July 17, 2017
Website hacks were up 32 percent in 2016 compared to 2015. That means hackers are getting more sophisticated, and business owners have to be even more diligent than they’ve been thus far.
Not Worried About Being Hacked? You Should Be
If you think being a small website means you’re immune to attacks just because you don’t have anything of interest to offer hackers – think again. As of March 2016, Google reports more than 50 million websites greet users with some sort of warning about malicious software.
Think you’re too big and important to be hacked? Think again. Recently, Facebook founder Mark Zuckerberg went back to Harvard – the school he dropped out of to focus on the social network – to deliver the commencement speech.
He returned to find the school newspaper’s website hacked, full of crazy headlines and photoshopped photos of himself. The nonsensical headlines read:
- “Mark Zoinkerburg At It Again,”
- “BREAKING: Mork Zinkletink Zonks All Over The Internet,”
- “Oops: Mink Pinklebink Accidentally ‘Likes’ Own Commencement Speech.”
Initially, it was thought to be a graduation day prank via the paper’s staff, but it was the newspaper’s president who confirmed it was indeed a hack.
The moral of the story is – no matter what kind of website you’re running, no matter the size or the age, you’re always at risk for a hack. You need to make sure you’re protecting your site by implementing all of the best practices below.
Choose a Secure Web Host
Web hosts vary greatly in how secure they are. Shared Web hosting is the most affordable option, since you’re sharing server space with countless other websites. But, that affordability comes at the cost of security in many cases.
Virtual Private Server (VPS) hosting is a middle-ground option where you’re still technically sharing a server with other websites, but you’re each given flexibility as if you were all running on a dedicated server. Dedicated hosting means that you’re the only website on the server, so it of course it comes at a premium.
To provide more security, but still keep costs relatively manageable, many web hosts are now offering managed WordPress hosting, which is similar to shared hosting. But by having them manage the WordPress installation itself, they can help avoid security breaches.
Lock Down Your Passwords
It’s easy to come up with a password you think no one can guess, but hackers use automated systems to test password after password until they finally get it right. It’s easy to use the same password for everything, but never a good idea. If someone hacks your Facebook – they’ve got your email address from your login – and now they can test it to get into your e-mail. Voila. It works, and now they can really wreak havoc.
It’s possible to create a password that’s easy to remember, but keep it different for each account. Create a root word but spell it using capital letters, numbers, and symbols. Then place something – like the first three letters of the account GMA for Gmail, FAC for Facebook, and so on. This way the passwords remain different, but you have an easy way to remember them all.
Make sure all your employees know the importance of setting strong passwords. The use of a password manager program is entirely up to you, but if the master password gets hacked, hackers would then have access to all of your passwords.
Evaluate Your Current Security Policy
Take a look at your company’s current security policy. Make sure everyone – IT staff, employees, and management are all aware of their responsibilities and what is expected of them. Train them on:
- Password usage;
- Browsing habits;
- Confidential data;
- Company data that must not be shared outside of the company;
- Data that is safe to send outside of the company.
Make sure you have a system that helps find vulnerabilities so you can catch them before hackers do. That system should also have a plan in place for managing installation of patches to close the potential hacking holes before the hackers can get in.
Your security policy should cover how you’ll respond to incidents, acceptable use, and how compliance will be monitored. The cause of the majority of security breaches is employee error. Enticing employees to click on a link or open a document containing a trojan virus are the easiest ways for a hacker to gain access.
New malware is developed continually. It’s important to keep everything up-to-date on your system – the computer software itself, your anti-virus software, your WordPress and plugins, and all apps. That includes applications your employees use personally as well as those provided by your company.
When you fall behind on those updates, you’re leaving yourself vulnerable to attack. Add your website to Google Search Console to ensure you’re getting messages directly from Google. They’ll notify you if they detect malicious code on your website.
What to Do If You’re Hacked
If you do discover you’ve been the victim of a security breach, acting swiftly is key. The longer you wait to address the issue, the worse it will likely be in the end. The average data breach costs businesses $4 million, up 29 percent since 2013.
Acting quickly stops the bleeding, allowing you to focus on repairing the issue. Disconnect from the Internet and any corporate intranet immediately to prevent infections from spreading. Assess the damage, and create a plan of action.
Web Security Expands with IoT
Web security work is never done. As the Internet of Things (IoT) expands and devices including beds, appliances, watches, and cars get connected to the Internet, security concerns become more widespread. It is important to stay abreast of what’s happening with your computer systems and websites.