Website cyber-attacks are a growing problem for all types of websites. It’s no longer a matter of if an attack will happen – it’s only a matter of when.
So what would you do if your website was suddenly taken out of action? Or compromised in some way?
Your company website is one of your most important communication tools.
People can look up your business in the palm of their hand at any time, day or night. So if your website suddenly becomes unavailable or is hacked in some way, it can cause all sorts of problems, not just for your website and its visitors, but for your business as a whole.
There could be data and identity theft, loss of intellectual property, damaged brand reputation, general disruption and an erosion of customer confidence leading to a downturn in sales.
It’s important for all website operators to understand the threats they face, the harm these threats can cause, and how to take preventative measures to protect their investment.
I don’t handle any credit cards on my website, so why would my site be targeted?
Whilst stealing credit card information is one of the most common reasons for website being hacked, there is potential value in your websites classified information. A couple of examples are;
- To obtain contact information that can be sold on, to unethical marketers
- To steal usernames and passwords
- To send SPAM to website visitors and any other users registered with your website
What types of security threats are there?
Let’s look at some of the most common threats facing your website and what can be done to prevent them.
1. Malware
Malware is a code or script installed by a hacker to disrupt the website or collect personal data.
Website malware infection may be from a brute force attack or added through a vulnerability in the website’s admin system.
Out-of-date themes or plugins are another common way for websites to become infected.
If your website becomes infected with malware, Google will, most likely, detect it and display a message in its search engine results pages, saying your site is infected. Approximately 20,000 websites a week are blacklisted by Google.
This could harm your position in the search results, damage your reputation and put off potential website visitors.
2. Ransomware
Ransomware is one of the most common cyber-attacks, and can hit many thousands of businesses each year. It’s a specific type of malware that encrypts a website, then demands the website owner pays a ransom to get the website files restored. Even if you pay the ransomware amount, your website may remain disabled.
3. Phishing
Phishing is one of the cheapest and easiest methods used by hackers to trick individuals into entering and sharing private data. The goal is to get people to click a link, or download and open an attachment. For that reason, it’s important never to click links or open attachments from people you don’t know.
4. Brute Force
A brute force attack basically involves hackers ‘guessing’ usernames and passwords to ‘force’ their way into a website’s files or content management system. Hackers can use ‘bots’ or just work through multiple combinations hoping to guess correctly.
Brute force is simple but effective. A successful attempt can take a matter of minutes, particularly if you have short, simple admin credentials.
Preventing attacks
To prevent such attacks, it’s important to regularly maintain and keep your website files up-to-date.
Here’s a list of some of the main things that need to be done.
- Check passwords and logins are secure
- Ensure coding and plugins are updated regularly
- Use a firewall to protect your website and prevent unauthorised access.
- Regularly scan for malware
- Monitor activity for suspicious logins and file uploads
If all that sound a bit daunting, don’t worry. There are many companies offering website care and maintenance packages that will handle everything for you and keep your website running smoothly.