How To Protect Your Business Website from Hacking and Malware

Cyber attacks cost small and medium-size businesses an average of $188,242 each year, according to a Symantec/NCSA report, and almost two-thirds of victimized companies are forced out of business within six months of being attacked as a result of being unable to cope with these attacks.

How To Spot A Hack

Here are some of the most common symptoms that would reveal the possibility of hacking:

  • Website vandalization:  Your homepage or entire website may have been visually changed by non-authorized individuals.
  • You can’t log in to administrative areas: If you’re logging in with the correct login credentials and find yourself locked out  then it’s likely that your login credentials have been compromised.
  • Watch for warning signs: You have received warnings from your local machine’s antivirus/browser of viruses.
  • Search engine notifications: A search engine notifies you that your site may have been compromised – or your website’s search results show incorrect information. For example, your website is advertising products that are not yours.
  • Email hijacking: All your contacts have received distress emails supposedly from you, stranded in Africa.
  • Traffic redirection: There’s a rapid drop or rise in your traffic.

Just because you’re not experiencing any of these symptoms does not confirm your website is safe. It is always good practice to routinely audit the security of your website.

It’s also possible for hacks on your website to remain undetected for years.  Any security breach that compromises the data or user interaction of your website could be detrimental to your business. In fact, the majority of security breaches do not attempt to steal your data or deface your website, they are not visible to the ‘naked eye’. The most common hacks use your server as an email relay for spam, or to setup a temporary web server, normally to serve files of an illegal nature. Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known security issues in software.

According to a 2012 nationwide study of small businesses by the digital security firm Symantec and the National Cyber Security Alliance (NCSA), 83 percent of small businesses have no formal cyber security plan, while 69 percent lack even an informal one. Meanwhile, 71 percent of small businesses are dependent on the Internet for daily operations, yet most small business owners still believe that data hacks are isolated incidents that won’t have an impact on their business.

But they couldn’t be more wrong!

How To Prevent A Cyber Attack

Here are some simple best practices recommendations to follow to prevent your website from being a hacker target.

  • Regularly schedule preventative security audits. These will help prevent such attacks from successfully occurring.

  • Be password savvy – never reuse the same password for multiple accounts. Don’t use common words like ‘admin’ or make your password ‘12345.’ Only share passwords wisely with other trusted individuals via a password apps such as LastPass or 1Password. Don’t send sensitive information via email or other unsecured messaging system.  Use unique usernames and passwords for different areas of your website. For example: use a different usernames and passwords for your database account, FTP, and cPanel accounts, etc.

  • Keep scripts updated. Regularly check to make sure scripts are the latest versions. New versions of scripts often have upgraded security and security flaw fixes.

  • Routinely backup all the content on your website. Keeping regular backups will ensure you always have the latest clean copy of your website in case a hack does occur.

My Website’s Been Hacked… What Do I Do Now?

As a responsible business owner, you should let others know your site has been hacked. You should inform your hosting provider, webmaster, website designer or developer, as well alert your website visitors.  This is critical to preventing further damage by essentially quarantining your website from the rest of the web, if possible.

At this point, you will likely need to contact a specialist in web development.  If you contact the team at Executionists, we will run security scans and review the site code to see the extent of the hack. If we can identify the entry point, such as an out-of-date plugin or script, we will remove and update it. We will systematically go through all site files including the database to remove malicious code. If the hack is too extensive, we will see if there is a clean backup that we can upload to replace the website. If no backup is available, we save the content we can, and reinstall a fresh copy of your framework – basically rebuilding the website. We may also recommend moving to a different server if we find that other sites on the server have also been compromised.

Contact Executionists today to discuss our website maintenance packages to ensure your business website is more secure against hackers, malware and breaches.

by admin
Posted: December 4, 2013