Hackers. They aren’t just Hollywood archetypes. They actually exist, and they do mean to cause your website and company harm. How can you protect yourself from these threats? Well, first of all by taking it seriously. Now, I’m not talking “lose a bunch of sleep and buy a bunch of stuff” seriously. Just recognize the threat and make the necessary changes to your infrastructure to minimize it.

The facts

This is the part where I throw some uncomfortable facts at you. Again, these aren’t intended to scare you. Rather, they are being thrown out there as a call to action.

The numbers of hacked sites has been rising dramatically over the past few years. Now, it’s up to debate as to why this is happening but a popular take is that many webmasters and company owners have taken a “wait and see” approach regarding hackers. It can’t possibly happen to me, right?

Well it does happen to lots of folks. All it takes is a slight hack for you to experience some site damage, data theft or loss in search rankings. It goes without sayings that a huge hack could lead you to a “locked out of your website” nightmare scenario.

The number of hacks and exploits that are typically used have also been increasing. I’m not going to go into every one, but some of the most common types include XSS, SQL Injections and defacing. In short, it can be a full time job keeping up to date on all of this stuff. Unless you have a dedicated employee willing to make this their pet project, it really can seem overwhelming.

Don’t worry. You don’t need to re-structure your entire financial plan in order to make room for some new anti-hacker employees. You can make yourself reasonably secure by taking some simple steps that will quite literally be “no skin off your back.”

The steps

Protect yourself - Your hosting company probably has some protective measures in place but it’s important to understand that that isn’t a license to slack off on your end. You are still responsible for your own site. If a hacker went after your host, it could shut your site down for a while, but it wouldn’t affect your data or any of your secure information. That’s the difference. Hackers going for sites underneath the host’s umbrella are interested in data, information and general tomfoolery. Take steps to make you are protected.

Keep software up to date – Old versions of software are insecure. This is a fact. You really have to make sure any software you use in the office is up to date. Updated software includes security fixes and more.  Pay the extra money. Get on the phone with a specialist to make sure. Do anything possible. This can be a minor annoyance but it’s a minor annoyance that you only have to put up with once a year or so. It’s worth it.

Make sure 3rd party scripts and code are up to task – There is nothing more useful than a code or script that seems to exist just to help your business thrive. Still, these 3rd party scripts and codes are written by people on their own time in their own situations. Some may not be so safe. Now, this is not to say that you should avoid them. Quite the contrary. Just do your research. Google the creator. Look up message boards where customers are exchanging pertinent information. Do this before installation and you’ll be set.

Do your homework – Let’s be honest here. Most of the time a hacker finds a way in to your site the fault usually lies at your feet. Do your homework! Make sure you run virus scans often. Clear your browsing histories on a regular basis. Just be aware of the general security of your infrastructure, enough that you’ll notice any changes no matter how minor. Once this becomes habit, it gets easy. I promise.

Secure your passwords - This is also part of your homework but it’s so important I decided it needed it’s own little section. Keep your passwords secure! You have no how idea far this goes to discourage would-be hackers. Think of a secure password like bars on a bedroom window. If a would-be robber passes by and sees those bars, are they really going to bother? They’ll just move on to the next house. Here are some general rules of thumb to keeping your passwords safe: Always use a combination of numbers and letters. Stay away from real words and family names.  And, oh yeah, the longer the password is the better. These can be annoying to remember but in the long run it’s worth it.

If you have the money, outsource – I know I said you wouldn’t be required to hire for this problem. That is mostly true, however, if you can you may as well. A lot of reputable coders work freelance and won’t break the bank. If you really have money to burn, go with a professional security agency.

Google Webmaster tools – Google Webtools can be your best friend in this situation. They offer tons of functionality that can help keep your website and your company safe. You can set it up so you’ll automatically be informed of any software updates, any problems with third party scripts and they’ll be sure to alert you if anything suspicious is going on(Within reason.) It’s free and definitely should become part of your security repertoire.

Backup everything, a lot- This is such an important and oft-overlooked step. Back up everything all of the time! This way if the worst does happen, you can be up and going again in no time. Send important files, emails and documents to just about anywhere that will have them.  This includes email accounts, portable hard drives, home computers, mp3 players and more. Also keep a record of IPs that have been accessing your site and don’t forget that all-important clean record of your site.

Check your logs – Keep an eye on who is visiting your site regularly. This way you’ll have a list of suspects as soon as something goes wrong. Often times you can Google IP addresses, phone numbers and other pertinent information and come up with the guilty party. You can help before the hack as well. Keep an eye out for any unusual traffic, you know visitors coming from online pharmacies, sex sites etc. Once traced, you can be sure these visitors are up to no good.

Spread yourself around – Hosting is relatively cheap. Why settle on just one? Spreading yourself around means if one portion of your web empire is attacked, the rest remain completely secure. You can even have your sites hosted on different C Class IPs. 

Stay informed – Don’t take my word it. Stay on top of the latest trends and news on how to keep hackers out of your life. Read pertinent blogs. Subscribe to some newsletters. Wanna know where to start? Here are some sites to check out.

Trend Micro
Apache Security
MySQL Security
Security Focus
ha.ckers.org
Tips to Protect Your WordPress Installation

Ok. This may seem like a lot but hopefully you are doing some of these steps already. Once you get your game-face on it will all become second nature. After all, your company and website are worth it aren’t they?

McAfee’s study, “The Security Paradox” takes a look at how small and medium organizations that employ between 51-1,000 workers deal IT security and cyber threats. Both are, as it stands, on the rise for SMBs.

One scary point the report makes is that SMBs the world over(and especially in North America) feel as though they are too small and therefore hold too little value to be attractive to hackers. However, recent trends indicate quite the opposite.

SMBs exhibit quite a few traits that make them alluring to hackers and other ne’er-do-wells. Small and medium-sized businesses usually have a limited palette of resources. Their security measures are are usually out of date and inadequate. Their employees are often ill-equipped to deal with serious cyber threats. Taken together, these three problems equal big trouble for little businesses.

Jeff Green, Senior VP of McAfee Avert Labs confirmed, “High profile attacks [on larger enterprises] are becoming less frequent because they are often detected quickly. Attackers are favoring stealth attacks that quietly infiltrate systems [of small and medium businesses].”

To reverse this alarming trend, small and medium-sized businesses are going to have to make some sweeping changes that will affect the fundamentals of their budgetary concerns. Here are some scary statistics. Apologies in advance.

Today:

* 52% of SMBs believe they are not well known enough to be a target for cybercrime.

*46% believe hackers could not make any money by accessing their information.

* 45% of SMBs think they hold little value to hackers.

* 44% believe cyber crime is an issue for larger organizations.

* 35% of SMBs are not concerned about being a target of cybercrime.

* 34% don’t think their information has value outside the organization.

Even worse, a large percentage(74%) of SMBs allocate three hours or less each week to IT security. Also, half of the companies surveyed feel adequately protected by the default settings on their IT equipment. This is all, of course, podunk. The results of this ignorance has resulted in stolen data, downtime, decreased productivity, non-compliance, lost sales, and a tarnished reputation.

Businesses who fall prey to a cyber attack usually experience a week or more of downtime as they try to set everything right again. Real, out of pocket, costs hover at about $41,000. That’s a lot of office furniture.

So what are you supposed to do?

Well, it starts with attitude. Simply recognize that you are at risk and move on from there. Don’t lose sleep over it but do take baby steps every day to rectify the problem. Talk it over with your IT people. Invest in some protective software that goes above and beyond the default settings of your IT equipment. Most of all, pay attention. Your employees and your customers may be aware of problems before you are. Remember, just because you aren’t AT&T or the US government doesn’t mean you are not a value to hackers. You are a value to your customers, aren’t you?

WordPress is a very popular open source platform. While the team works on the the 2.9 release, there are few upgrades that remedy some current security faults.  It is impressive that an open source solutions takes such an aggressive stand toward security.

Changes:

• two tag importer plugin support has ended
• more secure file upload rights
• suppresses vulnerable PHP code areas
• solves trackback DOS attack problem

This is not the end all be all of security.  You hosting environment is also important.  Also evaluate your hosting provider to ensure that you site is safe and secure.