In case you’re unaware of it hacking incidents seem to be on the rise all over the world. Last week the Guardian Jobs website was hacked with the potential loss of thousands of users information.

Matt recently had his Paypal account hacked and one of our clients also had a site intrusion issue (they were not on our server but are now in the process of making the move !). According to Breach and the Web Hacking Incidents Database (Google Docs Link here) the first half of 2009 showed a rise in hacks against web 2.0 sites.

It’s your site and so you  have to take some responsibility with it’s security. If you’re dealing with client’s data then you’re legally obligated to !

Here are some quick checks that we do inhouse but we suggest a full security audit and strategy is put in place too :

1. Passwords on your site - don’t make them easy to guess, don’t use children’s names or anything that could be easily guessed, use a mixture of characters, numbers and punctuation marks. Use an auto generator like this one :goodpassword
2. You’re probbaly using wifi at your place of work - is it secured with a password ? Is it an easy to guess word ? If so go back to #1.
3. Have a policy for passwords so each user has their own login so you can monitor if someone gets hold of that password.
4. Don’t leave data lying around on USB sticks or harddrives that are unsecured (how many stories in the newspapers have we read about important data getting left on a bus!)
5. If a disgruntled employee leaves your workplace, CHANGE YOUR PASSWORDS !
6. If a happy employee leaves your workplace, CHANGE YOUR PASSWORDS ! Better to be safe than sorry.
7. Check your network - if you can lock down your admin areas to IP address specific then that will limit intrusion attempts.
8. Be wary - wary of Phishing scams, emails that seem to good to be true, files attached to emails and websites that appear to be something that they aren’t. All could contain hidden programs that track your key strokes, take over your machine and let the black hats in.
9. Be cautious of the human factor - leaving passwords lying around on post-it notes, phonecalls from “authority figures” asking for passwords and private information (ask them for their number and call them back if you’re unsure). The list goes on and on. Kevin Mitnick, the worlds most famous hacker always pointed to this as his first port of call when hacking any system.
10. A good overview of what you can do is on the US dept of Homeland SecurIty website.

In the words of Sgt Phil Esterhaus, “Let’s be careful out there !”