Why you need to keep a website secure from hackers

From David Graves at GWS Media

With the number of professional cyber-attacks increasing, protecting a website from those attacks has become essential for most businesses.

Cyber-criminals are probing day and night for weaknesses, looking to find an opportunity to exploit websites for financial gain. New vulnerabilities in popular software and systems are discovered regularly that could allow someone to seize control of your website.

So how do hackers make money from their activities, and why do they target such a wide range of sites?

They can try to extort money by threatening to take a site down at a busy period, costing vital sales. If you run a website which contains names and email addresses, such as a membership website, they may want to steal those personal customer details and use them for identity theft.

If you run an e-commerce website, you not only hold personal customer information, but you may also hold credit or debit card details, or (more likely) take those details on your site before they are transferred to a payment gateway. The opportunities to steal personal information and credit card numbers make e-commerce websites highly attractive to hackers, with the chance to sell that information on in the dark web or use it to make fraudulent online purchases.

Hackers can also sell access to compromised sites and servers, which can be used as part of a ‘bot-net’ to attack other websites, and overload them with spurious traffic ?so they disappear.

Hacked sites can also be used to distribute malware to visitors – infected computers are worth money to criminals too; or to host pages selling drugs or illegal items, taking advantage of the reputation your site has in Google to make their content visible, and earn money through hijacking it.

It can often take a long time to detect that a website has been hacked, and during that time the hacker may have used it for a variety of illegal purposes. They are good at covering their tracks, making it hard to see exactly what was done and how they gained access. A site that has been hacked once will often be hacked again, and it is better to improve your defences pre-emptively, than to hope you never have to face the costs of dealing with a hacked site, and the fall-out from that..

There are significant reputational risks as well – imagine having to explain to your customers that their privacy has been breached due to a lack of robust defences in place on your website, and that as a result their personal data (or credit card numbers) may now be in the hands of criminals, and will be sold on for a variety of illegal purposes.

In this event you may need to advise customers to change the passwords they use on other websites if they use the same password everywhere. You might even have to advise them to cancel their bank and credit cards and get them reissued, if there is evidence those are being used fraudulently. Criminals may also leverage personal information from a hacked website to launch further attacks in-person and over the phone, pretending to be from your bank or from HMRC.

So whatever size your organisation is, your website defences will need maintenance and protection against these threats – and that is something that needs to be monitored and reviewed regularly to ensure that it is effective.

As cyber-attacks become more sophisticated, you should be improving your website defences against attack. Cyber defences can take various different forms – as well as protecting the server your website is hosted on, you may need to take steps to protect any linked systems or backup servers, and the computers that staff or contractors use to update or modify your website can also be a weak link in the chain.

It is impossible to protect against every single vulnerability, but there are many things you can do, such as regular application of security updates, use of security endpoints, installing malware detection, rootkit detection and a web application firewall. Those will help protect your site against a range of threats, and installing file tamper detection can alert you to problems if something does happen.

If you want advice on any of these issues, or an assessment of security on your website, please contact us at GWS Media on 0117 9724835.

?David Graves, GWS Media 18/7/2023