The one thing you must do to protect your website
One of the most vulnerable aspects of your website can be your content management system.
Content Management Systems age over time. Often there are new versions that become available for your content management system. New versions provide new features, updates to usability, and more importantly, updates to security. Not all content systems are created equal. In fact highly popular systems can especially be a target by hackers. eg. Wordpress is often a hacking target because of its popularity and owners often fail to upgrade their system regularly.
The older your content management system the more vulnerable it can be to hackers. Hackers target aged and vulnerable content management systems to breach their security. Once inside hackers can do a few different things. They can use the access to take information or to access other database systems. They can also install malware on the website so that the site becomes a tool for spamming or malicious activity like viruses. Sometimes hackers act like street taggers and simply want to promote the fact that they have hacked your site. In this case they remove your content and replace it with graphics and information which leave the website in a mess. This information boldly states how a particular hacking group has hacked your website. In this case self promotion is important to them.
What can you do to help prevent your website being hacked?
Conduct a security review from time to time to identify any updates that may be required. You can also regularly update your content management system. This means checking in from time to time with your website provider as to whether an update is available for your system. If there is, it may be a good idea to stay up to date and schedule an upgrade.
Review your website content for any private information that could be vulnerable if a hacking occurs and take action to secure or remove this information. Check that backups are in place for your website so that you can access these in the event of an attack.
One downside of shared hosting is that often you share a single IP address for your server with other websites. If one of these other websites get hacked, the shared IP address can be black listed, and this may also effect your domain name, website in search engines and security software. If you can afford to pay more, you could consider private hosting to mitigate this risk.
Try and maintain a good relationship with your website provider. They will be the ones you will need to rely on when a hacking occurs. If you have a good credit history and a positive relationship, they will be more likely to act immediately on your behalf to resolve a hacking event if it occurs.
What should you do if you are hacked?
Contact your website provider immediately. The longer you leave a response, the worse the damage can become. The longer you leave someone messing around in the content system, the more likely they can find other ways to access related databases such as CRM's or customer data.
Another outcome is when a search engine discovers malicious code on your website, it may register this and advise users searching for your website that it is malicious. This black listing may also propagate to security firms who may also black list your domains and this can affect your emails, eg. some security software may block your emails from reaching their destination. It takes a reasonable amount of time to clear this up, so it pays to try and avoid this in the first case if possible.
Your website provider may review the website, reseting passwords and locking down access. This will help prevent further access and damages. Ultimately they will likely roll back to a backup of the website. It will be important to review security and try and identify where a breach occurred. It may be as simple as updating your content management system to gain better security.
It pays to be proactive on security. Your website provider will need to charge you to resolve a hacking event so its better to pay a little bit now to upgrade your security than a lot later to deal with a hacking event after it occurs.Hayden BreeseCEO & Strategist