What Are The Cybersecurity Risks To Your Website In 2023?
6th January 2023
How much attention have you paid to cybersecurity recently? Though it may not currently be in the spotlight, cybersecurity is still one of the most important considerations for any business operating online – or really, using technology in any way.
Here are four cybersecurity issues for your business in 2023 so you know how to keep your data, customers and employees protected this year.
Two-factor authentication
You’ve likely come across two-factor authentication (or 2FA) as a consumer even if you haven’t come across it at work. Two-factor authentication means that when you log into a website, app or piece of software, you need to authenticate yourself in two different ways in order to get in securely. For example, you may log into your email account using a password, but you might also need to use an authenticator app on your phone to provide further information. This might involve confirming on your phone that you are trying to access your emails and using your fingerprint to ID yourself. Or you may receive a six-digit number in a text message and you’ll need to enter this wherever you’re trying to log in.
This extra step confirms that you are who you say you are because you’ve used a device that it’s likely only you have access to, in order to confirm your login attempt. If someone elsewhere in the world tries to log into your account, the 2FA request is sent to your phone and you can safely ignore it, knowing that as long as you don’t confirm the login attempt, the other person won’t be able to get in and your data remains safe.
That’s how it works from a user’s point of view, and it’s become increasingly important for businesses to protect themselves and their customers in this way. If you provide accounts users can log into, run an eCommerce website, or give access to potentially sensitive information or website areas such as admin portals and you don’t have 2FA in place, you’ll want to consider making this a priority in 2023.
End-of-life for your CMS
It feels like it’s been an awfully long time, but Drupal 7 is finally going to end of life in November 2023. After some deadline delays and extensions due to covid, 1st November 2023 is the current date for Drupal 7 to be sunsetted. The website platform Drupal is widely used, and while many people will have since moved onto Drupal 9, there will still be some websites out there still on Drupal 7.
If your website is built on this technology, it’s essential to upgrade it. As the software is sunsetted it will no longer be supported, which means that any updates are no longer rolled out. Eventually, continuing to use this older version of the software poses a security risk because any vulnerabilities will not have been fixed and could therefore be exploited.
You can find out more about what sunsetting means in our original article about the end of Drupal 7.
Remote working
When you think about security breaches, you may be thinking about distant hackers and cyber criminals determined to get their hands on your data. But it’s also important to think about your own employees and how they work. Though if you have a good team it’s unlikely anyone is working against you from the inside, it’s still important to have a robust system in place to minimise the risk of any security issues arising by accident.
One potential risk comes with the increase in people working from home. Flexible working has been a godsend for many people, and many companies have found that this way of working has improved morale without affecting productivity. However, there are several things to consider when your staff is working remotely, including:
- Are they using company-owned and managed laptops or PCs?
- Is the antivirus and firewall regularly updated?
- Are the networks people are using secure (especially if they are in public places rather than private home networks)?
- Are they using trustworthy websites, software and apps?
User error or security ignorance
This final point is all about building a culture of understanding security issues. Again, employees may not deliberately do anything to cause security issues, but are they educated on the issues enough to be able to avoid falling for a scam? For example, CEO fraud is when an employee is emailed by what appears to be the CEO of the business asking them to handle sensitive data, which, since it isn’t the CEO at all, subsequently falls into the hands of scammers.
Can your staff tell the difference between a legitimate email and a phishing scam purporting to be from a reputable person or company? Do they know not to click on any suspicious emails? What if they receive a phone call saying there is something wrong with their computer – will they know to be sceptical or could they fall foul of scammers taking over their computer and putting the company and its data at risk?
If you’re in any doubt – and even if you’re not – it’s a good idea to arrange some refresher training to ensure every member of staff is aware of these risks and knows what to do if they find themselves in a sticky situation.
If you would like any help with secure web development, get in touch with SilverDisc.