My talk at EntreFest 2019 focused on security tips for entrepreneurs and outlined my own top 4 priorities (in no particular order) for new or small security programs: Data security, Phishing Education, Patch Management, and Password Security. As a compliment to this talk, I've created this short resource guide for free materials relating to the content of that talk. It's far from comprehensive, but might at least prove to be a helpful starting point.
I personally try to stay away from using Wordpress because I find that it can be difficult to keep up with the security if one requires the use of a lot of plugins. However, if WordPress is your product of choice like it is for Malley's Chocolates, there are materials out that cover exactly how to make sure your site is secure.
OWASP Security Implementation Guide
How To Clean A Hacked Wordpress Site by Sucuri
Alternatives To Wordpress
I asked some of my more web development focused friends what they felt were suitable alternatives to WordPress.
Amazon S3 Bucket
The idea of properly backing up data becomes especially important following a ransomware attack, like the one discussed during my talk.
Auth0's What Is Data Security Blog
Reddit's r/DataHoarders subReddit has a very detailed post about data backups and the do's and don'ts for backing up data.
Take a look at how to backup data natively in Windows and on a Mac
Properly educating staff to spot a phish can save a lot of headache. Phishing is one of the easiest ways to deliver malware to a computer and potentially infect a network.
If you'd like to brush up on some really interesting phishing facts check out this list from Phishing Box
Google Phishing Test
TrendMicro Phish Insight This product is free for up to 20 users
Enabling Automatic Updates
If you need some convincing about how enabling automatic updates are important, Troy Hunt, respected security research and Microsoft MVP, wrote a really good blog post about it in 2017.
Patch Tuesday refers to the day that Microsoft releases it's patches for its operating system and various applications. If you have a lot of systems to manage, keeping up with what's released on Patch Tuesday can be extremely useful.
Patching Server OS
If you're using a product such as AWS to host your application, you're most likely responsible for being sure the system your application sits on (such as RedHat or Ubuntu) is patched.
AWS has documentation about its patch manager but other services, such as Google Cloud, leave the responsibility to keep their VMs patched in the hands of the customer.
Where applicable, enable multifactor authetication. Many popular social media platforms offer some form of multi-factor authentication.
If you need more security than multi-factor authentication using email or text messages, check out YubiKey or Google Authenticator.