The Internet is an amazing tool for marketing, communicating and doing business, but the downside of the World Wide Web is that, unfortunately, nothing online can be absolutely guaranteed as 100 percent safe and secure. Viruses and malware can infiltrate computers, social media accounts, and websites. You can get infected without even knowing it, simply by visiting an already infected website, if your computer is not up to date on its software and security patches.
Even the most sophisticated and seemingly secure sites are vulnerable to tech-savvy hackers. Luckily, however, website software is updated frequently with new features, enhancements, and fixes designed to patch holes or vulnerabilities in the software’s infrastructure to ultimately keep your site running smoothly and securely. So, if you have a website, it is essential to stay informed and up to date on the latest software for your site, or to partner with a legitimate firm that does just that. A monthly check of updates is essential, and immediate updates when a security patch is issued are imperative.
Fighting a Cybercriminal Gang and Winning!
WordPress is one of the most popular platforms to build websites, and last month, 30,000 WordPress blogs were hacked and infected by a “cybercriminal gang whose primary goal is to distribute rogue antivirus software,” according to this article from Networkworld.com. While these kinds of hacks are nothing new, what is most relevant is the following: “Many of the blogs compromised in these recent attacks were running outdated WordPress versions, had vulnerable plug-ins installed or had weak administrative passwords susceptible to brute force attacks,” said David Dede, a security researcher with website integrity monitoring firm Sucuri Security.
When a business builds a website, it is oftentimes considered “done” and no updates or maintenance is secured. Unlike a brochure or a printed piece of marketing material, a website is a living and changing marketing/business tool. Many websites are compromised because site owners/administrators fail to keep their website software up to date; thus, vulnerabilities in the old software can be discovered and exploited. When a website is hacked, and there is a malicious result in visiting that site, Google may completely block the compromised website from being shown, adding it to a blacklist of infected pages. This blacklist is used by web browser companies to block known infected sites, so when users try to visit an infected site, a warning message is shown, informing them of the danger. This is helpful in that it helps prevent the virus from spreading, but it’s definitely not a good thing for your company’s website to be on that list. And it’s hard to remove that label even if the site has been cleaned.
Playing It Safe
The time and money involved in investigating and fixing these hacking messes far exceeds the time it takes to provide a simple maintenance strategy on an ongoing basis. In order to decrease your vulnerability online, follow these steps:
- Keep the website software and back-end up to date: As mentioned earlier, website software is updated on a regular basis in order to keep sites safe. Either make a routine of updating your software on a regular basis or hire someone to do that. You can use this site: http://sitecheck.sucuri.net/scanner/ to search for known viruses on your website.
- Strengthen all your passwords:A strong password limits the ability of hackers to gain access to your site. The U.S. Computer Emergency Readiness Team recommends the following when creating passwords:~ Don’t use passwords that are based on personal information that can be easily accessed or guessed.~ Don’t use words that can be found in any dictionary of any language.
~ Develop a mnemonic for remembering complex passwords.~ Use both lowercase and capital letters.
~ Use a combination of letters, numbers, and special characters.~ Use different passwords on different systems. Additionally, it’s a good idea to make your passwords at least 8 characters long. Check that any password access to a site is terminated when employees or web masters leave.
- Keep an eye on your site: If a website does get infected, the site owner should be the first to know about it. Monitor your site regularly for signs of a virus and always have a routine back-up of the site. How do you know if your site has a virus? Things will look and act differently. If it feels strange to you, or unusual, then check it out.
If a site gets hacked, it’s important for your business and marketing efforts to get it back online as quickly as possible to avoid being quarantined by Google. A good web developer will offer a maintenance plan and a service because, once a site is hacked, your site’s log files need to be examined to determine the source of the hack or virus. Once the source has been found and the virus has been cleaned, the web developer will download any necessary patches to prevent any further infections from happening, and clean up any messes that the hackers left behind.
While there are laws against hacking, including 18 U.S.C. 1029, which deals with making and using devices and programs to gain unauthorized access to secure computer systems, the hackers are managing to keep ahead of the law in this still “wild frontier” of the Internet. In the case of website security, it seems that for now the best defense is a good, solid offense.
Merrily Orsini, MSSW
Merrily Orsini, MSSW, has a unique background that combines skills in technology and people. As President/CEO of corecubed, an internet marketing company, she works with talented staff to service clients in 35 states and Canada. Her roots and her passion, however, are in home care. She is a pioneer in the geriatric care managed in-home care model that she created, grew and sold in 1996, garnering her, for that venture, the prestigious Ernst & Young Entrepreneur of the Year Award for service businesses in Kentucky and Indiana.
Visit her blog www.MerrilyOrsini.com to follow her weekly insights and read where she is speaking, and the articles she writes for national publications. Tweet her @MerrilyO and find her on FaceBook.com/merrily.orsini. See examples of her creative work at www.corecubed.com.