Crucial Security Practices – User Workstation
In terms of vital security practices for users, Jolt.co.uk recommends basic rules for clients to follow. Protecting your workstation, computer, and other devices will help prevent problems caused by stolen passwords to FTP, web hosting account, website backend, and others.
We have encountered several cases when users’ workstations were infected with viruses that pilfer FTP passwords. This type of malware usually works like this:
- You go to a website infected with malware or virus. Alternately, malware code is added to web pages on purpose. In many cases, websites are hacked and the website owner does not even know it happened.
- The virus is automatically and plainly downloaded to your PC.
- The virus will probe to determine if FTP client software is installed on the PC. It will check if the “Save Password” feature is used in the software and/or if passwords are stored.
- Once the virus finds passwords, it will send all credentials (logins, passwords, etc) to a third-party server controlled by hackers.
- An automated FTP connection is created using stolen information. This connection will download any .html or .php files from the target server (or your FTP account).
- Downloaded files are modified by malicious HTML/PHP codes that spread the virus further. These affected files are re-uploaded to the target server.
- You website will begin infecting PCs of your visitors with viruses and malicious software.
- Once Google spots this, your website will be marked with “This site may harm your computer” tag. This affects the reputation of your website and does more harm until the infected content is removed.
Actually, this is only one of the potential scenarios. Imagine if in addition to the above, your PC or website sends SPAM or steals sensitive information from users.
These problems can be averted by following these rules:
- Check and install updates available in your operating system. If possible, make sure your operating system downloads and installs updates automatically.
- Make sure you have antivirus/anti-malware software installed and set for automatic updates.
- Scan your PC for viruses and malware at least once every four weeks.
- Review the latest updates available for your browser, FTP client, email client, and other software. Install these updates.
- Update Adobe Flash player to the latest version and set for automatic updates.
- Consider deleting all passwords in your FTP client, browser, and emails. Do not use the “Save Password” function. Instead, opt for special software that stores passwords and other sensitive data in encrypted form (Last Pass or KeePass).
- Change your passwords (FTP, email, cPanel and other passwords) often. We recommend using password generators to make passwords difficult to guess.
- Never store your passwords or any other sensitive data in text or MS Word documents even if these are secure.
These steps might seem either simple, or tedious; however, they will help ensure the safety of your and your customer’s sensitive information.