Avoid Cracks in Your Website's Security Armor

Sunday, January 08, 2012

Allan Pratt, MBA


Recently, I have heard from several colleagues that their blogs have been compromised.

While a security breach may be inevitable – heck, if branches of the Federal Government and national financial institutions have been hacked – there are steps you can take to protect the valuable data you share on your corporate and/or individual blog.

Here are my "Top 10" Tips to avoid cracks in your blog’s security armor:

[1] Review comments before approving them for live posting. While many bloggers review content to avoid including inappropriate content before posting live, you should also review email addresses and links that accompany the comments, since they may link to inappropriate sites that contain viruses.

(Note: To see if an abbreviated website URL is appropriate for inclusion on your blog, use this site to expand the abbreviated link: http://checkshorturl.com.)

[2] Change the password to access your blog on a regular basis – every 90 days is a good schedule to follow.

(Note: To measure password strength, use Microsoft’s password checker site. https://www.microsoft.com/security/pc-security/password-checker.aspx?WT.mc_id=Site_Link)

[3] If there are several users or writers of your blog, make sure that everyone has a unique login and password. Do not share the same login and password.

[4] Don’t allow blog access to third-party applications or plug-ins – period.

[5] If you use graphics, images, or photos from the web, make sure that you run a virus scan after downloading them and before you open them to upload to your blog. Make sure that the images are royalty-free and legal to use.

[6] Back-up your data on a regular basis – at the very least, save all articles, images, etc., that you post on your blog.

[7] If you use a free blogging service such as WordPress.com or Google’s Blogger, update to the latest versions when they are released. There may be new elements that protect against the latest viruses or malware – and if you don’t update to the new versions, your blog may not be protected.

[8] If you choose a web firm to host your blog, do you homework and choose carefully. Check references and spend the time to carefully review samples of the firm’s work.

[9] Do not blog from free Wi-Fi locations because not only can someone steal your login passwords, but even worse, they could take over your blog using your own password – and could also lock you out in the process.

[10] Only blog from computers that are secure and spyware-free. Malicious code can enter your blog from an infected system.

With hackers on the rise, you don’t want to wake up one morning only to discover that your new priority for the day is to re-create your blog from scratch. From re-formatting content to re-designing graphics to developing an overall theme to finding a new host to changing all of your passwords, the creation of a blog is a time-consuming project.

But the task of re-creating a blog when one had existed for a certain amount of time can be a nightmare. So, spend some time now to avoid cracks that can occur in your blog’s security armor – you’ll be very glad you did.

Allan Pratt, an infosec consultant, represents the alignment of marketing, management, and technology. With an MBA Degree and four CompTIA certs in hardware, software, networking, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. Expertise includes installation and maintenance of hardware, software, peripherals, printers, and wireless networking; development and implementation of integration and security plans; project management; and development of technical marketing and web strategies in the IT industry. Follow Allan on Twitter (http://www.twitter.com/Tips4Tech) and on Facebook (http://www.facebook.com/Tips4Tech).

Cross Posted from Tips4Tech

Possibly Related Articles:
malware Application Security Data Loss Prevention WiFi Third Party hackers Website Security Allan Pratt
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.