Big Business on the Black Market
The Russian password hack has made big headlines of late. In this post I’ll share some of the statistics… but more importantly what you can do to protect yourself and your business’ WordPress website from joining the very long list of victims.
Russian Password Hack Stats
According to Hold Security — an Information Security, Assessment, Risk Management and Incident Response Company — they uncovered the data breach of:
- 1.2 billion passwords
- 500 million emails
- 420,000 websites
What tipped them off? Millions of stolen credentials for sale on cyber-black markets. For more details on the Russian password hack incident, the Huffington Post has a nice synopsis.
Personal Password Management
As a consumer, your best defense is making your life more difficult. It’s just too easy to let your Web browser store your passwords and automatically log you into accounts that you frequently access. Your first hurdle is to overcome password laziness. Here are the practices I use to keep my personal data safe:
- If you can remember a password, it’s not good enough.
- Use a secure password generator as it can create long, complex strings with various types of characters. The longer the better.
- Organize passwords in a secure vault. I prefer LastPass.com as it has a paid version that works for desktop/laptops as well as mobile devices.
WordPress Website Security
Getting your website hacked is a nightmare. I’ve heard Webmasters take a nonchalant stance: just be sure you have backups so you can restore. You probably guessed that I don’t agree. Strongly.
Regardless of how big or small, your website should have multiple levels of protection. If you use WordPress, there are several layers I suggest adding to your software installation and maintenance practices in order to avoid a “Russian password hack” situation.
- Keep the software code clean so routine WordPress upgrades can be completed. Imaging customizing Microsoft Word 2013. When patches are issued, you can’t install them without erasing your customized code. There are better ways of customizing WordPress. Leave the core code alone.
- Hide your WP version. Hackers look for the version to figure out security loopholes.
- Change the table prefix. If this is greek to you, have an expert perform an audit and manage this change.
- Require secure logins by users. That means no “admin” as a default account login. We like 2-step authentication as it adds yet another level of online security.
- Regular backups make sense for business continuity. I recommend redundant systems.
Were you affected by the Russian password hack? Are you now willing to overcome password laziness?
How can we help?
Launching a WordPress website and need help with security? Or, having trouble keeping your plugins updated?
We are the spectrum group online, and we offer strategic and tactical consulting so you can monetize your online presence. Call us for a complimentary 30-minute consultation to discuss your website’s user experience and translate that into sales.