Lately small business websites have increasingly become a prime target for hackers. In fact, just in February of this year it was discovered that a new threat has emerged that can lock down and encrypt websites until a ransom is paid.
For many small business managers, website maintenance and monitoring is rarely part of the daily task list. This blog will explain why active management of your website is important and will also provide some basic steps you can take to maintain and secure your company’s website.
Why Small Business Websites Are Attractive To Hackers
You would think that most small business websites wouldn’t be of much interest to hackers. Typically they don’t hold much in the way of private data or sensitive information. But even if your site doesn’t store credit card information or client data, it can still be valuable to them because it can provide cover for other attacks.
The vast majority of small business websites are considered ‘soft targets’. Most of these sites are ‘set it and forget it’ – after the site initially goes live there is very little that is done in the way of maintenance and security updates. Typically these websites are easy to gain access to due to weak passwords or outdated code or plug-ins. And because the sites are rarely monitored they can often become compromised long before anyone notices.
How Hackers Use Small Business Websites
Historically, business websites are used by hackers to provide legitimacy for phishing scams: The hacker infects a legitimate site so they can post a link to a dangerous website or payload. People viewing the legitimate site can then become infected by clicking on the dangerous link or even just hovering over the link for a brief period of time.
And now it has been discovered that website threats have evolved to include the more sophisticated ransomware attacks. Once it is infected, the website is locked down and displays a ransom note. The owner of the site is unable to access any data on the site until the ransom is paid.
An even bigger concern to business managers is what can happen after your website is infected: the website can be completely blocked by Google or any number of security software platforms (like Trend Micro, McAfee, etc). Google finds and marks thousands of new malicious websites every day. These sites are ‘blacklisted’ so that visitors to the site will see a warning such as ‘This site may harm your computer’.
To get removed from the blacklist and operational again, a business manager will need to spend time and/or money to do so. This process involves three steps:
- Cleaning the site or restoring from a known good backup
- Updating passwords, website code, patching tools and plug-ins
- Request blacklist removal from Google or the other security providers
Active Website Management
A compromised website can lead to the exposure of sensitive data, a reputation hit for your business, and the loss of time and money involved to restore the site to full functionality. To help avoid these headaches we recommend an Active Management approach:
- Be sure to conduct regular malware scans of the website
- Keep up with routine maintenance: verifying and updating all tools and plug-ins
- Make sure that admin passwords are strong and are changed regularly
- Ensure that you have regular backups of the website AND ANY BACKEND DATABASES
- Ensure that the Content Management System (i.e. Wordpress) is up to date
- Subscribe to CloudFlare to help secure and optimize your website
IT Can Be Overwhelming. We’re Here to Make it Easier
There seems to be a great deal of confusion when it comes to website management and security. Keep in mind that there is a big difference between website hosting services and active management services. You’ll want to pay very close attention to exactly what is provided by your web hosting partner.
Our website management services include regular security scans, managed backup services, Cloudflare maintenance, free hosting and unlimited content changes. Contact us to learn more.