Website, email and mobile app security

Website, email and mobile app security

Security is of utmost importance when considering and deploying a website, corporate email services and mobile apps.  All of these are publicly accessible over the Internet and thus are open to any and all undesirable threats from viruses, malware, and hackers.  You cannot limit physical access as can be done with systems within your office or corporate network.

Any of these system being compromised can impact: your brand and corporate image; customer confidence in the use of them; other systems they may come in communication with; employee productivity; even your cash in the bank; and ultimately your bottom line.  However, if done properly and securely and an update and review procedure is developed and adhered to these Internet based systems can improve all the same areas of your business.

Security of publicly accessible resources

A hacked website can collect your customer’s information as they submit forms, log into their account and provide other information through your website.  It can also be used to send out spam emails from your domain name and result in your legitimate email being blocked by the people you communicate with.  It can be used to leverage attacks on other systems which you can be held liable for.  The impact of a compromise of these systems has more reach than one of your in house systems.

A tiered approach to security is required, this ensures not only the build of the website, email or mobile app is done adhering to security standards, but also the systems that support them and that they run on and communicate with are secure.   For example if you have a mobile app that connects to a backend system for app management and reporting, this app can be compromised by a poorly secured backend system.  Additionally, the operating systems that your website, email and mobile app run on must also be secure.  Communication with these systems need to be looked at, for example using  an SSL certificate on your website, using encrypted authentication when accessing email and secure API authentication for mobile apps.  The access to the servers that store your website, email and mobile app systems must also be considered.  This includes using proper firewalls and reactive monitoring, only running what is absolutely required on these systems to support your resources, allowing only the ports needed and keeping these protective systems update to date.

Open source

The popular systems that run the far majority of the Internet are open source systems, these include the Linux operating system, apache web server, MySQL database, WordPress, Joomla, Magento and many other like systems.  The big attraction is that they do not cost any money to use and because they are open source can be modified by anyone with the expertise to provide custom features.

Being open source means that any hacker can learn the intimate workings of these systems and use this knowledge to their advantage to compromise your assets.  All of these systems have huge support from developers within their organizations and the open source community and this means that security weaknesses are quickly identified and addressed.  You only benefit from this if you regularly keep you website, email and mobile app up to date with security patches.  The other element of these open source systems that demand that you keep them up to date is that they all publicly published a list of security updates and patches applied to the latest update.  This lays out on a table what hackers can target on systems that have not got these updates.

Ethical hacking and security audits

You may think that it may be too risky to use these resources but to operate effectively and competitively in todays business landscape you must.  What is needed is regular checks and reports on how secure they all are.  Ethical hacking and security audits are services that test and check your system from an end user and internal user’s access points to discover and report on any weaknesses or vulnerabilities that may exist.

If discovered these vulnerabilities need to be addressed, this is called security hardening and is an essential service and aspect of any development project.

Conclusion

Security must be taken seriouly when using Internet based applications and engaging a company like Webberz.com Ltd. that has security at its foundation is the first step in the right direction.  A well thoughtout and implemented security policy is also improtant.  Contact us today with any security matters you want addressed.