Are you currently experiencing an attack?

Are you currently experiencing an attack?

Five tips to enhance your web security during Covid 19 (and in general)

With the new Covid-19 guidelines stating that people need to stay at home, we see a massive rise in online activity. In fact, in the UK alone, we are talking about a rise of about 40% in e-Commerce purchases. People are afraid of going out and are looking for ways to continue their everyday routines from home. This surge of web activity calls for a robust web security solution.

Sadly, we see two major issues with this rise in online activity. The first is that some websites cannot handle the growth in activity and are going offline. This is easily fixed by having a solution that can react to the increase in bandwidth and automatically deploy extra servers that can handle all the requests. The other issue which we are seeing is malicious organizations taking advantage of the situation and attacking the websites. Hackers see what we see and they know that companies are relying on their web activity, now more than ever, to continue providing their services. So why not attack them or hold them for ransom? 

As we do not know what the future holds for us and how long will we need to comply with these new guidelines, having an advanced security solution is a necessity in these times. You need to make sure that it protects you from whatever hackers throw at you.

Therefore, we thought to share with you five tips to enhance your security, especially in these times. 

Cloud Migration

How many times did you hear the word Cloud in the last several years? The Cloud is here and it is here to stay. But, when we are talking about the cloud in the context of cybersecurity, we are talking about hosting your website and your data on the cloud. Sadly, there are many organizations that are still using on-premises solutions and servers. With Covid-19, we saw how important it is to have your solution on the cloud. Websites that are suddenly overwhelmed with traffic can add extra servers in a click of a button or even automatically. This will allow them to stay alive and continue to supply service to their customers. But it is more important when it comes to security. A DDoS attack is an attack that tries to slow down your site and even take it off the air by sending an abundance of requests, overloading the servers and eventually crashing your site. 

Needless to say that if your solution is hosted locally you cannot just run and buy another server. Well, you can but it takes time – a thing that is precious in this situation. A cloud-based security solution can assure that you will always have enough resources to stay on the air and defend your site from any attack without slowing down. By bringing additional resources online instantly and automatically, a cloud-native solution can handle anything coming your way.

API

This is the time for mobile applications. Most major organizations offer its customers a mobile application. Some organizations like banks allow customers to do almost anything via the application and they can almost completely avoid physically going to the bank. This is a great feature in general but even more when we look at this in the respect of Covid-19 and social distancing. When we talked earlier about the rise in web activity we need to remember that there is a direct correlation with enhanced activity in mobile applications. Just think of it, how much time do you spend every day on your mobile phone and how many activities are you accomplishing just using  your phone. When we talk about mobile web applications we are talking about APIs – the communication protocol between the application and the web site. Many people do not realize that the API is a potential security breach. There are numerous attacks that can be performed via APIs, such as Injections Attacks, DoS/DDoS Attacks, Authentication Hijacking, Data Exposure and much more. Securing API endpoints from hostile usage is challenging. In many ways, API security is different from typical approaches to web security. Attacks are not necessarily detectable within the incoming requests. Many forms of API abuse are based on requests that seem legitimate. 

Protecting APIs is important, especially today. Our tip – invest in API protection from the development stage if you can.

VPN

A consequence of having people work from home is the higher usage of VPN services. There can be many reasons for this increase. The most likely reason is that many web services are blocking unknown IPs, thus compelling people to use a VPN service. There are many VPN services available, both free and paid services. This is fine and good for personal use but what about people working from home?

A VPN provides end-to-end encryption for your connection to the internet. When we are talking about a company, the VPN provides a secure connection for your employees no matter where they are connecting from. So even when they are using their home network, surfing from a coffee shop or even using an open free wifi, a VPN will secure their connection and keep your internal servers safe.

Full Transparency

A rise in web traffic is great! You get more visitors that increase your website traffic, but you have to remember that with it, there is a potential for a rise in malicious traffic. You can learn a lot from all that incoming traffic. Let’s say you are an e-Commerce website owner. Wouldn’t you like to know where your users are coming from and what they are doing? Now, think about the increase in traffic. This is the time to start analyzing everything you can about your users. There are many tools that give you the information, such as Google Analytics. But there are some services that complete this information and can give you an even deeper look at your traffic. You can learn how many users are human and how many are bots, if they are behind a proxy or using TOR, etc. You can learn what countries are most often blocked on your website, or in the case you are under attack you can see where the attack is coming from. Some security solutions will give you this information and some will also allow you to block specific traffic in advance (such as from specific countries) so you can save on bandwidth. 

Managed Security Solution

In the last few weeks we are seeing a significant rise in the usage of online services such as online retailers, e-learning, various online productivity apps/platforms and more. As a consequence of people staying at home and with all the new guidelines of social distancing, people are moving more of their life online – they are buying more through the web, they are working from home via various online meeting services and more. Usually, more traffic means that you need to add computing power to handle it, i.e., more servers. Many online retailers are prepared for this situation and can support a massive increase in traffic. But, there are some that are unprepared and this added traffic can cause their websites to struggle and even go offline (which is a death sentence in today’s world). And online retailers are not the only ones to suffer from this. Government services and critical infrastructure websites are prime candidates. For example, one of the negative outcomes of Covid-19 and social distancing is the number of people who were sent on unpaid leave or even fired. Due to this, there is a massive rise in the number of people signing up for unemployment and with the new social distancing guidelines, people signing up online. In Israel, for example, 5,000 people signed up for unemployment every hour

While more people are using online services, the websites were not designed to handle so much traffic at the same time. In the case of the Israeli Unemployment Bureau, as they had a fully managed solution, the immediate intervention of the security team prevented the site from going down and in a few hours, the site was already able to handle a much larger number of visitors. 

Thus, without any intervention from the website owner/operator, a fully managed security solution is able to handle any obstacles coming your way. 

This is a difficult time and we are not sure that the worst is already behind us. But like any major life-changing event, if we will plan for it we will succeed. I cannot predict what will happen next but I can assure you that if you follow these tips you will be able to save precious time and money and most importantly, you will keep your web assets safe during this event. 

If you have any questions, feel free to contact us and we will be happy to help you with your web security needs the best way we can. 

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.