You’d think hackers would only be interested in infiltrating the websites of governments or multinational financial institutions. The truth is, in recent years, small companies have become just as likely to be on the receiving end of such attacks. The main reason is hackers are now using software that scans potentially weak sites and automatically attacks them en masse.
While these hacking attempts may not bear the financial fruit (or media attention) of a data breach of a major corporation, newspaper, or military installation, modest-sized businesses and smaller sites can generate big bucks when they're compromised together. And smaller sites are much easier to hit, as they're seldom monitored with a high degree of scrutiny, are ill maintained, and haven't had the proper security updates.
What Would Someone Get out of Hacking My Website?
Have you ever clicked on a site or blog and been taken to a completely different page than the one you intended to visit? Or even worse, been subject to endless popup windows of random sites that are almost impossible to close? This is a result of SEO spam.
After hackers compromise your site they can gain access to the backend and insert backlinks that will redirect traffic from whichever site they want to direct your visitors to.
SEO spamming is also beneficial to the hacker in terms of linkbulding. Generally speaking, from Google’s perspective, the more sites linking to you the better. Hackers that employ SEO spam can create networks of thousands of hacked sites and generate countless pages with spam links and keywords to increase the hacked networks' presence on Google.
These networks of thousands of sites can also be used for spam email. This is an old problem that continues to this day. Hackers can use multiple compromised sites to send spam email, which can add up to hundreds of thousands of messages daily. Because these can originate on servers based all over the world, they are particularly difficult to detect.
Ransomware is a type of malware hackers can infect your site with that essentially holds your site hostage by locking up its content and and blocking access until you pay. Victims are usually quoted a price that can range into the thousands of dollars that must be paid in Bitcoin.
The virus could arrive by way of malicious attachments in phishing emails, though newer types of ransomware don’t need to trick the victim at all. Ransomware hackers typically target large websites that traditionally don’t have the resources for advanced security, or institutions that need quick and constant access to their online files.
Ransomware can also target your site’s visitors themselves, infecting their computers and holding their own files hostage in much the same way until payment is made.
Another way hackers can take over your website is by exploiting a vulnerability in its firewall and turning its operating computer into a zombie, or bot. Then, on command, that computer becomes part of an army of other zombies that flood a target website with such a number of requests for access that the target site effectively shuts down. This is known as distributed denial-of-service (DDoS) attack. With the exception of websites that contain controversial content, small sites are not generally the targets of DDoS attacks, but they can be forced to become part of the zombie army that perpetrates them.
How Can I Secure My Website?
It may seem like a no-brainer, but the first and most important step to securing a website is staying on top of all updates. Hackers routinely target things like WordPress-based sites and blogs because users tend not to do this. Similarly, routine backups are easy and essential in the case of disaster.
The first line of defense against DDoS attacks is a solid firewall. This will, however, only go so far. It's a good idea to communicate with your hosting company in order to understand the extent of their firewall package. This will help you pinpoint its weaknesses and decide what additional services you may need to protect yourself.
It's also important to verify that any hosting service you're considering includes malware identification and removal in its suite of services.
Pick strong passwords and change them often. Dictionary and brute force attacks have increased exponentially in recent years. This is a type of attack where thousands, or even millions, of username and password combinations are automatically thrown at the authentication mechanism.
Using passwords combinations of letters, numbers, and symbols can be an ideal way to foil such plots. Password managers are excellent tools which store and access multiple complicated and changing passwords so you don’t have to memorize them. Additionally, setting up two-factor identification makes the login experience maximally secure.
Update, backup, firewall, passwords: these steps might not seem to be part of the most sophisticated strategy, but as the majority of attacks on small sites are automated, employing them can usually make your website more than adequately secure.