With an estimated 30,000 websites being hacked every single day, there’s a good chance that cyber criminals have already exploited vulnerabilities in your website without you even knowing. The business impacts can be far reaching.
There are lots of warnings about the dangers of hackers gaining access to websites, but they may not be being heard, especially by the SME business community.
When commissioning a web developer to build a new website, much of the focus is on the look, feel, technical capabilities, user experience and making sure it ‘ranks’ well in Internet search engines like Google, Yahoo and Bing. That’s certainly where our emphasis was placed when we were getting the Remsol website built.
But securing your new website? It’ll come with all the necessary security features built in won’t it, because web developers are alert to the problem of hacking?
Well, no, not necessarily. It’s like anything, if you don’t specify it, it probably won’t feature in your website, leaving you exposed.
The consequences of a hacked website
There are a lot of misconceptions about website hacking.
The assumption seems to be that only the websites of very large companies will be targets of hackers, and that hackers will primarily be seeking to steal personal data – particularly financial data, such as credit card details – from e-commerce websites.
Whilst it’s true that the e-commerce websites of big companies will inevitably be attractive targets for cyber criminals, website hacking is as much to do with distributing harmful code and malware, and that means that any website will do, even that of a micro business employing just a handful of people.
In fact, because smaller companies are much less likely to have the technical and financial capability to deploy sophisticated Internet security measures, there’s a good chance that hackers will deliberately seek them out.
Either way, the consequences can be severe.
For a start, if sensitive and confidential is stolen, and you haven’t taken sufficient steps to secure it, you could find you’re in breach of data protection rules and subject to regulatory enforcement.
Your reputation could suffer in a number of ways, whether because your customers affected by a security breach start to share negative comments about you on social media, or because it’s picked up by the press, or because your site is found to be distributing malware. And, as we all know, a good business reputation is something to treasure.
If search engines like Google come to see your site as a carrier for malware, then they’ll see to it that you stop appearing in search results, meaning potential customers may no longer find you…
And perhaps the most significant consequence of all is that every day spent trying to recover from having your website hacked is a day you’re distracted from the pursuit of growth in your business.
So, what can you do about it?
Protecting your website and your growth
First up, make sure you have strong passwords protecting the back end of your website.
Secondly, you need to regularly back-up your website and its accompanying database so that, if you encounter a problem, you can restore your site more easily. This is especially important for large, complex websites that you update regularly with fresh content.
Thirdly, you need to install the regular updates to the Content Management System (CMS) that sits behind your website, like WordPress, and associated plug-ins – these often contain not only bug fixes but important security patches. But make sure you’ve got a back-up first because you can experience compatibility problems following CMS updates, and if they’re not easily fixed straight away, you may want to restore a clean copy of your website from before your latest upgrade.
Fourthly, if you do transfer sensitive personal and financial information, make sure it’s encrypted using SSL.
Lastly, protect your website with software. We do, and as well as guarding against malware, it also monitors for log in attempts. On average, we get about 50 a day, where someone tries a variety of username and password combinations to try and break-in.
What to do if you get hacked
Keep calm. Distressing thought it will be, getting worked up about it isn’t going to help you.
Report it. If there’s a clear theft of data, report it to the police and Action Fraud straight away. Also, if you think people’s personal details may have been stolen, report it to the Information Commissioner’s Office (ICO) as a potential security breach.
Alert people that could be affected. If customer information has been accessed or stolen, and if those customers might be compromised somehow, you need to contact them and let them know. Tell them that you’re sorry it’s happened, what steps you’re taking to prevent a recurrence and give advice on steps they can take to limit the damage – like changing passwords on other online accounts etc. Signpost them to other useful resources.
Beyond these initial steps, you’ll need to think about how you’ll recover your website (if, for instance, you’ve been locked out of your control panel), how you’ll disinfect it, and how you’ll stop it happening again.
If you haven’t already done so, cyber attacks on your website should be added to the list of things that could go wrong in your business and be part of your crisis plan.
Was this helpful? If so, please share it and add your comments below.