If online security hasn’t been on your radar, it’s likely going to be in the near future. Cyberattacks and ransomware hits are increasing and reported more and more in the news. In the past, these attacks have primarily been directed towards large corporations or governments, but that notion changed yesterday with the news of NSO spyware launched against individuals through their phones.
You and I may not be a target of such attacks yet, but the writing is on the wall—it’s not a matter of if but when.
LexBlog is not immune to being the target of aggression by unknown sources. We have had relatively small incidents in the past that thankfully were thwarted or kept at bay by our technology and support from our partners. And while we strongly feel confident in our ability to repel future attacks, we have started to demand more from ourselves and ask more challenging questions.
This year, our technology team has invested additional time examining what can be done to reduce the risk to our platform, your account and your blog.
Cyber attacks are one of the primary reasons we are looking for ways to reduce the risk and impact of future attacks. One of the first outcomes of this endeavor was removing comments from a large portion of our blogs. Not only were they a drag on the site efficiency, but a side benefit from removing this function was a slight reduction in the risk of a potential hacking attack.
Our next step involves the process of logging into accounts. After thoughtful consideration, we have made the decision to require the use of CAPTCHAs as part of the login process to our platform. Depending on your browser activity, this extra step will involve checking a box to verify that you are not a robot.
If the system thinks your behavior resembles that of a bot, it will ask you to identify certain images within a random mix. The entire CAPTCHA process looks for response time (the speed and motion of the cursor or finger tap) as an indicator if the user is human or a bot.
There are other, more secure measures available through our Enterprise platform. First is two-factor authentication—one of the best ways to protect accounts from nefarious activity. We highly recommend activating “2FA” when and wherever you can to protect your online accounts. The second measure is “whitelisting” IP addresses to protect the WordPress Administration area. Not only does this amp up your security but it is also much easier to trace any malicious activity.
It’s worth reminding everyone to be mindful of clicking or tapping on hyperlinks offered through email, SMS or chat software (such as WeChat, Twitter, or Facebook Messenger) from a source that you can not confirm. Hyperlinks can be made to look like they come from one URL or trusted domain name but actually route you to a look-a-like destination, likely prompting you for some kind of account information.
In addition, make sure that your accounts use unique, long passwords made of letters, numbers and symbols. I recently had my Twitter account stolen because hackers got my login information from one source and tried it on other applications and got through.
If not for my connections at Twitter, it’s highly likely I would have lost that account forever. Uff-da, that was a hard lesson learned. There are applications like 1Password and LastPass that can help you create very secure passwords and manage them for you across devices.
If you have any questions about security measures at LexBlog, please reach out to our Customer Success team via email at email@example.com or by telephone at 1-800-913-0988.