Have you ever experienced fear in someone's voice? "My website's gone!" The owner of the company's voice was filled with fear. The money invested in marketing and promotion for the website , in order to bring new customers to the site was suddenly in jeopardy vaultmarket. Instead of the company website it was a large black web page declared that the website is "Owned" by some hacker from Indonesia. "Can this be fixed? How did this happen? Why would someone do this? How can I keep this from happening again?" The questions came with a speed of light. Jack's* day had suddenly transformed. Let's examine how prevalent the threat of compromised websites really is and what you should do to protect yours.

Hacked and Infected - Website Threats on the Rise

Security experts say that there are only two kinds of companies in the US and that are those that have been targeted for hacking and those that don't know they've been hacked. Forbes magazine published an article entitled "2013: The Year You Get Hacked". Google has been flagging more than 10,000 websites that are compromised every day. This number is on increasing.

There are various types of risks that websites can be exposed to dependent on what the company itself. Let's look at some of the specifics of website threats and the types of businesses in danger.

Website Attacks Motivated by Profit

Websites with high-value data are usually the victims of sophisticated attacks. In these attacks, the intention of hackers is to steal information , which is later used to sell. In most cases, the target is trading secrets, credit card information, or any other information with the potential to be worth money.

Smaller companies are rarely the targets of these types of attacks because they typically do not have this type of information stored on their websites. Even small e-commerce websites typically handle payment of credit cards information through third party PCI certified processors and gateways that means they don't have credit card details saved on their websites.

Phishing, DDoS, and More

You've probably heard of these threats firsthand, or on the internet. Phishing scams take as emails that "look" like they come from a major financial institution , and then take you to a counterfeit website. These kinds of attacks are popular and you've likely received similar emails in the past. If you receive something similar to this within your inbox, you can delete it without clicking the link.

DDoS (distributed denial of service) attacks are usually headline news when they affect a very large company. Google and Yahoo both were virtually shut down for a couple of hours due to large distributed denial of service attacks. These attacks essentially use huge numbers of infected computers to act as drones and take over the target site by sheer volume. Denial of Service attacks usually target extremely large websites, therefore they are not a danger for small-sized business websites.

Website Vandalism

This kind of web-based attack typically affects small companies. In this kind of attack, hackers seek to destroy websites and replace it with a brand new homepage. The new homepage has an announcement of the hacker's screen name.

There is nothing the hacker gets out from this type of attack, other than publicity in addition to street "cred" among others engaged in the same activity. This is the online equivalent of the situation in which troubled kids wander through a neighborhood in the evening and slam mailboxes with baseball bats. There is nothing to gain. The only goal is destruction.

As with vandalism of tangible property, those who vandalize websites frequently try again after the site is restored. If a website has been compromised it is a target for future attacks. Hackers circulate lists of sites they have compromised - consider this as an application for hackers. When a website is included into a list of this kind the site is usually the frequent targets of similar attacks for a long time.

Larger corporations usually have the facilities and procedures in place to protect their website and defend against this kind of vandalism that can be done to websites. Small businesses frequently don't take this threat seriously until they've experienced the effects by it.

Website Infection and Malware

This kind of attack also primarily affects small business websites. In this kind of attack, the website may be affected by a virus or malware. The purpose of the virus or malware is usually to infect computer systems of those who visit the site. In this situation, the website is just an avenue used to further the plans of the attacker - which range from deleting files to identity theft.

It is one of the most damaging types of attacks for websites with small businesses because the attack isn't immediately obvious. The infection or malware can be disguised as a Trojan horse, so that it's unnoticed until it is activated. This means that it is often able to avoid detection - sometimes for weeks.

The proprietor of the business usually finds out that there's an issue with their website once they begin getting complaints from clients or potential customers who have visited their site but had their computer harmed because of. If Google detects that the website is infected, it will show a warning on your website when it pops as a result in the results for a search. Sometimes the first indication that there is something wrong comes when the website owner accesses the website of his company and on pops a notice from the McAffee or AVG warning of visiting the site that is infected.

Software Updates - First Line of Defense

Most common ways that the criminals gain access to small-scale business websites is through vulnerability in the software or programs that the website runs on. Being aware of the most recent version of software your site runs on and then updating that software whenever there is a new version released can be quite a headache the moment your website is messed up can be a nightmare.

If you're running an WordPress website updating your software is as easy as making sure you log in daily and visiting your dashboard and your plugins to determine if upgrades are in place. If they are, then hit the update button to apply the update, but ensure you've backed up your website first. Sometimes an update may not function in the way it's supposed to - that is when the backup comes in handy. Another thing to keep an eye out for is if the most recent plugin version is over two years old, you need to quit using the plugin because it's most likely been abandoned by the developers This isn't a good sign.

Keeping your site running on the latest software and plugins can go a long distance to safeguarding your website against all sorts of trouble.

Passwords

The most effective method to ensure the security and integrity of your passwords is to change regularly (like every 3 months) and make sure that your password doesn't contain a word found in the dictionary. Dictionary attacks are the most common technique hackers employ to force their way into accounts. They try to guess each word from the dictionary of passwords commonly used. Utilizing lower and upper case letters, numbers and special characters in a password that is at eight characters or more is a minimum. More lengthy passwords are more secure - however, ensure that you remember it , and keep it in a secure place.

If you have shared your password with another person, ensure that you update it once they no longer require the information. A typical scenario that occurs when a password is compromised is that the leak may be the result of a computer that was infected with a virus which compromised the passwords on the computer. Making sure you change your password on a regularly basis and during certain occasions (like an employee leaving or contractor quitting) can be a significant step in protecting your website from harm.

Website Monitoring

Sometimes things do occur that go wrong. Backups and monitoring come in handy. Monitoring will alert you to the existence of an issue as soon the issue occurs. In essence, it's an instrument that is used to monitor your website on a regular basis to ensure it's safe. If a problem is found immediately, you're informed to fix your website right away.

Software Shield

Software security isn't the same as a silver solution, but it could provide a good measure of security against a variety of dangers. All security software isn't alike - there are a few free options on the market, but the really good stuff comes with a price - and a warranty. If they don't trust their product enough to warrant that it will be covered by a warranty, you shouldn't invest too much in it .

Protecting Your Website

The most effective way to secure your site is to rely on a multi-layered approach where there's no single point of failure. Security of websites is a constantly evolving field , and you need to ensure that your approach to security can be sufficiently robust to respond to new threats. Once you have this strategy established, you don't need to think about what if.

In Jack's case, we investigated and found that the hackers got in via a flaw that was recently discovered in some of the software used on his site. The site was restored from backup and a robust website protection program with warranty was implemented to ensure that he is able to rest well with assurance that his site is secure.

If you'd like someone else to look after protection of your website, take an interest in our website protection programs (complete with warranty protection). With the right levels of protection and the right systems implemented, you'll be confident about your website's security.