THE SECURITY RISKS ASSOCIATED WITH WEBSITES

There are a number of ways in which websites commonly present risks to a business, in particular the two shown below:

1. How the website has been developed

Because for many businesses their website presents their first impression to the outside world, the majority of websites are developed with the emphasis on design and appearance. But many have not been designed or developed with security in mind partly because the risks are not generally appreciated and partly because web designers are not IT specialists or security experts.

Websites that do not have suitable protection built in when they are developed are open to unauthorised attack and the effect of this can be very damaging for the business.

Meritec can help you to specifiy your requirements to ensure that adequate protection is included when the site is developed. If you already have a website we can test that and advise if any improvements are necessary. Or we can provide a quotation to develop a new website or enhance an existing one, always with security as an important design criteria.

2. How and where the website is hosted

Even if the site has been developed securely the hosting environment can in itself present different threats. Unless the infrastructures supporting the website have been either thoroughly independently vetted and/or specific steps have been taken to ensure robust protection against unauthorised intrusion then there may be a substantial risk to the business.

Many sites are hosted on standard shared (co-hosted) platforms which were implemented before IT attacks became widespread and when the impacts of such had not been appreciated. Today websites are a prime target for attackers who have recognised that many are relatively easy to break into. Another consideration here is that you generally get what you pay for - the cheaper hosting deals tend to be those offering the least security so any money saved will probably prove to be false economy in the long run.

If it is possible to penetrate the network supporting the host platform then access to the platform itself will not prove difficult. Once inside the system(s) a hacker can exploit any weaknesses found – if sites are co-hosted (that means they share the platform with other websites) then effectively all websites on that platform are only as well protected as the most porous amongst them. In other words protection is only as strong as the weakest link because by using the least well protected as a gateway a hacker can then roam from there.

What can be done?

If you already have a website the best thing to do if you want peace of mind is to get it independently verified by a qualified IT security organisation such as Meritec. We will undertake a series of tests and assessments against both the code and the hosting environment and report back if any vulnerabilities are identified together with any recommended counter-measures.

If you do not have an existing website, or if you wish to replace, improve or transfer an existing one then Meritec will be pleased to help you with the secure development and / or secure hosting for that.

There can be no question as to the value to the business of having a good website – but ultimately only a safe website can ever be a good website – anything else introduces unacceptable risk to the business.