In the table below, I discuss a set of general security risks and provide advice on how you may wish to handle them.
Security questions and answers
Are you the computer security expert?
You better be! It is critical you learn all you can about security, even if all you ever need those new skills for is to let yourself back into a system you've locked yourself out of.
Yes, I have locked myself out before and those hacking skills did come in handy. They also proved that my system needed a little work. I thought I had a reasonably secure system. I sealed up the holes I came through after the fact, but I would never have thought about them until I had to break into my own system. I suggest you forget your password occasionally and test your systems out yourself. Be sure to try hacking your users' accounts as well. Don't leave any weak links unsealed.
Do you or your customers have an outside expert?
Computer security experts have a variety of skills. Be wary of anyone who says they know it all. The last "expert" sent to me by a major company started quizzing me about firewall ratings one day in front of a Web customer and an ISP's engineers. There was more than a bit of laughter when the "most expert" security person this company had to offer explained that he didn't know much about those (electronic or software) kind of firewalls, he was wondering how long it would take fire to burn through the walls and at what temperature.
Where is your written computer and security policy manual?
A written manual is a double-edged sword. Writing it is necessary to completely develop a policy capable of handling all security requirements. Just by defining all the requirements the Webmaster can, probably for the first time ever, know all that needs securing. Of course, documenting all your security requirements and how to mitigate risks can give someone a recipe for hacking your site.
Is the security and computer policy manual protected from unauthorized prying eyes?