Cyber Security is going to the number 1 topic in Digital for 2022.
Recent high profile hacks have demonstrated the impact of a hacker attack on an organization’s ability to function and the considerable cost of recovery. For instance the head of the HSE said the cost of their cyber attack could reach “about €100million.” This eye watering sum shows the very high level of costs to not only restore (if you have a backup) but also to mitigate and prevent future attacks through software upgrades, training and security reviews.
So how can you prevent a hacker attack on your website?
Here are our top 5 website security tips.
- Maintenance Contract – You simply MUST have a website maintenance contract these days where someone (usually your web designer) will look after Website Updates, Security Monitoring and Backups. This is a paid service to update all of the backend software and make sure that any new software vulnerabilities are patched in a timely manor. Plus your website must have an SSL Cert (little lock icon) to be fully secure from hacking. You know when you login and see “You have 20 updates to apply” … that’s generally a BAD thing.
- Access Control – When was the last time you checked who has login access to your website. You may have setup several accounts over the years for personnel who no longer work in the company but did you remember to delete their account when they left? You should be checking as soon as staff leave.
- Roles and Permissions – Every website login is assigned a role when it is setup. From an Editor (can add content) to Shop Manager (Ecommerce) to Administrator (Top Dog) do you know who can change what on your website. What if a hacker was to get access to an account that you thought was an Editor but they really had Admin access? You should be reviewing role permissions every 6 months.
- Change Passwords – You know this already but you should be regularly changing your website login password every few months. It is the simplest way to prevent a hacker from guessing or using brute force software to login. This is the number 1 way that hackers access your site. You can further secure by applying 2FA (email or text confirmation) to some or all of your login accounts.
- Generic Accounts – Never, never, never use generalised login usernames for your website eg Admin as hackers will always try to use this to gain access. Once they have your username they are half way there. You should also have a login account PER user that needs access to your website – never share logins – otherwise in the event of a breach you wont be able to figure out where it came from and take action.
What happens when your website gets hacked?
It varies – but its never a good outcome.
In the most common scenario the hacker just installs some malware on your server (you don’t know) and this malware can steal data from visitors to your site or it can install fake pages eg Fake Bank Websites on your server where phishing emails redirect people to. If you don’t have a maintenance contract or security software you are usually completely unaware until a customer or your web hosting provider contacts you.
The hacker takes control of your website and defaces or redirects your website address to a dodgy domain (you know the ones). The first thing you normally know is when someone contacts you to tell you that your website is now displaying funny characters or advertisement for pills (you know the ones) or worse!
The the hacker attacks your site and steals any customer data (orders, email enquiries, etc) and holds you to ransom. They will email you to tell that they have all your data and you need to pay them in BITCOIN to get your data back or they will release it on the dark web. This is a nightmare scenario as you will need to contact the Guards, The Data Commissioner and all of your customers.
How do you fix a hacked website?
You will have to get a web designer to get involved to fix the problem which will involve restoring your website from a backup, updating any backend software, changing all the passwords, testing and communicating that you are back online. If you don’t have a recent backup then you may have to get the website redesigned … from scratch (gulp!) You may also get Blacklisted by broadband providers as they detect your server has malware installed so they stop relaying emails sent by your server until you resolve the issue. So you wont have a website or emails for days or weeks.
Either way the cost of that could run into thousands of euro and its easily mitigated by having a Website Maintenance Contract
Cybersecurity for all of your business – not just your website – is a must.
We recommend engaging with your Local IT services providers to secure your p.c’s, laptops, smartphones, networks, broadband and any device on your network. But here are some Do’s and Dont’s specifically for website owners :-
- Engaging with your Local IT services providers to secure your p.c’s, laptops, smartphones, networks, broadband and any device on your network.
- Do make sure that all your devices have antivirus security and its up to date.
- Use reputable paid security software and keep updated.
- Upgrade your p.c. software and hardware every 2 or 3 years.
- Audit who has access to your website and what role do they have.
- Review customer data and delete every few months.
- Secure your passwords and change them regularly.
- Document your IT setup – imagine if it was all wiped tomorrow – you should have the important logins written down on paper.
- Share user logins with other employees under any circumstance.
- Use generic logins like your Company Name or Admin.
- Access your website from outside your office like on Public (Hotel/Garage) WIFI
- Give out website login details over the phone or email.
- Assume your Home Network is secure – think of all the kids devices, TV’s and Tablets that could be exposed to malware.
- Ignore an suspicious activity on your network. Report it and cross check with others