In this interview with CalvinAyre.com’s Becky Liggero, Hedgehog Security founder and CEO Peter Bassill shares how affiliates can best protect their websites from being hacked.
Websites are often compared to financial institutions when it comes to the wealth of information they hold–birthdays, number of siblings, gender, even the car you just purchased.
Like banks, websites are targeted by hackers who want to get a hold of that vast information for their own consumption. There are lots of ways that websites are hacked these days, according to Hedgehog Security founder and CEO Peter Bassill.
The most common way that websites are hacked is through passwords, according to Bassill. Users can be hacked when they have passwords that have been compromised in the past and are available out on the internet.
Bassill said that it’s important to create a password that is going to stand up against a sustained attack instead of focusing on creating a hack-free password. He added that operators must use the so-called 90-day rule for changing passwords.
“Creating a password that’s not going to be hacked is really difficult because given the time and resource, we can break you password. To create a password that is going to stand up against a sustained attack, take three random words. Really simple random words,” Bassill told CalvinAyre.com. “Add between those words is a special character, maybe an exclamation mark or a dollar symbol between each of the words, add in a couple of numbers, something you’re going to remember and you should have a reasonably good secured password. It’s going to be longer than 16 characters long. With your password, make sure that you are using different passwords for different sites. Change it every 90 days. You’ve got to keep refreshing that password.”
Aside from passwords, Bassill pointed out that hackers also resort to the typical Distributed Denial of Service (DDoS) attacks.
DDoS attacks make an online service unavailable by overwhelming it with traffic from multiple sources, the Hedgehog Security founder explained.
“That’s when you got many machines attacking your site and take you offline. Failing to patch your machine to keep up to date, so you just leave yourself open to vulnerabilities on your website. That can be easily taken over by attackers,” Bassill said.
To prevent websites from being hacked, Bassill said operators should use a good firewall and always make sure that their system is up to date.
He added that there are free resources available online—such as haveibeenpwned.com and Cloudflare—that operators can use against hackers.
“Make sure that everything looks the way it should, make sure that everything’s added in. You haven’t got any pages that are loading slower than other particular pages. If you have, get a tech to have a look at them and see why they are running slower and just enhance those particular pages so it’ll load a lot quicker,” he said.