Websites are important for all businesses, but for the leisure and tourism sector being able to show photos of far-off places and boutique hotels is essential.
So, what would happen if your website couldn’t be updated?
Or if your payment system stole your customers financial details?
Or if your booking system was compromised and that once in a lifetime trip was transferred into someone else’s name.
Reputational damage and financial issues.
What should I be aware of?
Weak, reused, default passwords all could help an attacker get access to your web hosting or platform.
Within your web hosting they could redirect your webpage to another site, maybe pornography or use it to create a phishing site which collects your customer details.
If they got into your content management system, such as Wix or Wordpress, then they could delete your site, introduce malware on your pages or block your access and blackmail you for its return.
Make sure your passwords are strong (unique and complex), use a password manager and enable 2FA.
Just like your devices, websites also need updating when new vulnerabilities are found, and patches released. Who is responsible for this with your website? You or your website company? Do you know?
If you are loading third party content (widgets/plugins) are you tracking them for updates or getting rid of them if they are no longer needed?
Limit the number of people who have access to your website and social media.
Yes, you are on good terms with them now, but if you need to fire someone who has access to your site, could they post defamatory content or change the login details, so you don’t have access?
OWASP top 10
OWASP (Open Web Application Security Project) is a non-profit foundation that works to improve the security of software. They release the top ten most common vulnerabilities that are seen in websites. You can use this to see if your website is vulnerable to attack.
One of the affordable cyber services that the ECRC offers is a Web App Vulnerability assessment.
We use the OWASP top ten vulnerabilities to assess your web applications and then you get a plain language report about what results were found and if there are weakness guidance about how these can be addressed. We can work with your web developer or IT team to support them put mediation in place.
These are colour coded, so red means you need to take immediate action, orange are those you should look to improve and green means they haven’t found a vulnerability.
We say that these are affordable because they truly are.
The services are carried out by paid university students, trained, and mentored by a senior ethical hacker, to ensure that it is carried out to a high standard.
The cost is dependent on the structure and complexity of the application, but you can get a no obligation quote if you are interested in exploring this further.
Your IT company may offer this service, but just consider if you should be getting them to check their own homework. An independent view might be more appropriate.
Further guidance & support
The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the aim of increasing cyber resilience of SMEs within the East of England.
We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
Policing led - business focussed