Even a minor hack on your website results in lost time and money. In a university study, researchers found a hacker attack occurs every 39 seconds. While some of those attacks are on personal computers, others target businesses. Cyber attacks result in lost information, reduced trust from consumers and lost money as your site goes down or reroutes to another website address.
The cost of cybercrime over the next few years will reach around $8 trillion. Experts predict the amount of data stolen will rise through 2020, in spite of measures governments take such as GDPR. Even though everyone wishes online criminals would put their skills to positive use, it’s unlikely cyberattacks will stop anytime soon.
Business owners and web developers must prepare for the worst and take steps securing their sites from the smartest hackers out there. As cyber attacks increase, prepare your site by making it as secure as possible. Here are nine tips to protect your site from an attack, as well as what you should do if you’re the victim of a cyber attack.
1. Update Privacy Policies
One of the first things you should do before 2019 arrives is update your privacy policies. Think through the information you collect, how you use it, how you protect the data and how long you keep that information. Updating your policies and making them GDPR-compliant forces you into thinking through these issues as well as who’s in charge of protecting the data.
While an updated policy doesn’t stop a hack, it gives you a blueprint for handling an attack after it occurs. The GDPR requires businesses have a Data Officer, who supervises requests for removal of information and oversees general data collection and storage. Make sure you have one and list their contact information for your customers.
2. Install Firewalls
If your site is one of the millions on the WordPress platform, add an extra layer of security with a Firewall plugin. WordPress 5.0 already has 9,427,500 downloads, but numerous sites are still running on earlier versions of WordPress, too. Unfortunately, an unsecured WordPress site is vulnerable to hackers.
Several different plugins come with firewalls included, so install the ones that make the most sense for your website.
3. Protect Personal Files From WannaCry
WannaCry (also called WannaCrypt and Ransomware) is when a hacker takes over your personal files and demands money (ransom) to release them. Hackers use sneaky tactics, and emails no longer state they are from a Nigerian prince, but instead say they are from big name brands — and they look as though they are, too.
- Never click on a link directly from an email — always go directly to the site and log in
- Keep your computer updated and use virus protection
- Be aware of trickery — look at the underlying email address and watch for typos and wording that doesn’t quite sound English first language
- Disable macros, which are a common way ransomware transmits to your computer
The best way to protect your personal information from WannaCry technology is to have awareness and a bit of street-smart savvy.
4. Add Multi-Factor Authentication
One of your jobs as a business owner is helping your customers feel safe knowing you’ll protect their information. Even though multi-factor authentication requires a bit more work, it also ensures the person logging in and placing an order or accessing sensitive data is who they say they are. Password only access might be easy for users, but it’s also easy for hackers to break in. Adding MFA adds an extra layer of protection.
5. Backup Data
Even if your hosting company keeps backups, go ahead and backup your website at least once a month. Make a copy of your entire site, including images and all content. Keep this information on a separate drive and not on your computer. In a situation where your hosting company’s files become compromised, you’ll still have access to a backup and be able to restore your site in case of catastrophe.
6. Implement Secure Sockets Layer (SSL)
Install a certificate and use encrypted language via SSL to secure your site. Any information users provide over an encrypted network is more protected than one that isn’t encrypted.
Google and other browsers also instituted a new rule recently where sites that don’t begin with an https:// prefix trigger a warning for users. People may bounce away from your site out of fear of vulnerability.
Sites such as Let’s Encrypt provide free SSL certificates, allowing enabling of HTTPS inexpensively.
7. Redirect Your Site to Another Location
If the worst happens and your site gets hacked, one of your first moves should be protecting your site visitors. Immediately put a redirect in place and block users from going to the hacked site.
A hacked site not only puts your visitors at risk, but hackers often put up pornographic or spammy type material that you don’t want to be associated with your business name.
Use a site on a different IP and create a page that lets users know you’re currently experiencing some technical difficulties and will be back online soon. Then, redirect your entire domain to the new IP via your control panel. Work with your hosting provider if you’re unsure how to accomplish this, or take the whole website down for a while for the safety of visitors.
8. Find the Vulnerability
Once you have protections in place for site visitors, find the vulnerability. Ask your hosting provider for activity logs. They should see where the attack came from. Once you know how the hackers got into your site, you can plug up that security risk or hire someone to fix it for you.
Block the IP that hacked into your site but understand that hackers use masking and often hack from multiple IP addresses, so merely blocking them doesn’t stop hacking. You have to fix the vulnerabilities that allowed them in initially.
Another way to identify issues is by comparing your current website with a backed-up version you know is clean. Are there any files that weren’t there before?
If your site was hacked and any information compromised, notify your subscribers about the hack, the information compromised and the steps you’ve taken in rectifying the situation. Changes made by regulations such as the GDPR require businesses to inform users of any breaches of data.
9. Clean and Refresh Your Site
Clean your site, including your databases. One way to do this is to wipe your site clean, delete all files and restore them from your backup just before the hack. If you’re backing up once a week or once a month, then you won’t lose much information with this process. Your server may have a server rewind, as well, but be aware that this is usually only a backup of your main files and won’t touch backend elements where the virus or malware may reside.
Check any custom coding in your files and make sure no malicious elements inserted. Finally, test your site and make sure it’s working and that the malware is gone. You can also run a scan of your site via SiteCheck to make sure you didn’t miss any hidden elements.
10. Secure Your Site
Now is the time for site security — don’t delay as hackers become savvier each year and find new ways into your site through SQL injections and other types of attacks. A good hosting provider should work with you on security, helping you figure out the best ways of protecting your site visitors and the data you collect from them.
Focus on security, and your users will see you as more reliable and trustworthy because they’ll know you care about their interests. Add the plugins and backend security needed and stay on top of current hacking methods, so you can counteract the methods of cybercriminals. If a cyber attack does occur, put everything else on hold and deal with the issue until it’s resolved.