Hackers. They aren’t just Hollywood archetypes. They actually exist, and they do mean to cause your website and company harm. How can you protect yourself from these threats? Well, first of all by taking it seriously. Now, I’m not talking “lose a bunch of sleep and buy a bunch of stuff” seriously. Just recognize the threat and make the necessary changes to your infrastructure to minimize it.
This is the part where I throw some uncomfortable facts at you. Again, these aren’t intended to scare you. Rather, they are being thrown out there as a call to action.
The numbers of hacked sites has been rising dramatically over the past few years. Now, it’s up to debate as to why this is happening but a popular take is that many webmasters and company owners have taken a “wait and see” approach regarding hackers. It can’t possibly happen to me, right?
Well it does happen to lots of folks. All it takes is a slight hack for you to experience some site damage, data theft or loss in search rankings. It goes without sayings that a huge hack could lead you to a “locked out of your website” nightmare scenario.
The number of hacks and exploits that are typically used have also been increasing. I’m not going to go into every one, but some of the most common types include XSS, SQL Injections and defacing. In short, it can be a full time job keeping up to date on all of this stuff. Unless you have a dedicated employee willing to make this their pet project, it really can seem overwhelming.
Don’t worry. You don’t need to re-structure your entire financial plan in order to make room for some new anti-hacker employees. You can make yourself reasonably secure by taking some simple steps that will quite literally be “no skin off your back.”
Protect yourself – Your hosting company probably has some protective measures in place but it’s important to understand that that isn’t a license to slack off on your end. You are still responsible for your own site. If a hacker went after your host, it could shut your site down for a while, but it wouldn’t affect your data or any of your secure information. That’s the difference. Hackers going for sites underneath the host’s umbrella are interested in data, information and general tomfoolery. Take steps to make you are protected.
Keep software up to date – Old versions of software are insecure. This is a fact. You really have to make sure any software you use in the office is up to date. Updated software includes security fixes and more. Pay the extra money. Get on the phone with a specialist to make sure. Do anything possible. This can be a minor annoyance but it’s a minor annoyance that you only have to put up with once a year or so. It’s worth it.
Make sure 3rd party scripts and code are up to task – There is nothing more useful than a code or script that seems to exist just to help your business thrive. Still, these 3rd party scripts and codes are written by people on their own time in their own situations. Some may not be so safe. Now, this is not to say that you should avoid them. Quite the contrary. Just do your research. Google the creator. Look up message boards where customers are exchanging pertinent information. Do this before installation and you’ll be set.
Do your homework – Let’s be honest here. Most of the time a hacker finds a way in to your site the fault usually lies at your feet. Do your homework! Make sure you run virus scans often. Clear your browsing histories on a regular basis. Just be aware of the general security of your infrastructure, enough that you’ll notice any changes no matter how minor. Once this becomes habit, it gets easy. I promise.
Secure your passwords – This is also part of your homework but it’s so important I decided it needed it’s own little section. Keep your passwords secure! You have no how idea far this goes to discourage would-be hackers. Think of a secure password like bars on a bedroom window. If a would-be robber passes by and sees those bars, are they really going to bother? They’ll just move on to the next house. Here are some general rules of thumb to keeping your passwords safe: Always use a combination of numbers and letters. Stay away from real words and family names. And, oh yeah, the longer the password is the better. These can be annoying to remember but in the long run it’s worth it.
If you have the money, outsource – I know I said you wouldn’t be required to hire for this problem. That is mostly true, however, if you can you may as well. A lot of reputable coders work freelance and won’t break the bank. If you really have money to burn, go with a professional security agency.
Google Webmaster tools – Google Webtools can be your best friend in this situation. They offer tons of functionality that can help keep your website and your company safe. You can set it up so you’ll automatically be informed of any software updates, any problems with third party scripts and they’ll be sure to alert you if anything suspicious is going on(Within reason.) It’s free and definitely should become part of your security repertoire.
Backup everything, a lot– This is such an important and oft-overlooked step. Back up everything all of the time! This way if the worst does happen, you can be up and going again in no time. Send important files, emails and documents to just about anywhere that will have them. This includes email accounts, portable hard drives, home computers, mp3 players and more. Also keep a record of IPs that have been accessing your site and don’t forget that all-important clean record of your site.
Check your logs – Keep an eye on who is visiting your site regularly. This way you’ll have a list of suspects as soon as something goes wrong. Often times you can Google IP addresses, phone numbers and other pertinent information and come up with the guilty party. You can help before the hack as well. Keep an eye out for any unusual traffic, you know visitors coming from online pharmacies, sex sites etc. Once traced, you can be sure these visitors are up to no good.
Spread yourself around – Hosting is relatively cheap. Why settle on just one? Spreading yourself around means if one portion of your web empire is attacked, the rest remain completely secure. You can even have your sites hosted on different C Class IPs.
Stay informed – Don’t take my word it. Stay on top of the latest trends and news on how to keep hackers out of your life. Read pertinent blogs. Subscribe to some newsletters. Wanna know where to start? Here are some sites to check out.
Ok. This may seem like a lot but hopefully you are doing some of these steps already. Once you get your game-face on it will all become second nature. After all, your company and website are worth it aren’t they?