According to the latest statistics from the British Department for Business Innovation and Skills (BIS), 60% of small businesses had a cyber security breach in 2013, slightly down from 64% in 2012. I'm doubting that the stats are any better anywhere else.
Current statistics show you have a better than even chance of having your website hacked!
Often, hacking is just an annoyance, requiring deletion of the existing upload, and reinstalling of a (known) clean backup. Oh, you DO do regular backups right? DON'T rely on your host to do it - mostly they don't care as long as you don't infect their servers. Assuming you have a backup, you can restore. But does your website, or the server it's on, have security holes?
An article I was reading this week talked about one such small business from the UK who got hacked. The owner had had a great holiday away and went to log onto her site to update clients.....and it wasn't there. Gone! Thrashed! It's back up now so it seems she had a backup. Unfortunately, a quick check showed she was using versions of software that were very out of date. This is your first line of defence - current software. If you don't update all the software related to your site, you're almost begging to be hacked.
The second issue to address is your hosting. A quick search reveals hundreds of companies doing $4-5-6 per month hosting. Seems like a great deal huh? Well, again, it is for the hackers. You won't buy a Ferrari for the price of a beat up old Ford; why do you expect top-of-the-line hosting for $5 a month? Over the last year, we've spent hundreds, if not thousands, ramping up the security on our server (yet we still include hosting free for all our clients who want it). We've also made sure we have great security installed on each individual website. Security that intercepts hacker and locks them out.
So of course we charge lots for this right? Nope! While we did have a $10 per month increase this year (oh yeah, we chanrge low monthly subscriptions so we can properly support you - see our packages here), we don't believe gouging customers is the way to do business. Unfortunately, it's not only big business that's out to rip you off; most any business is anymore.
Why should you worry though? After all, you're a small business, not that important in the scheme of things. Why would someone want to hack your site? Glad you asked!
Why websites get hacked
Because I can/for the challenge: When asked why he climbed Mt Everest, New Zealander Sir Edmund Hillary said, "Because it was there!" Same deal with your site - it's there, so why not? Many hackers delight in causing chaos for chaos's sake. Never make the mistake of thinking they care about the damage they may cause you - it probably never crossed their mind.
To steal information: Especially true if you're an e-commerce site, some form of membership site, or run applications like forums. Anything that requires the entry of personal information. Studies have shown that arounf 55% of adults use the same username/Password combination for every website they use - including banking! Ouch! So, again, a better than even chance that, if a hackers gains access to a database, they'll gain access to hundreds more sites than just yours - but without hacking.
Planting bad software: Another form of information theft is done by planting malicious scripts on a website to capture entered information. Same outcome, different method of acquisition.
Turning your site into a bot: Again, this is achieved by planting malicious software. However, this attack works by making your website into a remote slave which the hacker can then use for nefarious purposes - denial of service attacks, spamming. Often these can go unnoticed until you get blacklisted or worse.
Don't be complacent!
"It'll never happen to me!" Yeah right! That's what Target said and they HAD spent millions on security - does help if you enable it of course!! Follow these simple steps to help minimize the hacking risk:
- Take regular backups and store off your website - Amazon S3 is easy and cheap; or Dropbox, or SugarSync - there are loads of places
- Keep your website software update regularly. Do you know if your software is up to date? If not, is your web developer or webmaster ensuring it is?
- Install robust security applications on your website
- Ensure you aren't using the cheapest hosting around - it's cheap for a reason. Do they have the latest software installed? What security do they have in place? Has your server been security optimized? What other sites are on the same server (you can get cross contamination from them)?
- Pray!