Nearly half of all businesses in the UK reported cyber attacks or breaches in the last 12 months, with that figure rising to seven in ten for large businesses. With social media giants Facebook, the NHS and even governments falling victim to hackers, the question might not be if your website will be hacked, but when.
Hacking in the News
Hacking attempts, successful or not, feature more and more in our everyday news. High-profile hacks have been blamed for data breaches, digital vandalism and even vote rigging. Here are some of the most prominent news stories in recent years.
In September 2018, 50 million Facebook accounts were compromised in what is thought to be the company’s biggest security breach to date. Attackers used three flaws in the system’s software to gain access to user accounts, exposing customer information and also potentially affecting third-party accounts. The source and purpose of the hack are still being investigated.
The NHS was one of the thousands of organisations affected by what has been described as ‘the biggest ransomware outbreak in history’, in May 2017. Thousands of companies in nearly 100 countries were infected with malicious software demanding payment for access to critical records. NHS trusts and services were forced to cancel appointments and operations. With staff reduced to using pen and paper to record information and no access to essential medical histories. With a crippled health service potentially costing lives, the NHS and the government faced questions over why systems were left so vulnerable to attack.
Three billion Yahoo user accounts were affected as part of the largest data breach in history, in August 2013. The scope of the damage has only recently been revealed, the figure having tripled from previous estimates. With a huge loss in value, resignations and a number of lawsuits against them, the company has suffered greatly as a result of the attack.
Some other big names
The names and the numbers are almost never-ending – here are some you might recognise: Equifax, eBay, Sony PlayStation Network, Home Depot, Uber, LinkedIn, MySpace, British Airways, Instagram, MyFitnessPal, Snapchat, TalkTalk, Tumblr, Adobe, Twitter…
So what is hacking?
Hacking is the ‘gaining of unauthorised access to data in a system or computer’. The person gaining access is referred to as a hacker. Many hackers exploit vulnerabilities within a computer system in order to steal, manipulate or destroy information. For businesses, this could mean:
- Theft and misuse of company financial information
- Theft and misuse of customer personal and/or financial information
- Deletion of information
- Manipulation of company information
- Access to related systems and accounts owned by other companies
- Destruction of an entire website
All of these consequences would lead to serious damage to a company’s reputation, loss in customer base and revenue. It could even result in further cost from legal action following a breach.
What is a computer virus?
A computer virus is malicious software designed and used by hackers to replicate itself and spread from host to host, altering a system’s operation and potentially causing detrimental effects such as corrupting or destroying data. Viruses can remain inactive for some time, and even once activated can go unnoticed, recording, stealing and altering a system and the information it contains. Viruses spread usually in the form of attachments and downloads. Signs that your computer or website has been infected include:
- Slowed performance
- Frequent crashes
- Frequent pop-up windows
- Changes to the homepage
- Emails you didn’t send
While some viruses may be considered jovial and cause minor damage to a company’s reputation, others are created solely to cause extensive damage, often for the financial gain of the hackers.
I don’t have anything worth hacking
With so much personal and company data stored and shared online and on computers, there is always something worth stealing. Disparate pieces of information can be brought together to form a useful profile for criminals to exploit.
Hacking requires skill and high-tech equipment
Hacking is mostly portrayed in film and television as the pursuit of highly intelligent, skilled individuals, attacking big, complex targets. However, the majority of cybercrime is low level and opportunistic, taking advantage of multiple targets of limited value but with weaker security.
Big companies are more secure
As you can see from the names above, bigger companies with more resources do not necessarily have the best security. Human beings are actually one of the biggest risks for cyber security – increased bodies and increased complacency mean increased avenues for the criminals.
There’s nothing I can do to stop hackers
There are many simple and routine ways to make your website and system more secure. See below for our tips.
Hacking and SEO
Hacking can affect a company’s revenue and reputation in more subtle ways:
- Hackers can sometimes use access to a website to replace links to other sites, increasing traffic to the new destination and reducing the time a user spends on the intended site. Even if the hack is not successful in generating actual business for the destination website, it will increase traffic statistics for it at the same time as damaging customer confidence in the original site.
- Google rankings can be negatively affected for hacked sites. Google scans sites for malware and removes them from search listings, effectively blacklisting hacked sites and reducing a company’s visibility in the marketplace.
What Can You Do?
In an increasingly networked marketplace, companies must do more to protect themselves from cyber attack, as well as protecting their customers, particularly in light of recent GDPR regulations. The logic is simple: you lock your house, you should lock your website. There are several easy steps companies, and individuals can take to increase their website security.
Increase password strength
One of the most common ways for criminals to hack into your computer or website is by guessing passwords. Increasing the strength of your password makes you a much less easy target. You should:
- Increase the length and complexity of your password – for example, using a 10-digit combination of upper- and lower-case letters, numbers and characters
- Change your passwords regularly
- Not share your passwords
- Never write down your passwords
- Not use the same password for multiple sites, devices etc.
- Consider using a password manager
Stay up to date
As mentioned above, hackers can use vulnerabilities in a system to gain access. There is no such thing as a perfect system: every system will have weaknesses and loopholes that could eventually be discovered and exploited. Manufacturers will update software that has been found to have a fault, so it is best practice to update software, themes and plugins in order to avoid preventable breaches, as knowledge of a fault will spread. Older software will also eventually stop receiving security updates, making it even more vulnerable to attack. Once a website has been hacked, it is vital that you make changes and advances in software and security, as hacked URLs can be shared among hackers and then bombarded from numerous sources.
What We Do for Our Customers
As well as advising our clients of the security measures above, at ExtraMile we perform additional tasks to protect the websites we design, develop and manage.
When building a website, we install security and anti-virus software and plugins responsible for stopping attacks and login attempts. Here is an example from a medium-sized website of the number of attacks blocked, and their country of origin, within one week:
Customers can also ask us to update software as and when required.
SSL security certificates
ExtraMile adds SSL certificates to all of the websites the company creates. An SSL, or Secure Sockets Layer, offers security in the form of data encryption when sent over a server, giving protection for the transfer of sensitive information such as credit card details. Websites collecting credit card information are required by the Payment Card Industry to have SSL certificates. For other companies, there are several advantages to having an SSL certificate, such as the example given below:
- In July of this year, Google Chrome began marking plain HTTP sites (those without SSL certificates) as ‘Not secure’, highlighting to users immediately that the site may not be safe to use (particularly when adding personal and financial information), potentially decreasing traffic to the site and reducing the amount of time spent on the site. Secure websites now display a padlock to the left of the URL:
Further Recommendations and Useful Links
As in medicine, with website security, prevention is better than cure. It can take time to realise that a website has been hacked, a long time to determine how and why, and then more time to fix and prevent further damage. While 74% of companies in the UK said that cyber security was a high priority for them, only 27% have a formal policy in place to cover risks. In a never-ending game of cat and mouse, companies, and individuals should do as much as possible to protect themselves from attack by hackers. Here are some useful links to help you: