Australia announced today that the country is experiencing ongoing cyber attacks. From what know, everyone is potentially a threat, including unfortunately, your business.
This article will explain, in plain English, how setup your website so it's got the best chance in a cyber attack. We’ll explain:
Believe it or not, I get at least one call per week from a sole trader who’s had their website hacked and has no idea how to get it back up and running. When this first started happening I asked myself – “why would someone bother hacking into such a tiny and seemingly insignificant website?”
Here are three common reasons:
When a hacker gets into your website, they can change your website’s code so that visitors are automatically sent (redirected) to another website.
The hacker earns a tiny commission when someone lands on that other website.
After hacking tens of thousands of websites - this translates into hundreds, even thousands of dollars in commissions rolling in every week for the hacker.
Most websites have a way of sending emails. An example of this is when some one enters their details into your Contact Us page and the website sends you an email with their details.
Hackers love finding ways of sending SPAM emails so they don’t get caught. International police have been finding ways of switching off their SPAM email servers so hackers are inventing new ways to get their SPAM emails out. Small business websites are an easy target because most of the time people have no idea that their website is even doing it.
Hackers can change the code in hidden parts of your website to make it look like another website, such as a bank website.
They then send then fake emails that send people to your website - thinking it's a legitimate email from their bank.
They then enter their username and password, thinking they’re logging in to a legitimate bank website. Your website then sends that person's username and password to the hacker, allowing them to then hack into that person’s bank account.
Once again, using your website instead of their own means there’s very little likelihood that the hacker will ever get caught.
When your website is hacked there are a number of things that happen:
This is by no means a definitive list of what happens when a website is hacked so be prepared for any surprise!
Sorry for all the doom and gloom above. Unfortunately this is what some business owners need to go through to learn the consequences of not having their website secure.
Fortunately there is hope though and you can take action now!
If you’ve got a WordPress website there’s a couple of add-ons that dramatically reduce the likelihood of your website getting hacked. I always recommend using:
These two add-ons, or plugins in WordPress speak, allow you to set up WordPress like it’s a fortress.
I have installed and run these two plugins on my own business website and testing using multiple testing programs. All programs that I used gave the website a big tick in the box for zero security vulnerabilities.
A lot of hosting companies provide free website backups. That’s great, as long as you can access the backups and know how to restore them.
Less than twelve months ago my hosting provider completely wiped my file system – including my backups. After a lengthy conversation with their support staff they realised their error and restored all the files. This meant however that the websites on this file system were down for almost an hour. Luckily, the majority of these sites were websites that were being built – i.e. they weren’t visible to the public yet (as a side note, I’ve moved hosting providers since).
For my live customer facing sites, I choose to have the backups stored remotely. This means that they are stored in a secure location on the internet using cloud storage like Dropbox or Google Drive. If a website server ever blew up, I’ve still got access to all backups.
I highly recommend taking on this approach for all your websites – especially if your web person is going to be away over the Christmas break. You never know – you might need to give another web person access to your backups over that break if something goes awry.
To make your job easier, I recommend using a free WordPress plugin named UpdraftPlus. It makes the job of storing your backups remotely really simple.
Website monitoring is a saviour when it comes to being pro-active about your website. Most monitoring services will send you an email when your website is not responding. This is a great way for you to jump onto it before your customers start calling.
To set up website monitoring, I recommend creating a free account with Uptime Robot.