This topic divided into 2 parts. First part is about individual security hygiene. Working in a company and using personal devices to get the job done requires strict security discipline. Intrusions do not distinct business and personal devices – they look and find vulnerabilities.
Second part is about securing WordPress web-site. In course of years this became much shorter and simpler.
Part 1. Individual Security
Using strong passwords
1.Shouldn’t be common words, names etc.
2.Should contain caps, letters, numbers, symbols
3.Keep passwords safe (LastPass i.e.)
4.Don’t reuse passwords
5.Don’t use same password for multiple services like FB, Gmail etc.
6. Change passwords every 90 days or sooner if needed
Log out of sessions
1.Working with RMRS Business email, web-site, softwares – always log out after work is done.
2.Do you use devices in public places? Don’t leave computer unattended while you are logged in.
3.Don’t check emails from public WiFi
Antivirus on your devices
1.Which antivirus do you use?
2.There are plenty of free ones like Avast, Avira, etc. Look at TOP-10 antiviruses this year in Google. Choose one. Pretty much every popular paid antivirus has its own free version.
3.Do you scan downloaded files before installation? You should
4.Do you access risky sites having potential security warnings?
Phishing emails – don’t trust:
1.Do not trust emails from unknown sources
2.Check sender’s email address. If it’s empty or the same as yours – delete it
3.If sender is a company you know, but email address is different – delete it
4.Do not click any links in email asking to verify your payments, security issue with your account etc.
5.Do not trust Warnings like your computer is infected and you need to clean it by clicking this link.
6.If possible – see what the link source code is. PayPal example – emails looking like original ones, sent from company–like email address, but links are cheating
7.Company-like looking web-sites – CHECK URL. If it’s different from company main URL – leave that web-site. PayPal.com vs PayPalz.com
8.Email attachments after saving should be scanned
9.AVOID Unsubscribe links in obviously spam emails – don’t click unless you know the sender or it is a reputable company. The thing here is if you “unsubscribe” – it means you technically “confirm” your email address as a real spam target.
Global attacks and threats
1.News say there is global attack on FB, Microsoft … Read the rest