Several weeks ago, I got a message from one of my readers that some spammy links were showing up on my other website, The Frugal Entrepreneur. I hadn’t seen them because they had been maliciously placed in section that lies outside the visible range of a web browser.
I quickly checked the source code, and sure enough, nestled within the page’s coding was a collection of about thirty spam links and text. Suddenly, it looked like The Frugal Entrepreneur had gone into the business of pimping Viagra and Payday loans… not exactly what I meant by having multiple streams of income 🙂
What I experienced was pretty common and relatively easy to fix, but it got me thinking about all the cyber threats out there that can so quickly and easily destroy a business’ online presence and reputation. Business owners, be aware and prepared. You don’t want hackers hijacking your website (or your domain!) or compromising sensitive customer data.
According to a recent Symantec Intelligence Report, more than 36% of all targeted cyber attacks in the first half of 2012 were directed at small companies. This is up from 11% in December 2011. Note: I would have given you the link to this study, but when I went to Symantec’s site this is what I saw:
Was their website hacked? If it was then it wouldn’t be the first time… Now imagine what would happen to your business if this was what customers saw when they visited your own website…
That said, here are some big cyber threats to your business website or blog that you should know about as well as some ways you can protect your online assets:
WordPress and Joomla exploits. WordPress and Joomla are arguably the two most popular content management systems on the Internet (among consumers and businesses alike), and as such they’ve been the target for many a web hacker, virus, and bit of malware. Not only can hackers access login details, compromise internal database information and the external face of your website, they can also effect the SEO of the site by injecting spammy links, as mentioned above.
Since this is most definitely not my area of expertise, I won’t even attempt to explain all the security threats and protection strategies out there for protecting your WordPress and Joomla sites. Instead, here is good a list of resources to check out:
- 10 Steps to a Secure WordPress Website– Coppyblogger
- 6 Things You Can Do to Secure Your WordPress from Hackers– Makeuseof
- Hardening WordPress– WordPress.org
- 13 Tips to Better Joomla CMS Security– CIO
Domain Theft. When I first heard about this, I couldn’t believe it. Hackers or “crackers” as they are called, can get into your hosting account and authorize a domain transfer. If they’ve hacked your hosting account, then they probably have your email account information as well as. So they just log themselves in and confirm the transaction. Then, they can delete the message before you see it. These people can literally kidnap your domain and threaten to hold it hostage until you pay them some specified ransom.
There seems to be many cases of this happening with GoDaddy accounts. If you are hosting your site with GoDaddy then make sure you opt in for their Two Step Authentication process where they text you a validation code to enter whenever you log in to your account. Unfortunately though, this service is only available to those in the U.S. If you’re on GoDaddy and you live outside of the U.S., then perhaps you should consider moving to another host.
Only use well-known hosting companies. Shared hosting has its vulnerabilities. You don’t know who your “neighbors” are going to be. If your hosting company does not have a solid reputation, then chances are greater that they may not have the controls in place to protect your website from a malicious attack initiated by another customer on the server. Saving a few dollars a year is not worth loosing your site, your reputation, and your customers.
A final note… Use your full due diligence when it comes to hiring people to work on any aspect of your website- whether it’s technical or content-based. The Internet is full of horror stories of disgruntled or “opportunistic” workers compromising a business’ data, networks, or website. You don’t want to add your business to this list.
Under Domain Theft, you talk about someone getting into e-mail. When someone gets into your e-mail, they own you. They can reset passwords, purchase whatever they desire and pose as you. Stealing a domain is one of the more easily accomplished things a hacker can do after gaining access to your e-mail. People still use simple passwords or personal information in passwords. I just helped a client who is using her son’s name as an e-mail password. I almost fell out of the chair when she told me her password. This all boils down to intelligent password maintenance, especially for e-mail.
Very good points… I would add that some of the free email services, such Gmail and Yahoo Mail (in particular), seem to be less secure. So business owners may want to use these kinds of accounts with caution.