In the last few years, I’ve talked to many website owners and managers whose sites have been hacked. An overwhelming theme is that website owners don’t expect to be targeted. They’re cautious about locking their doors and setting their alarms for their homes, businesses, and even cars, but they didn’t perceive similar threats on the web.
Hackers aren’t just after the Target’s, Sony’s, and Home Depot’s of the world . Hackers come in all shapes and sizes, and so does their reasoning, and their goals. They’re typically smart, skilled people. You’ve almost certainly met someone that’s hacked a website or system, and had no idea. Below are a few examples of potential goals that a hacker may have in mind when targeting your business:
- Extortion – A hacker breaks into your hosting account, take your files and databases, wipes out any backups, and demand a ransom to return your files. This kind of hijacking can cripple your website, and leave you at the mercy of a thief.
- Theft – Some hackers are less confrontational. They will adjust your website so that sensitive information entered into your website will be copied to them. Whether this is credit card information, or even leads, it can put your business at big risk.
- Resources – Sometimes cars are stolen in order to go for a joyride rather than for monetary gain. Sometimes websites are broken into to use your hosting resources. Your hosting account could be used to send spam email addresses, or host other web content, such as for a phishing scam.
- Malware & Injections – Some hackers will forward your website visitors to their own website, or load Malware into your website, so that your potential customers and clients download a virus automatically.
- Competition or Vendetta – Whether you realize it or not, someone may consider you or your business as an enemy, giving them all the reason that they believe they need to try to disrupt your business. In some cases, they may not break into your website, but rather, bombard it with traffic, slowing your website down to a halt.
- Political or Social Activism – Some hackers will replace your website with messaging that they feel is important. Much like graffiti, it can have a positive or negative message, but is disruptive to your business.
- Fun – Hacking is a puzzle. Many hackers will describe the act as similar to playing a video game. It’s a remote attack, in which the perpetrators don’t necessarily see or think about the damage that they may be causing you, your customers, your employees. Some people hack for a living, and others do it in their spare time as a challenge. Like most vandals, they may not see the harm in it, or they may relish it. In some corners of the internet, some hackers even compete – vying to prove their skills to others in the hacking community.
These are just a few major examples. The reasons that a website gets hacked are not always easily apparent, and depending on the hacker, the results are not always immediately apparent. Your site can be compromised, and you may easily be unaware.
We highly recommend taking action to protect your website proactively. This can include steps such as:
- Making sure that your PC’s, mobile devices, and email accounts are protected. Use strong passwords and make sure antivirus software is running and up to date. If a hacker can steal your passwords from your device or inbox, your site can easily be compromised.
- Update all of your hosting logins and website admin logins frequently, and use strong usernames and passwords.
- Keep hosting software and website software, including plugins, up to date. When new versions or security patches become available, hackers know that any site that hasn’t been patched is vulnerable, and know exactly where and how to strike.
- Only install what you need. The more plugins in your website, the more potential points-of-entry that you’ll be giving hackers. In some cases, you may even want to forgo a content management system if you don’t plan to update your site often.
- Use firewalling and other security measures to deter hackers. When possible, lock down your website backend access to only the IP addresses of your business and/or your web developers offices.
- Use a service to regularly scan your website for possible malware or other signs of hacking
- Keep off site backups. Many hosts offer this service with your hosting plan, or for an additional fee. It’s always a good idea to check to make sure that your backups are indeed in good order.
Should your site be compromised, reach out to law enforcement, but don’t expect the authorities to protect you from hackers or bring the culprits to justice. Overall, these crimes are too numerous, too remote, too hard to trace, and hopefully not “grand” enough for local or national law enforcement to prioritize. In most cases, it will be treated like a petty crime, with no recourse through traditional policing organizations. We hope that this changes, but it’s one of the main reason that hackers can be so brazen. Certain types of hacks, such as those that involve stolen credit cards, or hate messaging, will very likely get more attention from law enforcement.
In some cases, you’ll have to spend a few dollars more each month in order to better protect your website. Think of it like insurance. What will it cost you if your website is compromised in time, money, and liability? Since your website needs to remain available to the public, security will always be an issue, but an ounce of prevention is worth a pound of cure. Remember, hackers are people too! If your website is more secure than others, most hackers won’t bother with it. They’ll move on to easier targets.
– Robert Rand