If you have a small-business website — or even just a personal site — you probably think that you aren’t attractive to hackers. After all, you don’t have nearly as much to offer as a large site in terms of audience or data as a larger site.
The fact is, though, that any website, even your local business site, is attractive to a hacker for multiple reasons. Understanding those reasons and what it takes to keep hackers away can make a big difference in the security of your site, and your business’ ability to stay up and running.
Why They Want You
The reasons that hackers attack websites range from simple arrogance (the “look what I can do!” type of attack) to a targeted, malicious attack on your business specifically (a DDoS attack launched by a business rival, for example). However, most attacks are driven by one of the following reasons.
- Locating Vulnerabilities. Most large-scale malware attacks are successful because the attackers are able to identify and exploit vulnerabilities in user machines. It might be something in the operating system, a particular piece of software, or, in the case of websites, a plug-in or other code, but regardless, it gives hackers a means of entry to launch additional attacks. In other words, your website isn’t the target, but rather a tool to discover vulnerabilities to reach other targets.
- Money. Hackers are often after financial gain, and they will attack websites as a means to steal money — or information that can be sold for money. Whether it’s stealing payment information from your customers, r stealing your information to access your accounts, money is a common reason for hacking.
- Taking Over Your Computer. Hackers often attack websites as a means of spreading malware that will turn your computer — and those of any site visitors who are infected — into a bot or zombie machine. Typically, these machines are used to launch DDoS attacks on larger targets; essentially, the hacker executes commands to the malware on the unsuspecting users’ machines to overload the servers of other business sites. Again, it’s not your site under attack per se, but you are a means to an end.
- Vandalism. In some cases, hackers take over websites just because they can, and vandalize the site in an effort to be shocking or funny. For example, hackers have replaced entire media sites with a single picture of something offensive, just to get attention. In some cases, these attacks are done maliciously, but more often than not they are simply pranks — albeit pranks that could be potentially harmful to your business.
How They Get You
Another reason that hackers might target a less well-known site is the simple fact that it is often easier to do so than to attack a better fortified site. For example, many small-business owners or less-experienced website designers might forget to hide the admin pages from search engines. When these pages are indexed by the engines, hackers can easily locate them, getting them one step closer to hacking your site.
Hobbyist and small-business site owners also have a tendency to be a bit more lax about security than other sites. They might not follow password best practices, for instance, or use default credentials that are easily guessed by hackers. Installing updates and the latest internet security tools are also important to keeping a website safe, but they often aren’t a top priority. The result are websites that are vulnerable to hackers, and potentially detrimental to your business.
Have You Been Hacked?
In some cases, you won’t even know that your site has been hacked, but there are some clues. Two of the biggest signs are a significant and unexpected drop in traffic (since your site is likely no longer being indexed in searched) and problems with emails, such as you or recipients not receiving messages, or a sharp decrease in email open rates, due to your emails being blocked from recipient accounts. Changes to the content on your site, new administrator accounts, and other strange behavior are also signs of hacking.
So how do you keep the hackers out? If you have been hacked, start by removing all evidence of the hackers from your site and changing passwords. Going forward, following security best practices, including password management, installing internet security software, and using other site security plugins and tools, can help keep your site locked down and safe from hackers. By understanding that you are in fact at risk, you can do a lot to keep your business and your site visitors safe from cybercriminals.