Web sites all over the world are hacked daily. It is a fact of life. Website security is something every business of every size should pay attention to. There are plenty of steps you can take to make sure you are not a victim. The first step is simply to recognize YOU can be a victim and that your business is vulnerable. Saying it will never happen to your little business is not an effective defense. Too many small and even medium sized business owners will often tell us that nobody will hack their little business because nobody cares enough about them to waste the time and energy to do that. Sometimes they will add that they don’t accept online payments or have anything valuable on their site worth a hacker’s attention. Unfortunately, they are wrong on just about every point.
Hackers Automate Their Attacks
The first mistake they are making is assuming a hacker is some bad guy sitting behind a computer in a dark basement somewhere trolling the web searching for victims one by one. They have the mistaken belief that this hoody wearing individual with dark glasses shown in commericals and ads is searching for bigger more impressive targets like a bank or government office. That is where they are wrong.
Hackers often write a program that has their tools built in along with their attack virus. This “bot” will automatically go out and comb the web searching out web sites and looking for vulnerabilities. The program or bot doesn’t care if you have a small business or are a large bank. It is simply searching for vulnerabilities on ANY web site it comes across and if it finds one, it exploits it. These bots don’t stop to evaluate a target and determine if it is worth their time to hack. It simply searches and operates on a search and destroy protocol. No matter what size or where your business is located if this bot finds a weakness it is programmed to attack. Website security is NOT just for large multinational companies, banks, or governments. If the bot finds a weakness in the code or hosting server it will inject its viral payload and the destruction begins.
Hackers Attack ALL Types of Sites
The second mistake business owners make is that they believe that if they don’t accept online payments or the web site isn’t connected to their accounting system or bank account they are safe. These business owners reason that their little ole web site has nothing of value on it worth a hacker’s effort; therefore web site security is the last thing they bother to think about. Web sites, even small ones, that simply advertise the basics about your business like your location, phone and basic information about your services and products are a target. The traffic you generate is the target. Hacker’s will simply hijack your web site and direct all the people that go there to another web site where they will try and lure the person into buying another product or falling for a scam. Your customers coming to your web site are enough incentive to have a hacker attack you.
If you say your web site also doesn’t have any traffic, well, you have other problems besides website security, but that is an article for another day.
I have a small manufacturing client that has a website that is purely informational. You can’t order from the site and the only information it contains is publicly available product information. In addition, they are a small business in a field far removed from finance or government which are the targets most sought out by hackers. Out of the blue a hacker sent a bot attack against my client’s website in force. This hacker wasn’t sitting there personally and attempting to hack the site he used an army of small programs called bots and simply led the attack. This attack went on for days. Fortunately we had solid website security that held them at bay until we could finally end their attack. If this hacker had gained access they would have likely destroyed the site just out of spite.
Malware is Sneaky and Not Easily Detectable
Some will argue that if a hacker did this they would spot it. They claim they go out and look over their site every day or week and would see if a hacker is redirecting people to another web site. Only they won’t.
Hackers are devious programmers and knowing that people sometimes check their own sites they write a redirect program that will NOT redirect you if you type in your web site address, i.e. www.mywebsite.com but rather will redirect people that find your listing in a search engine and click on the listing to visit your site or worse a pay to click ad where it cost you money every time a hijacked visitor is sent somewhere else. Those unsuspecting customers will then step into the hacker’s trap and be redirected to the spam site. These insidious programs can live for months or even years undetected all the while stealing people that should be your customers and sending them somewhere else.
If a hacker pulls traffic from your web site and redirects them to a spam or scam website and your visitor is harmed they may even try and take legal action against you. Remember they don’t understand what happened. They believe they went to YOUR site, but then were hacked themselves and became the victim of a scam and may try and hold YOU accountable. Even if you are able to beat a lawsuit how much time and money will you waste in legal fees? You will never need to find out if you simply boost your website security and hire the right webmaster.
Would you spend money to buy TV or radio advertising if you knew that instead of putting your phone number or business name on the ad the advertiser would instead put your competitor’s info on the ad you paid for? Of course not, so why would you tolerate the same behavior on your web site? We have even seen nasty viruses that penetrated a list of products on a site and when people searched for certain products it re-directed them to a competitor and their website instead of keeping that hard-won traffic on their own site.
Have a Website Security Plan to Protect Yourself
ALL businesses need to be aware they are a target and implement website security protocols and plans to secure their site. Proative steps you can take include:
- Maintain a Current SSL
- Use Malware Scanners Daily
- Install & Run Website Security Software
- Update Web Site Code and Plugins
- Use a Quality CDN (Content Delivery Network)
- Maintain Regular Backups
If these measures fail and you are still hacked having a professional web developer that is already familiar with your site is a must. If you have to call a web developer that is not savvy on web site security or is not familiar with your site you are losing valuable time. Having a website security and recovery plan in place to recover from a hack or malware is also critical. A developer familiar with your site will allow them to act quickly to reverse the damage without wasting critical time learning how your site was put together. They are able to work quickly to find and remove the malware or restore from a backup if it becomes necessary and get you back up quickly with minimal impact to your bottom line.
Whatever you do just realize that no matter how small your business YOU are a target. You need to take proactive steps to protect your digital assets now, before a hacker finds and exploits a weakness you didn’t know you even had. We can provide a free evaluation of your site and point out vulnerabilities. If you would like to schedule this free consultation and set up a time to talk.
