How many of you are secure in your security policies, especially cybersecurity?
I do training and presentations on business security and I'm wondering how many at MosaicHub have prepared for the probability they will be hacked or compromised given the current environment. If you would provide more than just a yes or no it would be appreciated. I will be using the information as generic talking points to my audiences. I will not name any names of course!
I know too much, so I never feel completely safe and secure, no matter how many precautions I take. Having seen what is out there and what people are capable of is unnerving! I tell friends to stop posting pics of their kids on Facebook and explain how much info can be gleaned from a photo or how easy it is to take that photo and use it for other means - well, they think I'm overreacting. They think because their FB settings say "private" they are protected. Ignorance is bliss, I guess.
I have 58 WordPress websites to protect on a VPS managed server. While I don't rely exclusively on the Hosting company; they do backups and take other assorted security measures.
I believe that iThemes WP-Better-Security and Wordfence are the top security plugins for WordPress so I use one or the other on every website I build. I'd like to pick and stick with one, but sometimes there are WordPress themes that simply won't cooperate. :-) Whichever plugin is used I remove the user name "admin." I also have researched how to configure each plugin. Improperly configured, either one could be compromised.
I also add to every site the Country-Code-Failed-Login plugin. This free plugin locks out anyone who tries to login from another country . It also helps me stay with the free versions of WP-Better-Security and Wordfence.
Backups are done by creating a clone of each site using a product called Duplicator. Backups are maintained locally on my computer not on the managed server. This essentially works like Backup Buddy, but it too is free. Most of the automatic options I was presented with don't back up everything. Maybe they only backup the database. Note: If you haven't restored a site from backup...you should not consider yourself prepared.
I don't like guilt-ware so I use the plugin Zero-Spam, another free product, to handle spam-related problems. Akismet would cost too much for my operation.
Thus, it takes 4 plugins to handle cyber security. My current preference is Wordfence over WP-Better-Security. This is based on the fact that using it I don't use an optimization plugin; I'm pleased with the way the Wordfence Falcon engine works.
I'm also evaluating the usefulness of Photon. It is an image acceleration and editing service for sites hosted on Jetpack-connected WordPress sites. This is intended to mean less load on your host and faster images for your readers. The jury is still out deliberating.
I'm a solopreneur and freelance web designer so I have to keep it lean and mean. I'm always trying to do better,
- The Pragmatic Web Designer
90 percent people feel un secure because judicial system are worst more than 90 person criminal without getting and prison get free both police and judiciary are corrupt
While I cannot and do not make comment about the security policies and processes of the companies for which I work / have worked / consult / have consulted; my opinion about security policies in general is as follows.
The answer no one wants to hear--and for which I have been unpopular at a few banks for sharing--is that there is no 100% security; a determined individual or group will eventually get in given enough time and focused energy. An additional discomfort is that most successful hacks will very likely have a prominent element of social engineering because people are the easiest method of bypassing security measures. Probably the most distressing is that no matter how good the policies or the associated processes, mistakes will happen. Ultimately, most security policies and processes are there to achieve three things in my opinion:
- Reduce the risk of a breach;
- Deter intruders by making the target less attractive than other easier targets; and
- Lesson the impact of liability if a breach does occur.
Bottom line is that I don't think that it is possible--given the context--to feel secure about any security policy or process; the best we can hope for is to do things that help us feel less uncomfortable in my opinion.
I'm a lousy example. I write books on the subject and use countless systems. But a great point to add to your presentation might be regarding small businesses and the relatively unfamiliar area of intrusion detection systems like samhain, snort, suricata, etc. Anything that improves topography will go over pretty well too in my experience.