The Importance of Security
I have gotten a rash of calls recently from businesses that need help because their websites have been hacked. Business owners rarely understand how hacking occurs and the potential ramifications of it. Whether you own an ecommerce website, Content Management System or a Blog, you need to be aware that you are a potential target.
This is often what people picture when they think about hacking. They envision some guy sitting in a dark room donning a ski mask tapping away at his keyboard targeting the largest corporations in the world so they can hit their payday. This misconception leads to comments I hear from business owners such as: “I’m just a small company; no hacker would ever waste their time on me.” Truth is, hackers are focusing increasingly on small businesses, because small business owners don’t take security seriously and it is often very easy for hackers to gain entry to their networks and steal important data.
Here is a New York Times article detailing how a small engineering and construction company lost $125,000 due to hacking—and why their bank didn’t cover their losses.
This form of hacking has been on the rise over the past 10 years and continues to gain in popularity. This is most often how websites get hacked—hackers create “bots” that constantly crawl the internet looking for popular Content Management Systems, blogging platforms, shopping cart software, and other web applications. When the bot finds what it’s seeking, it automatedly hacks the website and plants malicious code on the website. The malicious code can be designed to do a wide range of things, such as infect the computers of people who visit the website or plant code designed for the search engines to find (such as links to websites, which passes power from that website to the website the hacker is trying to rank.) When your website is hacked, Google will post a big warning in their search engine results pages warning people not to visit the website because it has been compromised. Also, modern browsers will alert users not to visit your website if it has been compromised. Imagine what that will do to your website traffic! And the problem is, once your website has been hacked, the bot will continually return and re-hack your website if you don’t fix the vulnerability. It can be an extremely frustrating situation.
Here is a recent blog post from Google engineer Matt Cutts talking about this type of hacking and the importance of keeping your website and hosting environment protected.