4 Ways Your Website Could Get Hacked
It’s not enough having a shiny website you have to maintain it and keep it away from the hackers.
Small business owners (yes that could be you) are the most at risk, here is something for you to think about;
* 18% of small UK business have had their website hacked and this is growing
* 30,000 websites get hacked daily
* The average cost of a hack and data loss to a small business is £12,500. And, since online web traffic (e.g. from Google Search) is built on “trust” between websites, the reputation damage to a business over the long-term brand can be hundreds of thousands to several million .
* 77% of small businesses believe “that their company is safe from cyber threats like viruses and spyware” yet 83% of small business don’t take any formal cyber-security measures to prevent their website being hacked.
Sources:
** Report: https://www.inc.com/laura-montini/nsba-survey-cybersecurity.html?cid=sf01001
The above is just to give you a small indication of what could happen, hackers are becoming more sophisticated and trying out new methods that are faster and easier to implement.
Website hacked? What you could have done to prevent it.
At this stage if you are in the 83% bracket (not doing anything) you could spend a little time reading this and being prepared or just wait until some point in the future where you could be compromised and discover what trouble lies ahead.
Passwords
Attackers use comprehensive tools to scan for your website passwords, all it takes is the correct guess and they are in, so how do you prevent it?
* If you use a cms such as wordpress, drupal or joomla do not use the user name ‘admin’ change it to something more complicated.
* Do not use the same password twice, we know it’s difficult to remember every password you have but if you use something like Lastpass this software will challenge you on multiple passwords that are the same as other websites you log into.
* Use 2-Step verification, this allows you and only you to login using a second layer of credentials sent usually to a mobile phone, WordPress does this very well and you can have this up and running in minutes.
Missing Security Updates
If you own a car and don’t maintain it your bound to run into trouble one day, this is the same with websites that have CMS systems attached.
This is one of the easiest ways hackers can do the damage and cost you a small fortune.
So what do you need to keep updated?
* Web server software, if you run your own servers
* Content Management System. Example: security releases from WordPress, Drupal, and Joomla!.
* All plugins and add-ons you use on your site
Insecure Themes and Plugins
Plugins are great, they let you do more in less time and are usually free, however this is where the issues can start.
Too many plugins, out of date plugins and plugins that are not compatible with your version of CMS can really make your website grind to a halt.
Some ideas you may want to consider before you update and or install that amazing new plugin.
* Is it safe? You won’t believe how hackers can copy a plugin and inject some really bad code so your site becomes unusable
* Is the plugin you want to install current or supported by the latest CMS version? If the plugin is not updated regularly or not compatible with your latest CMS version please remove it immediately and source the correct one.
* Remove all files from your server This really helps two fold, the first way is the plugin if it’s infected could lie dormant for months and you won’t know how and when it will cause problems so best remove it all and secondly the CMS will speed up as there are less files to deal with, disabling the plugin is sometimes not enough.
Security policy holes
Are you a system admin or run your own website?
If so poor security polices can allow hackers to compromise your website.
You could manage this better by
* Not alllowing users to create weak passwords
* Not giving administrative access to users who don’t require it
* Not enabling HTTPS on your site and allowing users to sign in using HTTP
* Allowing file uploads from unauthenticated users, or with no type checking
Summary
Hopefully this helps you beat the hackers and let’s be honest they are not going away, if anything they are getting better at it so that’s why we recommend you consider the steps above and discover where you could be compromised before it is too late.