Website Hacking and Your Business
In business, a website is one of the most important tools for commerce. Websites represent the company, and are an important part of marketing. Websites allow visitors to see valuable details such as business hours, contact information and even purchase products or services. Unfortunately, like street signs or billboard advertising, websites can be defaced through hacking. Website hacking is a problem many companies have encountered, and causes frustration for both customers and the business itself.
Website hacking is more common than you may think, and can happen with varying degrees of severity. In some cases a site may have its pages changed so that advertisements are displayed, or allow malicious software to be installed on a visitor’s computer. Sometimes the whole website may be replaced with a page displaying a message or graphic, often with social or political meanings. Hackers want to bring down sites for notoriety among peers. Hacked sites not only give the hacker a badge of honor, they may even be paid to do it. A hacked web server can be used to distribute malware or to disrupt other websites in DDoS (distributed denial of service attacks), thereby generating money for the hacker.
Know Your Vulnerability
Websites can be compromised through a variety of methods. Simple passwords are one way your website can get hacked. All websites have an administrative backend that programmers use to update webpages and administer the site. Hackers use programs that automate the process of entering a username and password, and draw from a database list of common passwords to try and guess what it is. These are known as “brute force” attacks, relating to the method of continually trying different passwords until one works.
Another method hacker’s use is finding security holes in a webserver. The computer servers that run a website use software programs to display webpages, and these programs may have known security flaws. Using sophisticated tools, a hacker can probe the site and find insecure areas that allow easy access to the inner workings. Once a hacker has access, they can change the webpage to display or do whatever they want.
Spyware is yet another way hackers can gain access to a website. By installing spyware on a computer, a hacker can capture usernames and passwords, some of which may be used to access a website. If a web developer or administrative user uses a computer infected with spyware, those credentials may be stolen for this purpose.
What You Can Do
There is no sure fire way to prevent a website hacking, but there are some things that can be done to reduce the chances.
Use a website monitoring and security scanning service. These services can do everything from monitoring a website for unauthorized changes, to complete backup and restore solutions. Many also offer security scanning, which can report any known vulnerabilities and allow you to correct them before a hacker exploits it. SiteLock (https://www.sitelock.com/) is one company that offers this service.
Keep your workstations secure. Using up to date antivirus, antimalware and keeping operating systems up to date can help reduce the chances of spyware finding its way onto your system. Scan your computer for malware regularly.
Keep website servers updated. Websites are stored on computer servers and are run with specialized software. These software packages have routine updates that include security as well as functionality improvements. Keeping these packages up to date is one way to close any exploits a hacker may use to access the site. In most cases, your web developer or web hosting company will need to do this.
Keep backups of your website. Work with your web developer or web hosting company to make sure sites are routinely backed up. If your site is ever compromised, this will help get it back up quickly.
Use complex passwords. For anything that requires a password, use a complex password that’s not easy to guess. A mix of upper and lowercase letters, along with numbers and non-alpha characters like $, #, or @ as examples. Also, longer passwords are more secure – 8 characters at a minimum.
Monitor for unauthorized access. Find out if you can be alerted by email or text message to login attempts, either successful or unsuccessful. This may tip you off to a hacker attempting to break into your website.