| 3 min
November 10th, 2015
Last week, following the recent TalkTalk hacking scandal we discussed the various ways in which Hackers can attack your account. This week following last nights BBC Panorama on hacking, we continue the discussion and reveal how to prevent hacking scandals from happening in the first place.
To refresh your memory the main areas covered last week were: Malicious code, website & email blacklisting, and Malware Scanning – you can read Part 1 here.
In terms of website security, prevention is better than cure and as you read through this article, the case for prevention will become abundantly clear. Simply being proactive in terms of website security can help to keep hackers at bay, to find out how, follow our simple steps below.
Install and activate a Firewall
A firewall is a program or hardware device that filters the information coming through the Internet. If an incoming packet of information is flagged it will not be allowed through. Every device with a connection to the Internet should have a firewall installed.
Implementation of a robust firewall solution can detect suspicious activity and block any attempts to hack into your website using a number of well known techniques. Anyone who is trying to break into a website using username and password combinations can be temporarily or permanently blocked by a properly implemented firewall. Firewalls can also prevent DDoS (Distributed Denial of Service) attacks.
Malware scanning helps to avoid your website from infecting other websites (or your customers PC’s and Mac’s). Scanning services act as an early detection system if hackers manage to get through. You can often be alerted to malware on a website and clean it up quickly before any damage is caused, or before it gets blacklisted by Google.
Backups & Disaster Recovery
Hackers have a tendency to be quite relentless, they can sometimes delete entire websites from the Internet if they can acquire the right level of access.
Brave Agency has even detected incidences and evidence of corporately sponsored hacking attempts by rival companies against one of our clients which involved the repeated defacing and damaging of their website and were required to pass this information to the police.
Simply put, all websites should be regularly backed up. If you are not sure if your website is being regularly backed up by your hosting company, you must check and put a systematic plan in place!
Passwords – Don’t be lazy, it will cost you!
At some point, you might have been given a username and password login for your website. Don’t be tempted to change this to something simpler and more memorable without fully considering the implications.
Hackers are adept in programming software which will try to log in to a website admin or control panel and run through a huge number of username and password combinations in a matter of seconds. Username and Password combination lists are freely available online for such hackers to implement into their malicious software. for instance, you could easily download a list of 10 million common passwords.
The lesson here is, don’t be lazy. Computers are far more efficient at breaking into a website than any human ever will be. If your password is weak, it’s simply insecure and your user account and website will eventually be hacked.
Secure password tips
- Use a combination of UPPERCASE and lowercase letters.
- Use at least 1 number
- Use at least special character (e.g. from !, @. *)
- Don’t use the same password for all websites or use a password you’ve used before. You should be setting separate passwords for your website, email, and online banking in the event that any of those websites are hacked and your password is compromised.
Keep your website up to date
Websites are often built upon popular open source platforms such as WordPress, Magento, Drupal, Joomla etc. Such platforms offer a great way to develop complex websites quickly and at relatively low cost. However, these platforms do suffer from bugs and weaknesses that find their way into the code as new features are added over time.
WordPress for example, now underpins over 58% of the websites in the world. The WordPress community releases new versions and security patches on an almost monthly basis.
My website is running on WordPress, should I be worried?
Well, in short, if your website is currently running a version of WordPress which is either out of date or not patched to the very latest security release, it is potentially vulnerable to attack. If any security holes are actually exploited, your website can soon become a platform for someone who takes control of it to use it as a launchpad for sending spam.
So, to sum it all up…
As seen in recent weeks, with the likes of TalkTalk, hackers are financially motivated. They will stop at nothing, constantly searching for new opportunities and vulnerabilities to exploit.
Becoming more informed on the various ways you can protect yourself means you could avoid potentially catastrophic outcomes for your business. From installing a firewall, to creating a complex password, each step is fundamental in keeping the hackers at bay.