“The year of the hack” is upon us. Your business needs tips to survive.
From almost the beginning of 2013, stories of alleged hacks on U.S. corporations, organizations and government agencies by foreign governments and malware attacks by cybercriminals on companies like Apple and Facebook have dominated the news.
The attacks have been so pervasive they’ve caused The Atlantic Wire to recently dub 2013 “The Year of the Hack.” And last month Google launched a special resource for hacked sites. Below are three tips to help your business prepare for whatever comes.
3 Tips for Surviving “The Year of the Hack”
Gain a Better Understanding
While motives like cyber espionage may be the aim of hackers attacking larger corporations and government websites, attackers of your business site are more likely interested in just one thing: money.
According to Google Developer Programs Tech Lead Maile Ohye, attacks generally come in two flavors, including hacking a site to add spammy content or hacking a site to distribute malware. In the first instance, a hacker would exploit a vulnerability on your site and add links to a site or sites of their own. In the second, a hacker would use malware to gain access to your site and those of your visitors with the goal of stealing log in credentials for online banking or financial transactions.
View Ohye’s full video below for more details.
Take Some Defensive Steps
Simple steps can be taken to at least reduce your vulnerability to a hacker. For example, avoid reusing passwords on your sites and other accounts, including online banking. This way, if a hacker obtains access to your user data from a third-party site like LinkedIn, Twitter or other social networking sites requiring a log in, they will not necessarily have obtained access to other, more sensitive accounts. Ohye also suggests watching out for outdated or insecure software or vulnerable plugins loaded to your site, which can unintentionally provide access to a hacker.
Finally, hackers can install malware on your personal computer, which then steals log in credentials when you sign into your Website, so make sure you have adequate security to identify this kind of tampering before it’s too late.
React Appropriately When the Worst Has Happened
If your site is compromised, it’s important to take action. First, determine whether you or someone on your team is tech savvy enough to address the issue in-house, or whether you will need to get outside help to address the problem. There are sources of help for site owners.
In particular, Google has identified non-profit organization StopBadware as having assisted more than 130,000 sites get back up and running effectively within the last three years. Whether you decide to address problems in-house or with the assistance of an outside expert or support team, several steps will be needed to get your site back to normal. You will need to quarantine your site to prevent further hacker activity, then you must assess the damage, identify the vulnerability, clean the site and then submit it for review by Google.
Hopefully your site will never be a victim of malware or another attack by hackers. But to be prepared, visit Google’s Webmasters help for hacked sites for more on how to keep your site and visitors safe and what to do if your site is compromised.
It’s sad that we’ve come to this when we have to presume that people will be actively looking to attack our sites but as you mention it’s essential to be prepared these days.
I’ve found as long as you’re pro-active you can prevent most hacks from occurring just by trying to stay on top of the latest web security developments, even in a casual nature. If you check in on a couple of security blogs every week or so you’ll know about the latest dangers (and more importantly their fixes) quick enough to guard against them.
Yes, you can say 2013 the year of hack, because many of the website are profiles on social networks are being hacked. Today one of my friends facebook account got hacked and then they filled that with adult content 🙁
Security in general has gone to a new heights. Thanks for the advice! it is always useful to remind us of the basic security and preventive measures. Running a Google Webmaster Tools check now to verify safety.
Shawn, thank you for this helpful information. I will definitely check out the resources that you mentioned in your post. In order to avoid using the same passwords on multiple sites, I use a password manager to manage passwords.