Every business owner is aware that cyber-attacks are on the rise but many still think that it won’t happen to them because their business is too small & that hackers are only interested in taking down larger companies. however, hackers pose a real and very serious threat to small business owners and their websites; any business website can be the victim of a cyber-attack. I can tell you this year alone I have recovered 4 hacked websites, with the common factor being weak passwords or a compromised Microsoft or Gmail account that was connected with their domain registration or hosting account. Yet, many small businesses do not know what security measures they can take to protect their websites from hackers, or think that it will be too expensive.
The list below is by no means exhaustive but it gives us an idea of why these bad actors do what they do. It can feel like you have been personally violated if you have ever discovered your website has been hacked – why me? but it is a fact of life that websites get hacked and the list below will give us a better understanding of their motives:
SEO Spam – As every website owner knows the importance of SEO and acquiring quality backlinks (links from other websites to yours) is very beneficial, however hackers can install software on your website to generate thousands of links to their fraudulent websites to inflate it’s ranking temporarily, these types of spam links originating from your website will result in a Google penalty i.e your website ranking will be seriously crippled or removed altogether.
Phishing Pages – This is where the hacker may place a redirect on your website to a fake page which is designed to trick the user into entering their personal or financial information which could then be stolen and sold.
Sending Spam Emails – The hacker can use your domain email account(s) to send thousands of spam emails resulting in your web hosting shutting down your account or getting your email blacklisted and damaging your reputation.
To spread malware – Malicious software could be injected into your web pages or other downloadable assets compromising the end user’s system, although search engines like Google are pretty good at detecting these pages and will display a warning preventing a visitor from ever reaching your website if it is infected.
As a source of free Ads - Advertisers pay based on advertisement clicks & views, so hackers like to install those ads on a hacked website to ramp up their numbers & Ad revenue by generating thousands of Ad pages.
For practice or just to get a kick out of it - Some hackers do it to get their kicks & boast about it. Other bad actors carry out malicious attacks, just because they like destroying websites.
To Take Down A Competitor – Sometimes a competitor might pay someone to take out your website, for whatever reason these are insidious and destructive attacks.
It is an absolute necessity that all websites now have an SSL certificate installed to encrypt any data transfer from the user via your website, without it visitors or search engines wont trust your website. CMS or content management systems used to edit your website can have security vulnerabilities within their plugins, so will need to be kept up to date, this is more of a problem for open source systems like WordPress.
This could be a web hosting security feature(s) or a CMS feature. So please check with your vendor, web developer or hosting company on which security features you need.
A strong password should contain a combination of special characters and letters (upper & lowercase). You should not use common word combinations, family names or dates of birth. If any of your accounts have 2FA (two factor authentication) please enable this also for added layer of protection, with 2FA a verification code will be sent to your phone to confirm your identity so you can login. Check your passwords on:
Having an SSL certificate installed won’t stop a hacker per se, but what it will do is to encrypt any data that you collect through forms or other inputs on your website for instance therefore securing any interaction between your website and the end users computer system. This is very important if you are collecting sensitive data from your users.
Avoid following the directives contained in suspicious emails or messages since these methods of communication may constitute a phishing scam. The scammer can make the email look legitimate and even pose as your web hosting provider and try and trick you into changing your password via a malicious link and use that password to gain access to your website. It is also helpful to note that most web hosting providers will never send communications to your domain email address. These official emails usually get sent to your ISP, Gmail or other registered email address.
How often do you check your website? You should be doing this regularly and make sure you take ownership of your website through Google Console as it can alert you if any problems are found with your website. Don’t forget to back up your website in the event that it gets hacked. Most web hosts provide a backup utility for this. For websites I build, my CMS allows pages and some assets to be backed up to your computer’s hard drive. Also get your web host or web developer to take regular database backups. Better to restore from an old backup than having no website at all.
Hackers can obtain an email address associated with your domain name. When your register a domain some of your contact details will be available for the public record of your domain. The hacker may then target your email like Hotmail or Gmail for example to intercept your hosting company emails – password resets etc. So contact your domain registrar and have domain privacy turned on so you are not exposing your contact details to a would be hacker.
Risks associated with cyber-attacks targeting websites: