Many small businesses today feel they aren’t vulnerable to hackers. After all, it’s easy to look the other way and reason that no one would want to bother to hack my website. The feeling is that there is nothing there that anyone would want access to so why bother?
Let’s explore that a little as there is more than one type of hacker. The first is one of the most prevalent. Young people, in particular, are trying to ‘earn their stripes’ as hackers. There are games that go on throughout the online world that reward people with points for every website they hack. The more points you score, the higher up you are on the list of accomplished hackers. There are people with nothing better to do than play this game. While they figure their activity is harmless, it provides a pleasant pastime and a way to gain infamy among their peers. If you get hacked this way, recovery will probably be fairly easy. You simply go and restore a backup from before you were hacked. That is, assuming you have one, and assuming you know when you were hacked.
The second type is the low level scammer out for a quick buck. They release bots that find weaknesses in websites and report back to them. When they find a weakness, they attempt to insert a link back to themselves in order to pick up an affiliate commission on the sale of a product. You may have seen them when someone leaves a comment on your website with a link embedded such as this:
This is just a graphic image of a comment with some spammy links. (I didn’t want to put in the actual text with the links that could be clicked on). Had this been published on your site accidently, the links with the red arrows would point back to those sites they are trying to insert. They’re selling ‘Cheap NFL Jerseys’ and branded ‘Nike Jordan’ merchandise. Most likely, it’s illegal knockoff merchandise as well.
Another important point to note is that this can hurt your website reputation, affect your site ranking, and screw up your SEO pretty quickly. This can happen through your commenting system, or by finding a vulnerability in your site to publish a backlink.
Hijacker’s are the third type that want to hack your website. There are lots of variants on what they do but as an example, they can present your site to a visitor where there is nothing wrong with it visibly. Through a technique called ‘cloaking’, they can make your site look completely different to search engines. They may want to use it as a portal to a site that specializes in porn, gambling, or other less than desirable purposes. You become part of their neighborhood and become guilty by association.
The issues with this are obvious. What’s not so obvious, is that if your website gets blacklisted or develops such a reputation, recovery from that can be nearly impossible. In some of the worse cases, you’ll have to start over with a new domain and build out a new site.
The last type is the information thief. You may feel that you have no information on your site worth stealing. Maybe you don’t collect sensitive information like credit card info. However, if a smart hacker can gain access to enough small sites, it makes it considerably easier to launch an attack against a website that does have sensitive information. You don’t want your site to be used in a hacking attack to take down a bigger fish.
Will Someone Hack My Website?
I don’t know, but I hope not. The thing is, you don’t know either. There is no advance warning, it just happens and can be very costly to clean up.
It’s gotten to the point where strong usernames and passwords are the first line of defense, but they alone aren’t enough. If that’s all you have in your arsenal against getting hacked, it would be wise to beef up your security.
There are applications available that will alert you immediately through email or text message, the second something suspicious happens on your site. In fact, many of these will shut down the attack before it has a chance to get started.
If you think nobody is attempting to hack your site, think again. It’s possible to monitor the login attempts to your site and you might be amazed to find out how often this goes on and from what countries it’s happening from.
Ask your developer to do a security audit today. If that’s not available, there are companies that can do that for you at no cost to give you some peace of mind. Sucuri is one such company. They can tell you if there is a problem but of course, that doesn’t assure you that you won’t have one in the future. It’s a lot less expensive to prevent an attack than to fix a website that has already been hacked. Stay secure, and stay safe.
Dave is a developer for Yellow Frog Media where he works on websites for small to medium sized businesses. In the past he has served as a blogger, teacher, software developer and project manager. He resides in Arlington, Texas with his wife Charlotte and their four-legged child. (A Jack Russell Terrier mix named Eddie).