Data theft and hackers are currently again in the focus of the media and society. In December, a hacker from Hessen, who had meanwhile been identified, had distributed personal data of well-known personalities via Twitter. In mid-January, hundreds of millions of email addresses and passwords appeared in a hacker forum. Most of this data is diverted into company databases. The problem:
Many companies are easy prey for hackers.
The authorities from Hessen identified a 20-year-old with the code name “Orbit” as the author of the publication of personal data on Twitter. These included politicians, journalists, rappers and YouTube stars. The media spoke of a “mega hack”. Compared to the “Collection # 1” case, which has now become public, it was more of a mini hack. Collection # 1 is a collection of 1.16 billion combinations of email addresses and passwords; 87 gigabytes distributed over 12,000 files. This is a collection of several data thefts that were collected some years ago.
The sources of the hackers are usually companies. The media mainly deals with data leaks from large companies because they attract more attention. However, many companies are poorly protected and can therefore be accessible to criminals or spies. The software they use has security flaws. It is easy for hackers to steal data or sabotage computers. Companies do not have to take out a loan straight away in order to achieve the necessary security. However, investments in IT security are necessary to solve these problems.
Securing the website from hackers: important points
First of all, it is important to make your own website more secure, as it is often used by hackers to gain access to the company. For this it is necessary to configure the server in such a way that as little information as possible from the web server can be accessed by third parties. Furthermore, server logs and directories on the server should not be visible to third parties at all.
Those who allow entries in web forms on their website should also secure them. The entries should be checked for relevance and encrypted. Only in this way can the data be sent to the web browser in a protected manner, which allows third parties access. This is known as cross-site scripting (XSS) and is one of the most common attack methods used by hackers.
Furthermore, no applications should be used that allow unprotected access to the company’s backend. This can bypass firewalls and create serious security gaps. However, many companies do not know about the security standards of the web applications used.
Another point that is often neglected is the separation of backend and frontend. Website areas that allow external access should be separated as strictly as possible from the internal structures. Every point at which information is exchanged between the back and front end is a point of attack for a hacker.
However, these are only initial safety precautions. As a rule, your own IT department is necessary to keep IT security up to date. However, many small and medium-sized companies cannot afford this. But you have to, because in the event of a data theft, companies have to be held liable. The BSI (Federal Office for Information Security) therefore recommends the concept of IT basic protection. The neglect of security is also one reason why Germany is skeptical about digitization.
EXTRA: Why Germany is skeptical about digitization