The folks at Pauldotcom recently posted 7 ways to not get hacked by Anonymous. The steps are good, but wanted to add something to it.
Yes, the first item should be, “Don’t be douchebags.” And further, don’t be an idiot. How many people go around punching hornet nests? If you do, it’s because that’s your job and you take precautions!
2. Tried and true CMS. I’d add that yes, you should maintain a tried-and-true CMS, but also make sure your web developers exercise restraint in the plugins/addons they include into the CMS, keep an inventory of which ones are included, keep up with new releases, and install new releases of those addins. There are many issues with poorly-made addons to these apps…
There are tons of other points and tips to make…but I’ll just stop there! This should further illustrate the difficulty in keeping up with IT/security these days, even in a “smaller” shop like HBGary Federal.