The United States was the most prominent target for online scammers in 2016. According to Symantec, cyber attacks are increasing, from million-dollar bank heists, millions of spear and phishing attacks through email, and targeted attacks against government officials.
While email is one of the primary threats, your website also poses a danger because it can lead cyber-criminals to your databases full of valuable information — the return of which they will demand a ransom.
Signs Your Website is at Risk
Cyber-criminals are always looking for weakness. Is your company doing the same? You might be at risk if:
Your website is old. Somewhere between 50 and 60 percent of the global CMS market is WordPress, making it the most popular. While there is nothing wrong with using WordPress, many who do don’t realize they must stay abreast of updates to (1) the program, (2) your theme(s), and (3) plugins. Updates often plug holes in security and sites left sitting are wide open. Outdated versions of any of these are one of the most common ways hackers get into your site. Waiting even a few days to update can put your site at risk. Furthermore, many updates build on previous updates, and it is much harder to get them all to work if you’re several steps behind. Log in every day to perform any needed updates.
If you do not use WordPress, be sure to update the CMS of your choice. The older a website is, the better chance that it contains code not up to today’s security standards.
You are not prepared for brute force attacks. Brute force attacks are another primary way hackers gain access. Make sure those who log in to your website have unusual usernames (not “admin”) and passwords. You can also install various programs to identify and stop such attacks while in progress.
Your website is a gateway to a more extensive system. A small company has less to fear here, but if your website is hosted on the same rack of servers as a lot of other valuable data, you are at risk. A hacker may not know at first what he or she has found, but it’s often not difficult to get into your entire system. 10 Tips for Defending Your Business Against Malware Attacks.
You’re not backing up your data and website. Whether your company is large or small, all files, data, websites, and information should be copied and backed up somewhere else. There are many ways to approach backups. Many people find it useful to keep one backup copy locally, for easy access. However, at least one full backup copy should be stored in the cloud. Don’t forget to test your backup to confirm it works!
You can’t respond to existing vulnerabilities fast enough. Are you struggling to manage the gaps in security you know about? You are at risk.
You haven’t updated your web security policies. The IT team can work hard to secure your company, but humans are often the cause of the problem. Make sure you have team members dedicated to reviewing policies and periodically educating (and re-educating) the rest of the team about ransomware, phishing, passwords, and more.
You have never run a vulnerability test. If your IT team is not capable of this (or it’s just one person), contact us to test your entire system. Chances are, you have some security gaps you didn’t even realize.
You don’t know what you have. Symantec’s study showed that CIOs guessed their organizations were using about 40 cloud-based apps; the real number nears 1,000. Your IT department needs to know what applications employees use, including personal apps installed on work devices.
Signs You’ve Been Hacked
Even if you do everything right to secure your website, you may still experience hacking. Make sure your team is keeping an eye out for the following signs so you can take action:
- Warnings. Your scanning and hacking program should alert you when and if you are hacked or have a virus. However, some smart hackers may work around these.
- Wonky applications. If your website or application is suddenly running far slower than usual, that’s one sign. Maybe it’s just not working right, sending you to a different page than it’s supposed to. Sometimes, hacked websites will experience an inexplicable surge in traffic. These might not mean you’re hacked, but it’s worth keeping an eye out.
- Unexpected log messages. If you see unexpected queries in the database logs, a hacker might be looking around. Make sure your software is logging inbound and outbound network connections through system FTP and HTTP logs.
- Something new or different. A new job, process, or user might be a sign something is amiss. Maybe some files have changed that shouldn’t.
A company may not be able to prevent all cyber attacks, but it’s critical to do everything possible to secure your programs, website, servers, and data. Talk to us about a vulnerability check for your company.