Preventing a Hack
Use strong passwords
Each password used by your site is an entryway for potential hackers. You should never reuse passwords among different services. You should also never use easy to guess passwords like “password” or anything that includes your name. If you do, you are setting yourself up to be hacked in multiple accounts rather than limiting the damage.
“It’s very common for people to use similar or the same password, “ PayPal’s principal scientist for consumer security Markus Jakobsson told Wired magazine, “but it’s very rare for people to realize that it creates a liability for them to do it and that they need to change their password after they’ve been hacked.”
If you are hacked, be sure to reset your password immediately.
- Back up your data on a regular basis.
Sometimes hacker attacks are hard to pinpoint. You may never know how they got in to your website server, but you know they are going to cause damage until you are able to stop whatever it is they did. One of the easiest ways to wipe out a hacker’s work is to restore a backup version of your website. This means you’ll either want to set up automated backups of your database and files, or manually create the backups on a regular basis.
- Install a good malware antivirus software
Speaking of entry points, your computer is an often-overlooked way to do quite a bit of damage. You can download viruses through email or while browsing the web. These viruses can get into your computer files and give hackers access to information like passwords to your email, website, financial institutions and more.
- Run e-commerce through merchant gateways
If your website sells products online, one of the best ways to protect against hackers is to let merchant gateways like PayPal do the work for you. Customers will complete their checkout on PayPal’s secure servers, limiting your liability regarding their financial data. If you must accept financial transactions on your site, be sure to have a good working SSL (secure socket layer) certificate that will make it much harder for hackers to steal data as it is being transferred from the user to your web server. This SSL is evident by the “s” in the URL: https://mysite.com.
After a Hack
Websites are hacked every day. Don’t panic, but also don’t sit and wait. Here are some tips to get back what was attacked:
- Ask “Why?”
Hackers want something. Try to figure out what that is. Did they attack your site in the hopes of spreading a virus to your site visitors? Did they attack to gain information? Was it out of malice? Knowing why your site was hacked can help you recover more quickly.
- Secure your assets
First you’ll want to change all passwords associated with the hacked account. For a website, this will mean you’ll want to change passwords that access your domain registration, web site hosting, email accounts and any linked accounts to those services.
While you’re at it, check all your other accounts to be sure you haven’t been compromised elsewhere. If the hacker gained access through your computer, you’ll want to update all your software and any web service you use on that computer, including social media like Facebook.
Business Insider suggests also checking your email settings. If your email was hacked, it could be possible for hackers to set up forwarding so they can continue to access your emails even once you change your password.
- Look for security issues
Run a security audit on your site for any holes. For Wordpress sites, hackers often get in through outdated plug-ins. Once you’ve restored a clean backup of your site, check to see if you need to run any updates on plugins or the content management system. These updates often contain security updates. There are also plugins that can help you manage your website security. Sucuri offers a free website audit, and also has premium tools to fight hackers, such as firewall protection.
Run that good malware antivirus software on your computer to be sure it isn’t the hacker’s point of entry. Don’t google “free antivirus software” because you’ll likely download a virus. Instead go for a mainstream commercial (aka paid) program that is updated regularly with the most recent malware trends.
- Get in front of the issue
Wired magazine suggests telling your customers that your site was hacked. It is possible the hackers have already used your access to attack customers or businesses connected to yours. Not only will notifying them raise awareness, but it will also allow them to keep a sharp eye out for suspicious activity in their accounts.
- Regain your online reputation
Google’s crawlers are often the first alert you’ll get when your site has been hacked. This warning will repel any search engine traffic until you correct the issue. Google also offers tremendous resources to getting that message taken off your search results.
Being diligent to defending your website’s security will not only allow you to serve your online customers, but will also make your response to hacker attacks quick and relatively painless.