In this day and age, with data breaches, malware attacks such as ransomware, and virus outbreaks, our digital data is a precious commodity that needs layers of protection. In the last year, I’ve seen more of my clients’ websites getting hacked than I have in all the 15+ years previous. In fact recent stats verify this increase: “Over 50,000 websites are hacked every day.“ (HostingFacts.com). That’s over 18 million websites per year affected, which equates to billions, even trillions of dollars of lost revenue per year.
“It’s estimated that cybercrime will cost approximately $6 trillion per year on average through 2021.” – Forbes.
“According to recent studies, hacking attacks cost the average American firm $15.4 million per year. The global average cost of data breach is $3.6 million, or $141 per data record.” – The Ponemon Institute
According to Warren Buffet, chairman and CEO of Berkshire Hathaway, cyber attacks are the biggest threat to mankind and our economy, overshadowing even nuclear weapons. (Business Insider)
How is this happening?
Just as a thief looks for physical vulnerabilities in your residential or commercial structure, cyber criminals are looking for your digital insecurities. Emails are increasingly becoming a useful tool for hackers, as an estimated one in every 131 emails contain malware. Even though they understand the risks, people are still falling prey to these nefarious emails, a recent study revealed 78% of people admit they know the risks and yet still click on unknown links (Erlangen-Nuremberg University). Hackers will always use the path of lease resistance, and hacking systems protected by passwords only are no longer enough. “Hacked passwords cause 81% of data breaches.” Strong passwords help but take steps to ensure the storage of passwords is secure, as well a using Multi-Factor Authentication (MFA),which uses a two-step verification and temporary access to the server that times-out at a designated time.
With the onset of database enabled websites, and content management systems (such as WordPress , and Joomla!), managing your website content has become easier but the downside is that your digital content has become more prone to attack. Many vulnerabilities can be secured by keeping up to date on your WordPress version, and subsequently your plugins. Yet because WordPress is the most popular and fastest growing CMS, (with 714 new WordPress sites every day) it obviously becomes a target for hackers.
“WordPress is the most hacked CMS — with 83 percent of hacked websites using the WordPress platform, an increase from 74 percent from last year.” – HostingFacts.com
Hackers do not care how big your business is, how much traffic you get, or what type of industry you’re in – they’re just looking for a place to host their malicious code with the hopes that your visitors will then click on those malicious links. Others are looking to steal financial or customer’s content, add malicious links through comment spam, conduct email hijacking or to send out spam email by the millions.
“43 percent of cyber attacks are aimed at small businesses.” – TheBestVPN.com
What is the cost?
In addition to the aggravation and time wasted as you troubleshoot and research the issue, there will be the time and money to repair your site and remove the virus, not to mention the hit your brand will take with a hacked site. Google will penalize your page ranking and will redirect traffic away from your site with a “This site may be hacked” warning. If your site goes completely down, you may lose content and customer data, your hard-earned page ranking placement on the search engines, and customer confidence. If the virus or malicious code is not removed in time, your website may be blacklisted. And finally you will lose leads and sales the longer your site is down.
“A recent study reveals that online hacks cost medium-sized and small businesses more than $ 188,000 each year on average.” – Comodo.com
Is an SSL enough?
An SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser which ensures that all data passed between them is encrypted and remains private. Having an SSL certificate registered for your hosting is not enough because it won’t stop malicious attacks infiltrating your database. There have been plenty of HTTPS sites that have been hacked. Although not the cure for hackers, an SSL is highly recommended by Google these days, because it keeps collected data private, avoids page ranking penalties and increases visitors’ trust in your brand. (More: “Having an SSL is not longer a Choice“)
Recent Hacking Case Study
Recently, a client’s website was hacked so that you were redirected to a spammy loan site when you visited his homepage on a mobile, as well as certain pages on the pc. The hackers even changed our admin passwords, so we were essentially locked out of the site, and of course, made themselves users. My client’s hosting plan included 30 days of backup, but the malicious code had resided on his server over 30 days, even though it wasn’t activated right away. A restore to 30 days prior did not solve the issue, so we had to purchase and utilize an additional hosting support plan to scan and remove all malicious code. Within 24 hours, the malicious code was found, removed and his site was back up and running smoothly. To prevent future attacks, we added a Malware Scanner and Firewall.
How to Prevent Website Hackers
It’s true that WordPress is vulnerable to some attacks, but the web development protocol has many more pros than cons, with it superior design customization, seamless content management and an ever-growing library of functionality. In the above mentioned case study, Godaddy advised their new product, Express Website Security package to not only repair the site but to prevent other attacks with a Web Application Firewall (WAF). The WAF intercepts and inspects incoming data and automatically removes malicious code, and protects against hacks, brute force attacks, DDoS attacks, cross-site scripting, SQL injection, and zero-day exploits.
They will scan your site on a daily basis for malware – not just the front end, where customers could get infected – but also at the server level, where infections can cost you valuable resources. They also monitor related services (DNS, WHOIS, SSL) to ensure visitors aren’t redirected to another site or tricked into giving their private information. And best of all, this product is easy to use and apply to your website.
“There’s no software to install, daily security scans run automatically and if there’s ever an issue our auto removal tools can’t fix, our security experts will repair it manually – no matter how long it takes and at no additional cost to you.” – Godaddy
Increased Speed = Better SEO
Although it’s primary purpose is additional security to your website, having a WAF installed also increases site speed and performance through advanced caching mechanisms so your site will run up to 50% faster. This is an important benefit due to a recent Google update that goes into effect this month.
In January 2018, Google announced a new ranking algorithm designed for mobile search, called the “Speed Update.” Going into effect July 2018, Google will look at how fast your mobile pages are and use that as a ranking factor in mobile search. Page speed also impacts your SEO in other ways: if your site loads slow, search engines will crawl fewer pages using their allocated crawl budget, and this could negatively affect your indexation. How quickly your site and pages load will also affect user experience: with increase bounce rates, decreased pages per sessions, decreased session duration and worst of all decreased conversions. Basically if your site takes too long to load, users get bored and click off.
More Control of your Audience Location
After getting my client’s site back up and running, I added the firewall (WAF) to my site as well to protect my website and my visitors. Since installed, it’s been incredible to review the daily reports of how many attempts were blocked, where they were from and what type of infiltration was intended. The Express Web Security product also have a tool called Geo Blocking which enables you to block access to your site from various countries.
- You can block countries from Viewing, which prevents anyone from that country from visiting (browsing) the site.
- Or you can block them from Posting, which allows them to view the content in read-only mode, but they won’t be able to login, register, buy or send any comments.
This is especially timely considering the steep penalties if you are in violation of the EU’s new data privacy regulation, GDPR (more information about GDPR). If your target audience does not reside in certain countries, you can now block them from either Viewing or Posting to your website. You can also blacklist certain IP addresses or URL paths, block various Referrers, Cookies, and User-Agents.
There is no worse feeling that being a victim of a crime, even cyber crimes, so adding a Firewall and Malware Scanning Security will put your mind to rest that your content, your customer’s data and your online presence is protected. In the advent of an attack, you know you have a team of security experts to repair it for no additional cost. Securing your website is like locking your business’ doors at night and setting the alarm, it’s not only prevents loss but it gives you, the business owner, peace of mind.
Need help? Call Startup Production to help you design, develop and protect your business’ website.