable information (PII).
A website encrypted with HTTPS/SSL appears in the browser like this, for example, www.onlinekarma.ch:
3 – Danger from Extensions: Beware of Malicious Plugins
Modern browsers, devices, and CMS (Content Management Systems) offer an almost endless array of extension options, plugins, and add-ons.
When choosing, make sure that the extensions:
come from legitimate sources,
are regularly updated,
have a large number of downloads
and have sufficiently good ratings.
Be cautious of free versions of premium plugins: these are usually pirated and infected with malware.
“Any software can be attacked, and unfortunately, your website's software is no exception. ”
4 – Only the Original Counts: The Value of Trust in Software
Only use original software from a known and trustworthy provider.
The same principle applies to emails, SMS, and WhatsApp messages with suspicious-looking links and attachments. Only open files and links from senders you can trust 100%.
Warning: Emails can look very legitimate nowadays, but they are not necessarily so. A sender can be faked – also known as “Phishing”. Here are two examples:
Report phishing emails with one click here on the official Swiss Anti-Phishing page.
👉 Tips on how to recognize phishing emails (in English)
On Social Media, we are noticing a significant increase in fraudulent direct messages sent to company pages.
Stay vigilant and observe the following points:
Social media platforms will not contact your page via direct messages if there are issues. Therefore, do not click on any links or attachments in such direct messages that claim to be contact persons from the respective platform.
Report these messages as spam.
Continue your successful Community Management and remain vigilant.
Your security and the best possible Social Media Management are our top priority.
5 – Passwords of the Future: Your First Line of Defense
Naturally, this point is essential. Secure passwords are absolutely essential for web security – both for your company and for your personal use.
Password Tip 1
There is a simple formula that summarizes the 3 essential requirements for a secure password: CLU (Complex, Long, Unique).
A password should be complex, meaning randomly arranged. No birth dates, no pet names, and no real words.
Passwords should also be at least 20 characters long.
And of course, you should also not use the same password in multiple places.
Password Tip 2
Now you're probably thinking: And how am I supposed to remember countless random, 20-character-long passwords? For this, there is, for example, LastPass, a password manager, which securely stores all your passwords in an encrypted way and also generates random passwords for you.
Password Tip 3
Even the most secure passwords are useless if they are not applied correctly. Therefore: Lock your phone, laptop, or computer when you are not using the device. And protect it with a password 😉.
Password Tip 4
Do not send passwords via email, and especially never send the password together with the username and its purpose. A practical tool for sending passwords, by the way, is https://pwpush.com/.
6 – Protect Your Privacy: Avoid Public Networks
If you are using confidential information while browsing - for example, e-banking or shopping - you should do so on a device that belongs to you and on a network you trust.
On a public free Wi-Fi, using a colleague's phone, or on a publicly accessible computer, your data could be stolen.
Caution is also advised regarding what private information you share on Social Networks. The 'bad guys' could obtain valuable information about you with these details.
7 – Strong Defense: Why Antivirus is Essential
Protect yourself from viruses that weaken your computer and make it more vulnerable to attacks. Install an antivirus package.
For example, Avira is free, but paid software will offer you more comprehensive protection.
8 – Less is More: Limiting Access Rights
If multiple users can edit your website, ideally, follow the Principle of Least Privilege: grant access only to the applications and resources that are essential for a user's work and for which they are authorized.
This means that if someone 'only' writes blog posts on your website, they should not have permission to adjust the design of the entire site.
Especially with guest posts, ensure that the new user does not receive more rights than truly necessary.
9 – Secure Host, Secure Operations: What Matters
Price should not be the decisive factor when choosing a web host, but rather security aspects.
Your trusted web host should have an SSL-secure server (required for HTTPS, see above), secure email support, a secure data center, and offer regular backups.
If you, like many smaller companies, host your website on a shared hosting server, ask the provider about their security measures.
We would be happy to help you with choosing the right web host and more.
10 – Browsing with Protection: Security Tools for Your Browser
You can also protect yourself while browsing the internet: with the security tool of your chosen browser.
These can, for example, block pop-ups, send Do-not-Track requests to websites, disable insecure Flash content, limit access to your webcam, and block potentially dangerous downloads.
You can find these security tools in your browser's settings.
11 – Two is Better Than One: Utilize Multi-Factor Authentication
In today's digital world, a simple password is often no longer enough to protect our data. This is where Multi-Factor Authentication (MFA) comes in.
MFA provides an additional layer of security by requiring a second factor for verification, such as an SMS code or an authenticator app. This extra barrier can be crucial in preventing unauthorized access to sensitive information.
Companies should implement MFA wherever possible to strengthen their security strategy and effectively protect themselves from cyberattacks.
12 – Leave Nothing to Chance: Perform Regular Backups
Data loss can occur due to cyberattacks, hardware failures, or human error. Regular backups are a simple yet effective safeguard to ensure that important information is not permanently lost.
Companies should create a backup plan that includes both automatic and manual backups. These should be securely stored on external drives or in the cloud to ensure a quick and complete data recovery process in an emergency.
13 – Knowledge is Power: Cybersecurity Training for Employees
People are often the weakest link in the security chain. Therefore, regular employee training on topics such as phishing, password security, and safe online behavior is essential.
By raising employee awareness of risks and informing them about current threats, companies can foster a security culture that significantly reduces the risk of cyberattacks.
14 – Keep it Private: Secure Browsing on Your Own Networks
Using public Wi-Fi networks can pose a significant security risk, as data transmissions can be easily intercepted. Companies should encourage their employees to use only secure, private networks, especially when accessing sensitive company data.
Additionally, security measures such as WPA3 encryption should be implemented in wireless networks to prevent unauthorized access and ensure the integrity of transmitted data.
15 – Stay Informed: Trust Reputable Sources
It is important to stay up-to-date on the latest security threats and measures. Websites like the Cybersecurity & Infrastructure Security Agency (CISA) offer comprehensive information and guides that can help improve a company's security strategy.
Regularly consulting such trusted sources can help identify best practices and detect emerging threats in a timely manner.
16 – Leave No Gaps: Security Reviews as a Must
Regular security audits are crucial for identifying and fixing system vulnerabilities before they can be exploited. A thorough audit should cover all aspects of IT infrastructure, from network security to software applications.
Companies should consider specialized service providers to conduct independent audits, which help close security gaps and optimize the overall security strategy.
17 – Always Connected, Always Protected: VPN for Enhanced Security
For employees working remotely or from a home office, using a VPN (Virtual Private Network) is essential. A VPN encrypts the internet connection, protecting against unauthorized access to confidential information. (VPN Test: Comparing the Best VPN Providers)
By using a VPN, companies can ensure that their data is protected even outside the office and that employee privacy is maintained.
Bonus Tip – ICT Security
We are pleased to recommend Sowacom's security solution. From Cyber Protection to Data Security and Cyber Insurance, their ICT partner can provide expert assistance. Learn more about the Cybersecurity for SMEs offer here.
Cybersecurity Summary
These were the 10 tips to enhance security for yourself and your website. Of course, there's no guarantee that your website will never be attacked or hacked, even if you follow all these tips.
However, by implementing these, you should be protected against the majority of automated attacks, and the overall risk will be drastically reduced.
You might also be interested in:
Our Offer: Modern, Attractive, Efficient, and Secure Web Design
Blog Post: Why User Experience (UX) is So Important in the Age of Digitalization.
Blog Post: GDPR Checklist for Swiss Companies and Associations
Blog Post in English: Phishing and Spam Mails Masking as Brands