Recently, we’ve encountered a new level of internet security problems. What was once safe and secure is no longer.
You can probably remember a time when having a car alarm was a new and novel thing; now most of us have one. Many of us can also remember when we didn’t bother to lock the door on our house; now most of us have deadbolts. Security in our daily lives has simply evolved as the need has arisen. We’re more careful about throwing away documents with personal information and we’ve learned to memorize complex passwords with upper/lower case characters, numbers and symbols. The question is are businesses following the same evolution?
Many businesses built websites in the 90’s with a basic structure and over time have added modules of functionality. It was never truly cost effective to revamp the entire site so modular upgrades were chosen. This seemed wise and the results were good. Recently, we’ve encountered a new level of internet security problems. What was once safe and secure is no longer. And the things that are no longer safe are crucial; we’re talking about identities, numbers, passwords, sensitive information and trade secrets. The thought to most is that surely we’ve got that under control and we cross our fingers.
Here’s an example of how it can happen. Someone goes to your webpage: mystore.com. Then they type mystore.com/admin and low and behold they are at your backend log in screen. Of course the user has no clue what your user name and password is and really doesn’t want to take the time to try every possible combination. So what does he do? The user tries inputting a database query. Ok I know this sounds technical but stay with me.
Login: Somename@mystore.com
Password: or '1=1'
So you think or '1=1' isn’t the password right. But if your site was written with older security protocols this sort of hacking may be slipping in a command to the login verification. In this case the password box usually asks to verify inputted text from the database – confirm if passwordText equals ‘ ‘. The query says if the password text works or if 1 is equal to 1, which of course it is, then magically all the doors to your system open. There are a slew of these sorts of security issues that have arisen from older systems and businesses not periodically reviewing their system security.
Businesses are always extremely busy and a security review generally keeps getting put off. One day the security is breached, the data is lost, the records are compromised and those that put off the upgrades would give anything to get it back. An ounce of prevention is worth a pound of cure. Take the time to review your site security, fix the leaks, seal the holes and sleep soundly knowing your business is protected.
