Posted on: 24/09/19
As a leading North Wales Web Design specialist, we are used to receiving calls from concerned website owners looking for professional web advice after their website has been hacked.
Thankfully, this has affected very few of our clients, however we can normally can and do help even if it wasn’t a website we built.
These days, hacking is a huge risk, to put it in perspective, by lunchtime today more than 66,000 websites worldwide will fall victim to a hacker – many of them attacking from miles away, unconnected in any way to your business, attacking your website purely because they can.
How do businesses react when their website gets hacked
The first response from most website owners when their site gets hacked is disbelief. Common reactions include ‘but why would they target me? I’m just a local church/football club/small e-commerce website/local business website? I’m not NASA!”
It causes upset and disruption to your business and many people take it personally – but targeted website attacks are extremely rare. Your website is normally chosen purely because a hacker has done a worldwide scan using a specialist hacking tool and found they could get into yours.
It is not anyone’s fault, it isn’t usually down to a mistake by your website designer, it is no different to your car being stolen. There are cyber criminals out there, and anyone can fall victim, but like with your car, there are steps you can take to make you less of a target.
Why a website hack is rarely personal
While a website hack is upsetting, it is rarely a personal attack. Most hackers hail from foreign countries and couldn’t care less about your site or your business. They are often looking for a site to show off their hacking ‘skills’ to their friends, or are looking for a website to exploit for financial gain.
Here’s just some of the reasons an innocent local website may be seen as a target:
- Every website is hosted on a server, by hacking the website they may be able to take advantage of the server resources;
- Your website may have an excellent reputation online, so they can hijack it to use it for their own sales projects;
- Your website may contain business or customer data they can use;
- In some cases, hackers just want to impress each other – they have tools that highlight vulnerable websites and yours was chosen.
While no website protection is foolproof and the most determined hackers have even secured access to places like the Pentagon, there are ways to prevent your website from being an easy target. Cybersecurity experts talk about creating layers – staff awareness, best practice, strong passwords will each offer an additional layer of protection.
What happens during a hacking attack?
Unfortunately, this depends entirely on the hacker – once they have control of your website it is up to them what they choose to do.
Sometimes, a hacker will just change a picture or content on your landing page and do little else.
However, some hacks can be incredibly damaging, stealing your client data, hijacking browser search results for your website and diverting your clients to a nefarious site, utilizing your web server for cryptomining, destroying your data and more. Some hackers will lock your data and hold it to ransom (don’t ever pay, in most cases they won’t restore your site anyway).
The good news is that most websites can be recovered to some degree, but it is not always possible to fully recover a hacked site.
In many cases however, hackers will leave some kind of back door for easy future access – which is why we always recommend choosing a professional to recover your site.
However even seasoned professionals may not spot them – hackers are experts at finding ways to make their code hidden and looking innocuous. Our advice is always to avoid being hacked in the first place and to regularly scan the website after any hack has taken place.
How can I protect my website from being hacked?
Nobody can 100% protect their website from hackers – it boils down to how much time, assets and acumen the hacker chooses to invest to hack your site. Huge corporates, Government associations and financial institutions are continually investing in cyber security and many of them have still been hacked.
However, a few small steps will reduce your risk. We recommend all website owners:
Have a SSL authentication
The SSL adds additional encryption to your site, making it harder to hack. It also has a useful side benefit of helping your web ranking, as Google prefers sites with SSL certification.
Choose Secure website hosting
You can find cheap website hosting for £1 a month, or pay thousands per month. They don’t all offer the same service and you get what you pay for. Web Design specialists like DesignWeb will have spent time choosing a reliable, secure web host for their website owners and security will be one of their key considerations. Regular site backups are important too, check whether your website host includes this.
Do website software updates
While your website will have been built in line with up-to-date recommendations, both website hackers and technology are continually evolving.
For this reason, WordPress issues updates to plug ins, themes and settings almost daily. Keeping WordPress updates up to date is essential .
Once a vulnerability is uncovered, hackers usually spread the word very quickly, so it is an ongoing battle to issue updates in a timely fashion.
Most web designers will offer a premium service where they take care of things like Joomla and WordPress updates for you. It can seem like a cost saving to say no, but it’s worth the time you will save to keep your website secure. It’s certain a service we’ve found popular among our clients.
Very old custom-built websites are particularly vulnerable, as they will not have received regular patches and updates – many website designers will offer a free website review – take advantage of that and then listen to their advice.
Finally, WordPress has some good plug-ins that will reduce your vulnerability. Talk to your website designer about whether one would benefit your website.
Choose secure passwords and educate your staff to do the same
You’d be amazed how quickly a techie can guess your passwords from a quick glance at your Facebook page. Pet names, kids names, friends names all make for terrible passwords. Also common names and passwords get added to hacker databases which automatically scan your site for vulnerabilities – so avoid them, too. Most hackers use a ‘brute force’ technique which keeps trying for common words in a database… so ‘motoracing’ or ‘rugbyfan’ is not so clever as you hoped!
A secure password is harder to crack.
A good password should not include names, have a mix of capital and lower case letters, numbers and special characters, and ideally at least 12 characters long.
Change passwords when staff leave
Not all hackers are remote – and an ex-employee with a grudge is always a risk. Good practice can eliminate that risk altogether.
It’s best practice to change passwords when people leave – not doing so leaves you wide open to business disruption. Trust is great, but secure practices are a firmer guarantee.
Website security is a huge topic and of course, we can’t cover every detail in a short article.
However, these basic steps will avoid your site being an easy target. Awareness and monitoring, too, will make you able to respond quickly to any potential threat.
For more information and advice, please call us on 01745 508588 or visit our website: https://www.designweb.co.uk