How Can I Prevent Compromise?
In an increasingly digital world, cybersecurity goes beyond website security and antivirus programs. Any system can be compromised from your laptop to your mobile device to your email and website. It is important to remain vigilant at all times and take steps to prevent a compromise. Compromises can lead to identity theft, lost data, or a damaged website.
Recovering from a cyberattack can be frustrating. Fortunately, there is a lot you can do to both prevent a successful cyberattack and quickly recover in the event of a compromise.
This article offers general tips for preventing compromises, as well as specific suggestions for your services:
There are many ways to protect your online presence from cybercriminals. The following tips can help protect your sites and services from compromise.
- Secure your local computer - Connecting to your website or email from a computer with a virus or keylogger could mean inadvertently spreading malicious content. This can include uploading malware to your website, sending viruses to your email contacts, or losing your passwords. It’s best to use trusted antivirus software to protect your local systems.
- Beware of phishing - Fraudulent sites created to look like common banking sites or payment sites are referred to as phishing. Phishing schemes are becoming increasingly sophisticated in their attempts to steal login credentials. Always check the URL before entering login information after clicking a link in an email. A best practice is to navigate to the site in question directly rather than clicking on a link from an email.
- Practice password safety - Always use strong passwords with at least one capital letter, one lowercase, numbers, and special characters. Never reuse passwords and store your passwords securely in a password manager.
Note: If you NEED to provide access to another person, generate a temporary password to provide to them, rather than providing the password you use regularly and restore your previous password when they no longer need access.
- For more information on creating strong passwords, check out this article: How Can I Make a Stronger Password?
- Be careful on public connections - Be wary when connecting to applications, email, and websites over public or open WiFi networks. It is always recommended that you use a Virtual Private Network (VPN) to connect and ensure that your passwords and transactions are sent on an encrypted network.
Websites & Software
In addition to general cybersecurity awareness, it is important to take proactive steps to secure your website and applications. While your hosting provider takes steps to secure the server your website resides on, the security of your individual website and applications is your responsibility. Below are a few of the steps we recommend:
- Update your applications - Always update your applications, themes, plugins, and other add-ons to their latest secure versions. These version updates are released to address security vulnerabilities in applications. Always remove unused scripts, plugins, and themes to avoid leaving them vulnerable to attack.
- Use appropriate file permissions - Manage your hosted file permissions to ensure that public-facing files have 'read' and 'write' but not 'execute' permissions. On a Linux account, always avoid 777 permissions. Files should be set to 755 and folders 644. This can be done within your File Manager.
- Source responsibly - Applications and software that are used on your website should come from licensed developers that review and release application updates regularly.
- Use a malware scanner - Use a malware scanner that can automatically detect and remove malware such as the one found in the SiteLock Essentials and Prevent plans.
Many users log into their email more frequently than any of their other services, putting it at increased risk. Below are some suggestions for keeping your email secure:
- Update your email slient - Many users use an email client such as Mozilla Thunderbird or Outlook to connect to their email accounts. Always ensure your email clients are up to date with the latest security updates.
- Connect using SSL - When connecting to your email account using an email client or mobile device, always connect using SSL. This will ensure that your information is encrypted and protected from attackers sniffing for data on open WiFi networks.
- Please see the following support article on how to do this: POP3 or IMAP with SSL.
- Be wary of attachments - When accessing your email accounts, never open unexpected attachments, even from trusted contacts. It is also recommended that you scan all attachments with an up to date antivirus software. This will ensure that checking your email doesn’t result in viruses on your local machine.
Passwords can be compromised by sharing/guessing passwords and brute force attacks. The most important thing to do is to keep your passwords a secret. It is best not to share your email account with anyone else. If you must give a password to someone, don't share it with too many people, and be sure to change it when they are done using it to access your account.
Don't write down your passwords or save them in a plain text file. Do not reuse old passwords as they may be compromised, and do not use the same passwords with other accounts. It is highly recommended you periodically change your passwords. Please note that this applies to your cPanel/WHM passwords as well as these can be used to access the email account or change the email password.
You can find more by checking the article below:
- Phishing attacks are becoming a common way to steal login passwords. Please do not log in to your email account via an unknown link. Be sure to type in the name of the webmail site in the address bar of your browser to help prevent getting your login password stolen.
- Be careful when checking emails. When checking your email, do not open suspicious attachments and be very careful of emails pretending to be from services you use that have URLs that you do not recognize asking you to log in. Malicious emails can be used to either infect your computer directly or maliciously direct you to a phishing site where you may give your password away directly to your attackers.
If you are already the victim of a compromised HostGator service, please visit the following article for options and assistance: