What is a factor to consider before sending sensitive information to a website?
Show
Security Tip (ST18-006)Original release date: November 01, 2018 | Last revised: June 30, 2020 Website security refers to the
protection of personal and organizational public-facing websites from cyberattacks. Why should I care about website security?Cyberattacks against public-facing websites—regardless of size—are common and may result in:
These threats affect all aspects of information security—confidentiality, integrity, and availability—and can gravely damage the reputation of the website and its owner. For example, organization and personal websites that fall victim to defacement, DoS, or data breach may experience financial loss due to eroded user trust or a decrease in website visitors. What steps can my organization take to protect against website attacks?There are multiple steps organizations and security professionals should take to properly secure their websites. Note: organizations should talk to their website hosting provider or managed service provider to discuss roles and responsibilities for implementing security measures. 1. Secure domain ecosystems.
Review CISA Emergency Directive 19-01 and CISA Cyber Insights: Mitigate DNS Infrastructure Tampering for more information. 2. Secure user accounts.
Review CISA Cyber Insights: Enhance Email and Web Security for more information. 3. Continuously scan for—and remediate—critical and high vulnerabilities.
Review CISA Emergency Directive 19-01 and CISA Cyber Insights: Remediate Vulnerabilities for Internet-Accessible Systems for more information. 4. Secure data in transit.
Review CISA Binding Operational Directive 18-01 and CISA Cyber Insights: Enhance Email and Web Security for more information. 5. Backup data.
6. Secure web applications.
7. Secure web servers.
What are some additional steps to protect against website attacks?
Additional InformationFor additional guidance, see:
Subscribe to Cybersecurity and Infrastructure Security Agency (CISA) Current Activities to stay current on the latest website technology vulnerabilities. Please share your thoughts. We recently updated our anonymous product survey; we'd welcome your feedback. What should you look for before submitting personal information on a website?Privacy policy – Before submitting your name, email address, or other personal information on a website, look for the site's privacy policy. This policy should state how the information will be used and whether or not the information will be distributed to other organizations.
What is most important to consider when transmitting organizational data?Communicate data securely
Individual messages are encrypted and re-encrypted multiple times by different computers in the process of transmitting the message to its destination. This system makes it more difficult for third parties to monitor Internet communications and to access message content.
What are the two factors used in twoTwo-factor authentication (2FA) is a security system that requires two separate, distinct forms of identification in order to access something. The first factor is a password and the second commonly includes a text with a code sent to your smartphone, or biometrics using your fingerprint, face, or retina.
What is twoTwo-factor authentication methods rely on a user providing a password as the first factor and a second, different factor -- usually either a security token or a biometric factor, such as a fingerprint or facial scan.
|