One disturbing trend we’ve seen with clients is a lack of awareness about the importance of internet security, especially for websites that don’t take down personal information, such as credit card numbers. Hackers prey on this lack of understanding to achieve a number of different goals, from financial gains to the joy of destruction. Let’s discuss some of the most common myths about internet security and important ways for you to keep your site safe.
Why Do Hackers Hack?
There are a number of reasons why hackers do what they do. The most common reason that people think of is financial gain, such as stealing credit card numbers. In 2013, 40 million Target customers had their credit card numbers stolen. Hackers sold the stolen card numbers for upwards of $100 each (1, 2). Another way hackers can benefit monetarily is through “affiliate scamming” – posting hidden links on your website that travel back to their own site. Colette Chamberland, one of two Senior Security Analysts for Wordfence, further mentions a new trend called ransomware. “Attackers inject code into unsuspecting sites that redirect users to malicious sites…their system gets encrypted and requires them to pay a ransom to the attackers to get their data back.”
Some people are interested in information harvesting. In the Target attacks, another 30 million customers had their names, home addresses, and other information stolen. This information can be sold or, less commonly, used – think of any spy movie where the villain hacks into a government computer. Some are interested in gaining system resources. These people will steal room on your server for their own use, for example. These types of hacks could also fall under the Financial Gain umbrella.
Finally, some hackers are purely interested in the thrill of website vandalism or destruction, or bragging rights amongst a group of like-minded individuals.
Is My Site At Risk?
In short, every website is at risk, no matter its size. Says Chamberland, “As you would expect, most site owners are frightened, scared and sometimes a bit panicky when they find out their site has been compromised and infected. They don’t think that attackers target their business or site because it’s so small. What they don’t know is that attackers don’t just go after the big guys like Target, Home Depot and big banks – they often use the little guys as an intermediary to carry out a large scale attack. No one is safe, everyone is a target.”
Most hacking attempts are opportunistic rather than targeted. A hacker will use a bot to find a vulnerable site rather than finding a site and then looking for vulnerabilities. This means that although you are a small business, if you have lax website security you are at a huge risk. Even if your site doesn’t see many monetary transactions, remember that hackers can gain from your site in a number of different ways.
Once I Set Up Security, I’m Done, Right?
Wrong. So, so wrong. As Chamberland describes it, “I think the biggest misconception that people have about security is that once something is “secure” it’s no longer hackable. Nothing could be further from the truth. There is no guarantee in security.”
“There is no guarantee in security.”
Just as in the rest of the technology world, hacking is advancing every day. This means that security must enhance as well. If you are not updating your website on an on-going basis, you are putting yourself, your site, and your business at risk.
Can I Resolve A Hack On My Own?
Unless you have some web development expertise, probably not. “In order to be able to identify what’s bad in a site, you have to understand the technology it’s built with and what attackers commonly use to hide their malicious activity. This often involves reading code, reverse engineering obfuscated payloads, reviewing log files and sometimes even reenacting the attack using the same vector as the attacker. This is far beyond the capabilities of most website owners,” explains Chamberland.
How Can I Improve My Website Security?
The easiest thing a business owner can do is change their password(s) regularly. Next, ensure that you’re hosting with a secure provider. Finally, have a trained team keep your site up-to-date and protected. At RealReach Marketing, we provide triple-layer security, on-going site maintenance, and 24/7 recovery in case of an attack. If you’re looking for an expert team to build and monitor your website, contact us now!