The Complete Guide to Ransomware

Why Would Someone Hack My Site?

Security Warning – Your Website is at Risk

hack_typesWhat makes your business hack-worthy? No matter how small or obscure your business may be, we’re all targets for hackers. “If you have a computer, mobile, device, an online account, email address, credit card or engage in other type of online activity, you are worth money to cyber criminals,” Eric Conrad with the SANS Institute explains. More business is conducted online each year, including purchased via a website and data stored online used by brick-and-mortar establishments, like credit card numbers and customers’ personal information.

While there is no sure-fire way to prevent a hacker attack on your website, understanding the types of attacks can help you to better prepare should your site be compromised.

The Targeted Attack

A targeted attack means that your website is the final destination for the hacker. Small businesses are not the victims of targeted attacks very often because it is not very economical for a hacker. They make out much better going after data-heavy sites of larger corporations. While small business attacks are somewhat rare, do not be lulled into a false sense of security. Semi-targeted and untargeted attacks can still happen to small businesses.

The Semi-Targeted Attack

During a semi-targeted attack, you are targeted but are not the final destination. If your website is stored on a server with many other websites, a hacker might use your website to gain access to other, often larger, sites on the server. Being the weak link in the chain can mean that your site is the perfect stepping stone in a semi-targeted attack.

The Untargeted Attack

Remember that hackers do what they do for money. According to the SANS Institute, “cyber criminals know that the more credit cards they steal, the more bank accounts they hack, or the more passwords they compromise, the more money they can make.” While a hacker can make a lot of money by hacking a larger corporation, it may be easier for them to hack several smaller sites. Hackers can use search engines to find websites to hack. Websites with weak passwords are especially susceptible to untargeted attacks. Hackers might also use your site to infect your users to gain access to much more data.

Encrypted information is no match for hackers. As you have probably seen, Target and Neiman Markus are the latest in large-scale hacker attacks. They most certainly had their customer information encrypted in some way. However, there are programs available to or written by hackers that can easily decrypt this information.

Protecting Yourself a Hack

Many small businesses don’t store user information on their own servers. Instead, they use a service like PayPal or another payment management company. This takes the burden of responsibility off of the shoulders of your small business and places it in the hands of a larger company with the money and resources to handle the security necessary.

Strong passwords may seem simple, but they can be a deterrent to hackers. The top password is still password! Hackers know this and use it to their advantage. Your password should contain a mix of numbers, letters, and special characters. Websites that you frequent aren’t the only place to think about password strength. You should also secure your home network WiFi access point with a strong password – especially if you work from home.

Know which devices are connected to your network. Keep those devices updated. This will help to ensure that there are no security flaws in the operating system or software for each device.

It is also a great idea to create a backup schedule. Many small businesses do not back up their websites. With no backup in place, it will cost a lot of money to rebuild the site to what it once was. Backing up your website is a money saving measure that takes relatively little time each month. It is not wise to rely on your host to back up the site for you.

Keep tabs on your financial statements. The SANS Institute recommends checking statements once a week for suspicious activity. If you notice something out of the ordinary, alert your financial institution immediately.

In addition to the actions you should take care of on your own, having a reliable host can help to protect you from attacks. Quality servers have the latest in firewall and security features. In addition, experienced web designers make sure that security features are built in to each website design.

Drive-by Downloads – Unseen Intruders

How can you protect yourself against something that you cannot see? A Drive-by download occurs when a compromised website downloads malware to your computer. This usually occurs while visiting a website that appears legitimate, but, in reality, is fake and will attempt to download malware, steal personal information, or hold your computer data for ransom. Unfortunately, it can be very hard to tell which websites are safe and which sites to avoid.

Criminals target users by any means possible. It is not always an email from an unknown user with a link you can’t trust. Social media sites and instant messages can also contain these malicious links. In additions, hacker can hijack sites that you frequent with links that may appear to be legitimate.

It may seem like the web is no longer a safe place. However there are a few things that can help to protect your computer while you continue to use the internet.

  • Do not click on random links. If you get a link from a strange email address, it is easy to disregard it. However, you should also be wary of links that appear to come from your friends. Not everything is as it appears online. If you didn’t ask for that link from your friend, you probably shouldn’t click on it without first checking that it was truly your friend or colleague who sent it to you.

  • Make sure to install the latest software updates for your computer. When Windows says it has an update, you should install it. The same is true for your web browsers, JAVA, and other programs that you use that access the internet. While you’re updating your software, make sure that you have current anti-virus software installed.

  • Try to limit your use of script-based websites (like Javascript). If you must use this type of media, try installing a click-to-play program from your browser. Websites will not be able to run their script automatically which affords you more protection from malicious scripting.