A few years back, I used to own an alarm company. We provided alarm system installation and monitoring. We were a “peace-of-mind” company.
Being in front of customers everyday, we got to hear all kinds of stories. Stories of families who experienced a break-in were always difficult to hear. The customer would often say “Why me?” and “I feel angry and violated.”
Through the years of learning the art of web design, I experienced a similar feeling the first time a website I created was hacked.
It’s never fun to experience a hacked website. If there’s one thing I get asked the most it’s, “Why would anyone want to hack my small business website? What would they have against me?”
The truth is, “Nothing.”
When hackers attack websites, the intent is rarely targeted at the company. In fact, in most cases, it is done because it is profitable.
Reasons Small Business Websites Get Hacked
- A place to host a hidden phishing page. Phishing is an attempt to steal credit card information, usernames, passwords and other sensitive information through a webpage that resembles a legitimate website, like a financial institution or online membership site. Victims receive an email with a link to “update their account” or “change their password”… The emails look realistic and are convincing if the recipient doesn’t know what to look for.
- Deploying malware. Malware is malicious software that is forced upon the website visitor. Often found in free software (AKA Freeware), hidden code steals your data and sends it to a server setup to collect the data. The data is valuable for identity theft or selling to fraudulent marketing companies who are willing to pay for it.
- Funnel your audience. Some hacks embed links in your website content that funnel your audience to web pages that generate affiliate revenue for the hacker. Google, Bing and other search engines index these links. The more links (backlinks) to a website, the better the SEO (search engine optimization). This increases website traffic for the hacker AND leads to a higher ranking in search results. The higher they rank in search results, the more traffic their site will see. More traffic means more affiliate sales, making it a profitable venture for the hacker.
- Theft of system resources. There are scripts which can be injected into your website that are built to send out spam email, denial of service and force brute attacks. These happen in the background almost always go unnoticed by the website owner. The website owner usually becomes aware when the web host company threatens to suspend their hosting account.
Most of the “hackers” out there are actually computers (bots) built to run scripts that seek out and exploit vulnerabilities in websites, servers and computers.
Once I had a client whose website was held ransom! The hacker installed a script that encrypted every file and email on the server. When I went to the website, it had instructions on how to purchase a key to remove the encryption for a small $300 USD investment. ABSURD!!
I am going to trust a hacker to remove an encryption code after paying them $300 USD?? Even if it worked, what do you think the possibility of it happening again is?
I had the website back online within five minutes AND without spending a penny! HAHA, take that hacker! Suffice it to say, after that, we made the website more secure than ever.
Steps to Ensure Your Website is More Secure
- Contact your web host or web developer to provide a comprehensive security review of your website and make changes to ensure any vulnerabilities are corrected.
- Change your password to be more complex. Use 12-16 characters, with a combination of numbers, lower & uppercase letters, special characters and punctuation. I use www.passwordsgenerator.net to help generate random passwords for all the websites I design.
- Avoid third party website plugins that are “free”. There is a reason they are free. Always check the reviews, number of downloads, compatibility and when it was last updated before you install any plugin, module, script, theme or website framework.
- Always keep your website framework, modules, plugins, etc., updated with the latest stable version. Most websites require ongoing maintenance to ensure stability and security.
- Keep a backup of your website. Most web hosts include this in your web host package. Speak with your web host or developer to confirm.
So in the end, hackers aren’t really targeting you and your business. Evil people will always try and find ways to cut corners, doing anything to make a buck. They best way to protect your website is through the proactive steps listed above.
Has your website ever been hacked? What did you do? If you have a story to share that will help others, feel free to share in the comments below.