How to Prevent a Cyber Attack from Crippling Your Business – From Someone Who Learned the Hard Way : Under30CEO How to Prevent a Cyber Attack from Crippling Your Business – From Someone Who Learned the Hard Way : Under30CEO
arrow
Join the Under30CEO Community We deliver tips, tools and inspiration for your business. Daily to your inbox.

How to Prevent a Cyber Attack from Crippling Your Business – From Someone Who Learned the Hard Way

| August 13, 2013 | 6 Comments

Cyber Attack

Earlier this year the website of one of my client companies, www.OnlyHonest.com, was repeatedly hacked by a group claiming to be affiliated with Anonymous and was completely crippled. The site went down for months, we lost thousands of social media followers, and there was even a CNN Money story about the effects of the hacking on our business. We’ve since been able to work with an amazing cyber security expert who’s going through every line of code so we can secure and re-launch the site, but there was a period where we weren’t sure if we would be able to get back up and running.

Staring at the possibility that all of our hard work might be wiped out by some jerks hiding behind a computer screen was horrible and finding out later that the hacking could have been prevented if our original web developers had followed industry standards for protection made us furious. Black-hat hacking, like that done to our site, has become a way for hackers to prove their level of knowledge. They look at destroying your website (and with it your livelihood) as a game in which they can prove their mastery and show off their skills to the rest of the internet. Therefore, in an attempt to save other small companies from the nightmare of a cyber attack, our (new) tech team and I have put together some tips to help you secure your site so that you can rest easy.

First and foremost, choose your developers wisely.

The Only Honest leadership team thought we’d vetted our developers by checking out past work and references, but we didn’t know enough about programming to ask the right questions. If nobody on your team is a techie, try to find someone who is that you can trust to help you vet your developers so that you know they’re going to provide quality work that meets industry standards for protection. Here are a few questions you should ask when interviewing the prospective development teams and they should have answers at the ready:

  • How would you identify a hacker’s attempted intrusion? The answer to this question may vary but will usually involve reviewing the logs to identify the intruder’s entry point and what was accessed during the breach, and the prospective developers shouldn’t have to hesitate before answering.
  • How would you recover from a successful defacement of my website by a hacker? Again, the answers may vary but might include blocking the potential hackers’ IP addresses and performing an analysis to identify and fix vulnerabilities before restoring the undamaged code. Again, there shouldn’t be any hesitation in responding to this question.
  • How often will you backup the database and code? At an absolute minimum, this should be done once per week.

Do extensive research of your own (Google is your best friend) to find out about any known vulnerabilities with whatever platform your developers are using to build and host your site.

Ask them about those vulnerabilities directly and ensure that they are keeping the platform fully updated. You can usually find out about vulnerabilities in help or discussion forums related to that specific platform and the platform will provide a patch that will be included in an update. Your best bet here is to ensure that you always have the most up to date version of whatever platform you’re using. One of the most common is WordPress, which currently hosts a massive percentage of all websites, and provides updates to patch its vulnerabilities regularly. Often, when a site is hacked it’s because it’s using an outdated version with known, and already fixed, vulnerabilities.

Invest in an SSL certificate.

Force all of your users to create and use strong passwords.

Make sure that all administrators create and use strong passwords – and that these passwords are not the same passwords they use on other sites.

Make sure that all of your website’s integrations with other sites and services (i.e. Facebook Connect, Twitter integration, etc.) are secure.

Again, you can usually find out about vulnerabilities by doing a simple Google search and you should directly ask your developers how they’re protecting you.

Make sure that you – and not just your development team – have a backup of all of your code and databases in case something should go wrong.

While it’s impossible to completely hack-proof your site, there are simple steps you can take to drastically reduce your chances of being the victim of a successful cyber attack. Hopefully, the tips above will save some of you from the devastation that can happen when your site is compromised by hackers.

Cate Costa is the President of Only Honest, Inc., a virtual public square for political debate and the nomadic entrepreneur behind www.CateCosta.com where she gives entrepreneurs free tips, tricks, and tutorials to launch and grow healthy businesses while she explores entrepreneurial ecosystems around the globe. She loves all things entrepreneurship and is a travel and food junky. Connect with her on Facebook, Google+, or Twitter

Image Credit: www.telegraph.co.uk

Opt In Image
Awesome People + Awesome Places
Travel around the world while making new friends

Under30Experiences curates awesome experiences around the world for young travelers.

Tags: , , ,

Category: Entrepreneurship, Startup Advice

  • http://www.softship.com/ Ava Cristi

    Sorry to hear what happened, Cate. High level encryption of data entry should be implemented in your website as a priority. If I have to put my opinion on the table you need to have a new set of developers or train them advanced security measures. By the way, if you’re a budgeted team you can also make your own SSL certificate using OpenSSL, it’s open-source and free for both commercial and non-commercial use. Stay safe!

  • Tyson Hartnett

    Cate I know somebody who recently got destroyed by hackers. I have a wordpress website, so I know I will update a much as possible. But are there any other precautions I should take for it? Other than asked my developers to stay on it? Already some people created forum usernames with sketchy letters, so I know they aren’t part of the demographic. Can I block them somehow?

  • Mike Darche

    Cate, thank you for bringing this to our attention! I’m currently trying to set up a company with a multi pronged web presence (website, database, app, social media, etc) and I have been growing more and more concerned about the safety and security aspects of the business. Luckily I’m in the early development phase so I can approach this topic with some foresight. Cyber attacking is definitely an issue that will grow in complexity and frequency in the upcoming years.

    I’m sorry that this happened to you, but it seems like you handled the situation like a pro… I’ll definitely take your advice to heart–I’d love to hear more on cyber security!

  • Cate Costa

    Hi Ava: Thanks for the advice. We do now have a completely new team and the person heading it up is a cyber security expert, so hopefully we will be better protected in the future. Our site should be back up and running next week and I hope we won’t have any more issues!
    Also, great tip about the SSL certificate. Thanks!

  • Cate Costa

    Thanks, Mike! It was definitely rough going there but our site should be back up and running next week thanks to our new team! Live and learn. Best of luck with your endeavor!

  • Cate Costa

    Hi Tyson: I would definitely recommend that you talk to someone who is an expert in this to get advice about how to stay protected. The issue is that you don’t know what you don’t know, so it’s so incredibly important to have a development team that really knows there stuff.