It seems like every day or week there’s a new headline about another app or website being hacked. And these are typically the higher profile websites. In fact, a hacker attack occurs every 39 seconds in the US, affecting one in three Americans every year.
A successful intrusion can result in a huge loss in traffic and revenue if your site has crashed or been suspended on your hosting provider. It could even result in identity theft of your admins and members if you run a membership site. Personal data like passwords could be at risk.
No matter how big or small your website is, you can still become a target. So, it is very important to secure your website, which means putting protection in place to keep out hackers, bugs, and other nefarious entities.
How do cyber-attacks work?
Cyber-attacks work by infecting your computer with malware or spyware. These types of attacks are often delivered through email attachments, malicious downloads, or websites that you may visit.
Malware is code designed to disrupt the operation of your device and make it perform hazardous operations. Spyware is software designed to gather information about your online activity without you knowing anything about it.
Cyber-attacks usually take the form of viruses, worms, Trojan horses, or the latest trend, ransomware. In these attacks, the hackers demand payment to remove the infection.
While it’s impossible to create an absolute impenetrable fortress with your website, it is possible to put measures in place to make it very difficult. Many times, a little difficulty is all it takes to send hackers on to their next target.
There are lots of technical aspects we could get into like picking reliable hosting, ensuring an SSL certificate, running regular backups, keeping your content management system up to date, etc. If you are using a reputable web service to host your website, these security measures are likely taken care of for you. This episode is for regular day-to-day admins that update the website on a regular basis.
Here are steps you should take today to protect your website against cyber-attacks.
1. Have a Comprehensive Security Plan
Have an action plan ready that would help in case of any security breach. Have all the necessary contacts handy, including those of your website developer, hosting provider, or security partner. Most likely, a backup will need to be restored from a point earlier than the intrusion. What more-recent content might be lost and need to be recreated?
2. Use Secure/Strong Passwords
We can sometimes forget just how important passwords are and overlook that a password is really the only thing standing our personal information and a hacker. Not only are passwords a vitally important step in your information safe, but they’re also one of the easiest things you can change to increase the security of your website.
A survey carried out by the UK’s National Cyber Security Center put together a list of the top 10 most hacked passwords. The top 10 are…
123456, 123456789, qwerty, password, 111111, 12345678, abc123, 1234567, password1, 12345
If you are using any of these, rejoice that you have never been hacked and then go change them – like right now. Instead of using easy to guess phrases, here are some things you should do instead:
- Combine three random, unrelated, but memorable phrases
- Use a randomly generated sequence of characters
- Don’t reuse passwords – use a password manager to keep track of them all
- Make your passwords long
- Never use personal information in your password – it’s the first thing hackers will try!
There are all kinds of password tips out there and even password generators you can try. Either way, do not share your website accounts or passwords even with friends or relatives. DO change your passwords regularly. Experts suggest once every quarter.
3. Check/Clean Spam Comments
Spam is annoying, to say the least. In most cases, comment spam is used by bots to place backlinks to other websites to increase search rankings since backlinks are good in Google’s eyes. Google factors in comment spam and buries these URLs that take part in it but the problem still persists.
Some spambots have more malicious intentions, though, and can overload your server and even install malware on visitors’ computers. If these malicious links are picked up by Google’s crawl bots, they could rate your entire website as unsafe.
It’s important to check your comments daily for any of those that your security software might have missed. Be wary of approving comments from visitors with any free e-mail address like Gmail, Outlook, etc. Ensure the comment matches the post/article too.
4. Scan Your Local Computer
Yes, your local machine may be a serious security threat to your station website. Some malware is written to steal login information and then inject malicious files into websites. Using the best antivirus software can help bypass the whole debacle.
It’s staggering that 93% of malware is delivered via email? This means you should always be on the lookout for anything unusual in your inbox.
Protect your website by being on your guard, and being suspicious of texts, emails, or phone calls asking for personal information.
Beware of public or open internet connections if you’re working in a shared space like a cafe – they will not be secure!
Never click on links in emails that seem suspect – delete the email straight away! We know this seems like common sense, but phishing emails are becoming increasingly realistic – so always remain on high alert!
The key to eradicating a virus or malware is not to treat the symptoms or remove the malware. The most critical solution is understanding how you got the malware or virus. This eliminates the possibility of reinfection.
It’s important to run deep scans of your machine on a regular basis, especially if you commonly download files online. Even executables that seem trustworthy can come with unintended partners, so a strong antivirus can keep your mind at ease.
Good website security starts with you. As a website admin, it is your responsibility to ensure that you have a safe and secure website.
- Have a Security Plan
- Use Strong Passwords
- Clear Out Spam Comments
- Scan your computer regularly.
- Only grant access to admins you can trust.
- Only trust verified professionals to access your site. For example, scammers may take control of your website under the pretense of fixing a technical issue.
You wouldn’t leave your front door open, so why would you do the same with your website? Web-based malware and spyware attacks are on the rise, so do all that you can to ensure your team is security-minded so that your website is protected and not an easy target.