What you must know about preventing website hacks in Singapore

The Infocomm Development Authority of Singapore has warned all government bodies, government-linked entities or anyone remotely related to the public sector to be on heightened alert for targeted cyber-attacks from the Anonymous collective. Here is some further information about this potential threat.

The truth about hacktivists is that you’ll never really know if your website is a target. In June ’13, Eu Yan Seng (traditional Chinese medicine suppliers) had their site hacked as a retaliation for the insinuation that Indonesia was to blame for the record-level haze in Singapore. 

In line with this warning, Dropmysite would like to make a public service announcement to all on taking additional measures to protect oneself from hacking attacks during and after these times.

The actions that need to be taken internally at all sites are the following:

• Update all User names and Passwords and delete unnecessary accounts immediately.

• Make sure that user names and passwords are secure with a mixture of alpha / numeric and capital letters

• Be vigilant in keeping internal security – for example: do not leave work stations unlocked and always log out

• Check DNS security with your DNS manager

• Please notify your admin of any unusual or suspicious site active. Also check your user access logs.

In addition, we recommend that all owners of websites consider the following actions:

• Update your username and password for any online system access

• Delete all non-important accounts

• Back up all content on your server (website, databases, emails and mobile content)

• Review website code for potential vulnerabilities – SQL injection, cross-site scripting, malware upload (see https://www.owasp.org/index.php/Top_10_2013-Top_10)

• Reach out to your DNS provider and confirm the integrity of your DNS server

• Keep track of physical access to offices and computer terminals, and remind users to log off after each session

At the end of the day, it is better to be safe then sorry. While the likelihood of your site being attacked is extremely low, these are some best practices that you can implement to ensure a peace of mind.