The 9th February marks Safer Internet Day; a day to recognize the dangers of the internet and the need to be kinder online. But it’s not just each other we have to fear on the internet.
You’ve probably heard the talk – online hackers finding their way into your website without you knowing. Spambots corrupting your Google Analytics website data. Online viruses bringing your whole website to its knees. But this is just 1% of the threats that your website faces on a daily basis. The most malicious threats are the ones you don’t hear about, bubbling away in their internet cauldron waiting to spill over onto your website and cause you irreparable damage. Whether you own a website or are responsible for your company’s website maintenance, you have to stay one step ahead of these threats, because once they strike whatever you do is almost always too little too late.
The evolution of malicious website threats
When the internet first launched, it was like this incredibly shiny new toy that we couldn’t quite believe we had. It was hard to conceive that we had access to almost the entire world all on one platform albeit, in the early days, we had access to probably 1% of it.
The internet quickly grew in popularity, and as more and more computers became affordable to the average household, naturally the internet followed suit. More internet providers came onto the market giving us more choices for our internet speed, online protections, and choice of device usage.
Over the past decade of the internet, we’ve seen exponential growth in the way we use the internet for common tasks like studying, shopping, and even banking. The traditional methods of day to day life have been replaced by the virtual world, and with this comes the evolution of online hackers and theft.
We once worried about using ATM machines and pin machines, knowing full well that many people’s card details had been stolen through using both machines. Now, we have to worry about using our payment cards online, trusting that the company we’re buying from has the best encryption and antimalware software available. But here lies the issue: do the companies that we put our trust in know they have a malicious threat on their website lurking beneath the surface?
The website security issues
Today, anyone can create a website in just a few minutes using website builders like WordPress or GoDaddy. It’s easy to create responsive e-commerce sites and start monetising them if you have the technical know-how and something new or revolutionary to offer. The security issues arise when you miss just one little thing in the backend or you thought “it’s unlikely to happen to me”. Unfortunately, it is actually very likely to happen to you so here’s the threats you should be looking out for:
Website threat one: Malware
You’ve undoubtedly heard of the term “malware” and know it’s something that poses a danger to your website. But, malware is essentially software that’s sole goal is to damage your website and is very successful in doing so with around 30,000 websites getting hacked every single day.
So how do you stop malware attacking your website? Initially, Google is able to identify malware and mark it as not secure to potential visitors but that doesn’t mean it’ll stop people clicking on it. The main way to identify malware is active on your website is by running a malware test and checking to see if your domain has been blacklisted or flagged as having malware. The only problem with checking for domain hijacking is that it will cost you extra just to check this one part of your website security. StatusCake, however, has domain monitoring functionality that will repeatedly check to see if your domain is blacklisted and will flag up any suspicious activity that you wouldn’t be able to see so you can make a difference before it impacts your revenue. The best part is StatusCake is affordable and let’s face it, something that doesn’t break the budget bank and does the job is a win.
Website threat two: Phishing
Phishing attacks are all about gaining sensitive, personal information on a person in your company or a customer. The types of phishing attacks you can expect include suspicious emails that have a link to a website that claims to be a trusted domain and asks you for personal data. For example, say you owned a company called NewBusiness. NewBusiness employees would have email addresses like this: [email protected] and their website would be newbusiness.com. In a phishing email, they would target employee Kat with something like this:
Please enter your login details to newbusiness.com/login to verify your account
Unbeknownst to Kat, this is a phishing link and a malicious threat to the company, even though it looks like a company URL and has “New Business” in it.
The second type of phishing attack is one that is similar to the previous example but instead goes out to your customer list. So they’ll use your employees’ email address [email protected] and send a link to your customers with a link asking for personal data.
The third type is reliant on email attachments that contain malicious trojans. Trojans are exceptionally dangerous to your website and to those who download the attachments onto their devices.
So how do you stop phishing attacks from ruining your company’s reputation and affecting your revenue?
Ensure all of your customers’ and employees’ personal information is well encrypted, which will help prevent phishing attacks. Next, make sure your employees know the difference between a dangerous phishing email or link compared to one that your company might send. You can also share this information with your customers should you think you’re at risk from a phishing attack. Better yet, make sure the security on your website is watertight, add two-factor authentication, ask users to create strong passwords, and make sure that you run a virus checker regularly. A quality virus scan like StatusCake’s can help identify any threatening activity working on your website that you can’t see until something goes massively wrong.
Website threat 3: Ransomware
One of the lesser-known malicious threats is ransomware and it does exactly what it says on the label: it holds users to ransom. They ultimately lock you out of your website or account by encrypting and adding extra blockers and threaten to publish your personal data or customers’ personal data if you don’t pay a substantial ransom. These can prove very costly, not simply because of the ransom but because once this happens, customers will struggle to trust your website again. So how do you stop ransomware?
Only ever install or download software and files that you know you can trust; these can be a key gateway for ransomware to take your website hostage. Secondly, keeping antivirus software running in the background of your website can help identify any suspicious changes in activity and in particular, if there is ransomware present. Thirdly and most importantly, always make sure you are maintaining a secure website that is always protected. This means if new protocols come into place, make sure your website adheres to them straight away.
How to stop malicious threats in the long run
Precautionary measures for malicious website threats depend on the size of the website in terms of profitability and visitors. This is because an attack could be more damaging for bigger enterprises than for smaller ones. On the other hand, small businesses are more likely to be attacked due to the potential that there are reduced security measures in place because of a smaller budget or teams.
The basics to keeping your website safe start from strong passwords, two-step authentication processes, secure encryption, and regular virus scanning. Passwords should go beyond the typical 8 digits, special characters, and numbers. It might sound scary, but it can take less than a second to get a password if it’s not strong enough. Passwords are only one step in the snakes and ladders game of online threats, make sure you only ever open attachments from people within your company and from those you definitely know have sent you an attachment. Finally, always back up your website so that if the worst-case scenario of a cyber-attack happens, you haven’t lost everything you’ve worked hard for. The Art of War by Sun Tzu sums it up well – If you know the enemy and know yourself, you need not fear the result of a hundred battles.