Website hacked! Find out why and how to stop it
Hacking is the seeking and exploitation of weaknesses in a computer system or computer network (Wikipedia). Hackers may be motivated by a multitude of reasons such as profit, protest, challenge or enjoyment. Hacking is not limited to computer devices only but also to websites which are hosted on the computers (servers). It has been noted that the majority of hacked websites belong to small businesses.
According to Forbes Magazine ‘Cyber crime rates have risen sharply with an estimate of 30 000 websites being hacked a day and some infected with different types of malware’.
Too many times people think ‘why would a hacker target my small business website?’ The truth of the matter is that most hackers don’t even know you or care about your business. Hackers hack websites most of the time for completely selfish reasons. They may do it just for fun, as an accomplishment, to spread spam and malware on the internet or to use your website to attack other websites. There is also the possibility of hacking for financial gain or as a form of revenge although these are not very common. This may all sound like bad news but it isn’t. You can greatly minimize the risk of a website hack by changing your habits. That is the very reason for this article – to highlight common security risks and present opportunities for improvement. Lets now explore the main reasons why many websites are hacked.
1. Insecure use of passwords and usernames.
The number one reason why most websites are hacked is poor use of passwords. In fact, this is so prevalent that we have broken it down into three password security risks:
a. Weak passwords.
Did you know it takes only 10 minutes to crack a lowercase password that is of 6 character long? Adding two extra letters and a few uppercase letters it jumps to 3 years. Great caution should be exercised when choosing a combination of characters that makes up your password. The time for easy three letter password is long gone. Hackers are now using sophisticated automated programs to crack passwords and get access to restricted areas of a website with great ease. A strong password should consists of alpha-numeric and special characters such as Th0m@5; instead of Thomas. Make sure that it will not relate to your personal information for instance the year you were born as this can be guessed correctly. A strong password is a combination of capital letters, small letters, symbols and numbers. In addition, the longer the password the stronger it is. Generally 8 characters and above is ok.
b. Using the same password for different online accounts.
Today’s internet user has multiple online accounts. Think of your personal Gmail, Yahoo, Twitter, Facebook account, Paypal, work email, website logins and all those other online accounts. It’s a lot easier to simply use one password for all these accounts in a bid to avoid recalling different passwords. This is a very costly mistake. Why? Using the same password for all your accounts means that a hacker who gets access to any online account of yours automatically has the credentials for all your other online accounts as well. These credentials can be used to access your email account which usually contain references of your other online accounts. This will often include passwords to your web hosting account, giving hackers access to your hosting account. The solution is to use a password manager. Many free cloud based password managers are available where your can store different passwords for different online accounts, then easily retrieve them when a need arises. Tools like the Norton identity safe, Dashlane or LastPass store all your passwords and usually work across devices so that you can use it on PC or on mobile.
c. Saving passwords in web browsers.
It may seem to be convenient clicking the “Remember password” option in your web browser whilst its not a good thing. Browsers like Google Chrome saves your usernames and passwords in plan text files that are not encrypted. Therefore, someone who have access to your computer physically or by any means can search the browser log and view your credentials with no hustles. I guess you already know what will happen next. He will go on to use them without your consent and log into your listed accounts.
2. Installing untrusted toolbars.
Please do not fall in a trap of installing a toolbar from an unknown source. Most toolbars which are embedded in browsers collect private and sensitive data without your knowledge. Did you know that toolbars often act as a starting point for malware to gain access to your computer? Hackers are inserting malicious codes in these toolbars that will supply them with login credentials and passwords extracted from your web browser. It will be like you are now under the CCTV surveillance system as your passwords and everything your are browsing is being reported back. By getting hold of the correct username and password supplied, this is how one can log into your web hosting account then cause harm for his own benefit.
3. Software updates not made.
Sounding like its a minor thing, ooh! Most modern websites are being developed using popular Content Management Systems (CMSs) like Joomla or WordPress. These are third party software that are made available free of charge to help in the rapid development of secured websites. Updates are released periodically with some meant to fix bugs or address security issues found in previous versions. By not updating to the latest version, your website is prone to security issues that would have been identified. Hackers often scan websites to figure out the ones which are still using vulnerable older version. Staying updated to latest version will make it difficult for a hacker to break into your website.
4. Insecurely developed websites.
Most web designers go on developing websites without adhering to good web security standards. Just like a house built on a strong foundation, a website that is built following these standards will be difficult to hack.
Network World noted that “for every website that gets hacked, poor implementation of securing standards is the major contributor”.
Everything has a price, most web design companies that develop secure websites often charge a higher price than the average. This is the main reason why prices differ for designing the same website, hence you should bear this in mind when choosing who to give a contract to build your website. Rare cases exists where companies charge lower prices for a secured product, the golden rule applies that “you often get value for what you have paid for”. Though website security is something that can not be seen to satisfy the client, it should be noted that it is a necessity for every website. People often witness this when they lose the whole customer database containing sensitive financial information to a hacker.
5. Giving administrator access to untrustworthy parties.
It is your responsibility as a website owner to decide who to give administrator access to make changes or updates to your website. Never trust anyone when it comes to security issues of your website. Many websites are hacked not by an unknown hacker but by someone you have previously shared your credentials with. Whenever you want someone to make changes to your website make sure that you create a temporary user account with limited privileges. This user account should be deleted immediately when the person has completed their given assignment. In the event that you shared your administrator password, you should change your password to make sure no one will login without your consent. You should take this seriously if you value the security of your website.
6. Lack of network monitoring systems
Continuous advancement in the networking field has brought new security threats on the table. Many small businesses owners do not put much effort if any in securing their networks, instead they assume “everything is well”. Lack of network management systems like firewalls, anti-malware, network access controls, intrusion detection and prevention system places organization’s information assets at high risk. Threats like brute force attacks, cross-site scripting might be launched to intercept user credentials via a web browser. Once the goal is achieved, compromising a website will follow which will have destructive effects.
You should put more effort to secure your website from getting it hacked because if you don’t, both your current and potential customers can lose trust in you when it gets hacked. After having spent time reading this article, l hope you have learnt something, go and implement these in securing your website. More security issues are emerging due to the evolving of technology so you should stay vigilant. Found this article interesting?, share it with your friends on: Do you have a secure website yet? Reach Angel & Walt Hosting for a more affordable and secured website for your business today.