Attacks on websites are common now. For every eager programmer who learns to create a device to protect people’s digital businesses, there are others only to happy to inflict trojans, malwares, viruses and other online evil.
Those processes can bring down a company or expose it to damage, or drain money from its funds. Perhaps sometimes it is a pure show of arrogance from a young hacker or cyber wizard, capable of showing a multi-million-pound company that someone in a bedroom in another country can infiltrate their defences.
And the damage can be incalculable, to reputations and future prospects. Last year alone 20,000 customers at Tesco Bank had money stolen from their accounts, while the infamous TalkTalk breach saw a ‘mere’ 157,000 personal records compromised by hackers. These will not be the last such incidents; indeed, an attack on accounting software company Sage could “be one of the most important in UK data breach history if its scale is confirmed.”
These are the giants of the online world, but do not make the mistake of believing that hackers only target the big fish. In 2016 the Guardian reported on the plight of Blackburn-based MNH Platinum, which was attacked in 2015 by a virus which encrypted more than 12,000 files on its company network. A ransom demand followed, promising to reverse the damage for the sum of more than £3,000. They paid, fearing the destruction of the business.
This despicable attack was one of many thousands around the world against SMEs; indeed, it is estimated that more than half of phishing attacks (sending out fake emails with the intention of snaring companies) targeted SMEs in 2015. The assumption that hackers will not bother with small fry is dangerous and misguided – if a criminal can siphon £10 for the sake of sending out a single, untraceable hack into an SME’s online system, they’ll do it.
So what can be done to protect your site? No system is totally impenetrable to a cyber-criminal, but there are a number of steps that should be undertaken to inhibit them, to the point where it no longer remains worth their while to progress. Strong passwords that are regularly changed (or even generated by an automated password manager) is one of the simpler methods, and please don’t use the same one for multiple accounts.
If you’re concerned about the security of your website and data you might wish to use a remote service for data, such as VPS SSD. If not, back files up in safe locations or havoc can ensue; Forbes tells the story here of two tech writers whose lives were attacked by earnest cyber criminals, who even used Google to guess their security question answers.
Also consider double-verification as a security measure; where, as well as a password, a code is sent to your smartphone that needs to be inputted before access is granted. Also, don’t be tempted to open rogue or unfamiliar links that can attack your hard drive – in your gut you know if something seems suspicious, so tread carefully.