Think you’ll never get your website hacked? Think again.
Website Hacked ? – Find your website has been hacked and blacklisted ? Then unfortunately you are another victim of a hugely lucrative, and highly prevalent new cybercrime wave that is sweeping the internet. The worst way a small business can respond is to think they’re safely off the cybercriminals’ radar.
Here’s the lowdown on website hacks, avoiding a breach, and making sure it’s not already happened without you realising.
High-profile website hacks
Last year, LinkedIn and Yahoo were among the big names to reveal they had been subject to website hacks. We’re now barely a quarter of the way through 2017, and the news stories continue. The Association of British Travel Agents recently found their website hacks, potentially affecting around 43,000 individuals . Around 1,000 files including personal identity information may have been involved.
Aside from dealing with the costly and often unpleasant consequences of the theft of personal information (just ask Hogwarts alumnus Emma Watson about her private images which were recently stolen), such website hacks can be incredibly damaging to a business’ reputation. Just one breach can result in a debilitating decline in customers.
But surely no one would hack your website ?
It’s tempting to kid ourselves that website hackers are most interested in exploiting big businesses. However the most recent Government Security Breaches Survey revealed that around 74% of small organisations had reported a security breach such as having their website hacks. The number was a 60% rise on the previous year, and is likely to have risen again since.
The reason is this: cybercriminals often aim to steal data and intellectual property (IP), which they can then ransom back to companies or threaten to sell on the black market. They could target heavyweight businesses – who are more likely to have robust security measures in place – or they could target several smaller businesses who are less likely to have appropriate defences, simply because they never expect it to happen to them.
Here’s another important factor: What software is your website built with? Joomla? Drupal? WordPress? Magento? While these and other available Content Management Systems (CMS) are hugely reputable, and excellent for small businesses who need an easy, off-the-shelf web presence, they can also leave you open to attack. A website hacks via a vulnerability associated with one CMS could mean similar weaknesses in other sites that use that same CMS.
Education is key
It’s an unwelcome fact that a breach in your business often starts with an employee. Hackers can access heaps of personal information about an individual thanks to the presence of personal profiles on Facebook, LinkedIn, Twitter etc. Using this data they can build a reasonable profile of any one of your employees and target them with an email containing malicious code. Just one click on a link or attachment can compromise your entire business’ system.
The problem is intensified with the growing Bring Your Own Device (BYOD) culture where companies promote working flexibility by allowing employees to use their own smartphones and tablets, connected to company networks. Letting your staff know the best practices and expected behaviour around information security is critical to protecting your business.
Are you sure you've not had your website hacked?
Perhaps the most damaging mistake a small company can make is to assume they haven’t already had their website hacked. It can often be undetectable for some time. Fortunately there are easy-to-use online tools such as this one that can scan your site for free. Solutions can be quick to implement too. If you find your website hacked, we can usually fix it within an hour.
The way to avoid a data breach/hackers encrypting your whole site and holding you to ransom/ prevent reputational damage – isn’t to impulsively rebuild your whole website, change hosting companies, or stop employees from accessing work emails on their phones. Instead, you simply need to ensure you have the right security in place.