Website security: Is your website safe from hackers?

Security breaches are at a record high - globally and here in New Zealand, and can have a huge impact on your business

Security has been at the forefront of everyone's minds recently, in light of the recent data breaches from some of the biggest players in technology, as well as privacy being increasingly legislated.

The latest quarterly national Cyber Emergency Response Team (CERT) threat report shows 736 cyber incidents reported in New Zealand, 121 of which were referred to authorities.

Why would someone hack my website?

It goes without saying that having your site hacked can be frustrating, costly and time consuming to fix – so why do people hack websites?

  • To steal data they can sell online

  • To break your site – maliciously or just to see if they can

  • To redirect your site to a fraudulent website

  • To use your server as an email relay for spam

  • To use your server to host their own files like malware or even ransomware

  • And more commonly now, to use your server to mine for Bitcoins (cybercurrency)

Most hacks we see are carried out by bots using automated scripts. They are set up to search out and find known vulnerabilities within the security settings of a website.

What would happen if my website got hacked?

In addition to the potentially severe reputational damage to your business, there are ongoing challenges to being hacked, which include:

  • Website downtime and the opportunity cost to your business of your site not functioning, especially if you have an e-commerce site or are in the middle of a promotional marketing campaign

  • You could lose your ranking in Google and other search engines

  • Your site may be removed from search engine results and flagged with a warning that turns visitors away

  • Long term trust and reputational damage to your business

  • Visitors may be discouraged from coming back resulting in long-term, trust damage and them leaving for a competitor instead

  • Your emails could get blacklisted, which can take a long time to resolve

  • Personal and sensitive data gets stolen, which then leads to requirements under privacy regulations like GDPR to advise all of your customer database that you have had a data breach and what steps you have taken to remedy it

  • Website cleaning and repair costs

How do I protect my digital presence?

To reduce the chances of this happening to your site, there are some basic best practices which will help with improving your website’s security. This includes:

1) Work with a website developer who is up to date on the current best practice for online security and can support you instantly

2) Keep your Content Management System (CMS) and its plugins updated. Content Management Systems are continually updated by the developers who support them, so performing regular updates means this technology remains secure

3) Choose a good hosting company who look after things from the server end and provide the support you need should a hack occur

4) Only give access to people you trust. Double check when any supplier is asking for access to your site for example, and also anyone from within your organisation if the request is unusual. Phoning the person is best practice, in case the email is fraudulent

5) Install an SSL Certificate for your site. SSL Certificates help to protect data entered into your website by users, such as credit card numbers and email addresses, by providing encryption so no-one can eavesdrop and collect the information

6) Use Strong Passwords and update them regularly

7) Backup your website regularly to minimise the impact on your business should the site be hacked and go offline

8) Install a credible security plugin, such as Wordfence

What do I do if my website is compromised?

If you think your website has been hacked, you will need to contact your website developer as soon as possible and provide them with as much detail as you can.

They will need to restore your website from the most recent backup before it has compromised or clean up the compromised files. Then they will need to track down how it was compromised and try to prevent it happening again.

Be proactive

Being proactive around your website’s security is key. It is always a lot cheaper to keep your website up to date and secure, compared to the clean-up and hassle after it has been hacked.

Talk to us about your current website security and we can make specific recommendations for your site to help protect your business and your online investment.