Come on, let’s all live in the real world: we’re all vulnerable. Really the only chance you have these days is to make it as difficult as possible for any potential hacker to get to your valuable data. First and foremost this means protecting your data in transit. Using secured connections to transmit data is crucial to any protection strategy. In web terms that means having an SSL certificate installed. There are some variations but most provide 128 or 256 bit encryption which has been relatively reliable, although security loopholes were recently discovered.
Fixed? Yes, but can we be sure. The heartbleed bug went undetected for some time. What else could be lurking out there that we haven’t discovered yet?
Secondly, protect sensitive data at rest. This means encrypting your database. We like to use AES256 encryption. It isn’t foolproof, but it is strong and recommended by everyone’s favorite secret organization, the NSA.
Third, protect your passwords. This means letting your staff know how important keeping this data safe. Don’t leave passwords out in the open and, for the love of everything holy, make them strong. “123456” is not a password (we feel we should not have to mention at this point, but still will, that “password” is not clever… and never was). Keep your passwords safe – sometimes it’s best to create a little song to remember it. Or if you have many passwords, create an algorithm to remember them by. For instance, use the name of the domain you’re accessing to configure a password. If you were logging into Livewiregeeks.com, you might use the L and S as the first two letters of your password, then add some variation, take the numerical representation of that letter and att that to the password. So for a domain called ABC.com, if might be AC321 (the numbers being C=3, B=2, A=1 , added together =5). As long as you remember the process of creating the password, you don’t have to remember anything else. Just looking at the domain will enable to to know the password.
Tedious? yes. Works? yes.