Setting up a secure website is a topic fraught with myths. The media, business leaders and even the general public have a distorted idea of what exactly constitutes a security threat. Not many people understand exactly the specific motives attackers have and which puts them at a disadvantage when it comes to addressing the kinds of issues a general purpose website can face.
Realistic online security requires website owners to think in practical terms and to understand that for every criminal mastermind they read about in the media, there are a thousand far more mundane perpetrators who have far less nefarious motives. The key to success in online security is to establish a workable strategy.
What Do You Own
Ask any business owner this question and limit it just to their online presence, and often you’ll get half an answer or just a blank confused stare. Even sophisticated IT professionals very often can’t state with certainty what they own online. If you don’t even know you control it, how can you protect it? This would the first step to take, before you even start thinking about a comprehensive security strategy. You have to make an inventory of everything you own. The best way to start is to make a list of everything you control that has a password, even if it only resides on your internal network.
Keep it Simple
Don’t be seduced by promises of massive technology investments that offer a one-button solution to a complex problem. You have to keep things far simpler than that, otherwise the solution will become the problem, and you’ll spend all your time ignoring security in favor of trying to wrangle the solution you installed. Remember the watchdog parable, “The button is there to configure the security system, the dog is there to bite anyone who tries to push the button.”
Document and Train
Ultimately, most security problems are people problems. If you are in charge of security, then you are in charge of training people to do things in a secure manner. Start by documenting everything your employees who use the system need to know, and then hammer away at that message until it sinks in.
It’s very easy to think big. It’s far harder to think small, especially when it comes to security. Consider how many security issues have been solved with a five dollar lock and you’ll understand the scope of your responsibilities much better than if you are trying to prevent break-ins with a satellite network.