Earlier this year the website of one of my client companies, www.OnlyHonest.com, was repeatedly hacked by a group claiming to be affiliated with Anonymous and was completely crippled. The site went down for months, we lost thousands of social media followers, and there was even a CNN Money story about the effects of the hacking on our business. We’ve since been able to work with an amazing cyber security expert who’s going through every line of code so we can secure and re-launch the site, but there was a period where we weren’t sure if we would be able to get back up and running.
Staring at the possibility that all of our hard work might be wiped out by some jerks hiding behind a computer screen was horrible and finding out later that the hacking could have been prevented if our original web developers had followed industry standards for protection made us furious. Black-hat hacking, like that done to our site, has become a way for hackers to prove their level of knowledge. They look at destroying your website (and with it your livelihood) as a game in which they can prove their mastery and show off their skills to the rest of the internet. Therefore, in an attempt to save other small companies from the nightmare of a cyber attack, our (new) tech team and I have put together some tips to help you secure your site so that you can rest easy.
First and foremost, choose your developers wisely.
The Only Honest leadership team thought we’d vetted our developers by checking out past work and references, but we didn’t know enough about programming to ask the right questions. If nobody on your team is a techie, try to find someone who is that you can trust to help you vet your developers so that you know they’re going to provide quality work that meets industry standards for protection. Here are a few questions you should ask when interviewing the prospective development teams and they should have answers at the ready:
- How would you identify a hacker’s attempted intrusion? The answer to this question may vary but will usually involve reviewing the logs to identify the intruder’s entry point and what was accessed during the breach, and the prospective developers shouldn’t have to hesitate before answering.
- How would you recover from a successful defacement of my website by a hacker? Again, the answers may vary but might include blocking the potential hackers’ IP addresses and performing an analysis to identify and fix vulnerabilities before restoring the undamaged code. Again, there shouldn’t be any hesitation in responding to this question.
- How often will you backup the database and code? At an absolute minimum, this should be done once per week.
Do extensive research of your own (Google is your best friend) to find out about any known vulnerabilities with whatever platform your developers are using to build and host your site.
Ask them about those vulnerabilities directly and ensure that they are keeping the platform fully updated. You can usually find out about vulnerabilities in help or discussion forums related to that specific platform and the platform will provide a patch that will be included in an update. Your best bet here is to ensure that you always have the most up to date version of whatever platform you’re using. One of the most common is WordPress, which currently hosts a massive percentage of all websites, and provides updates to patch its vulnerabilities regularly. Often, when a site is hacked it’s because it’s using an outdated version with known, and already fixed, vulnerabilities.
Invest in an SSL certificate.
Force all of your users to create and use strong passwords.
Make sure that all administrators create and use strong passwords – and that these passwords are not the same passwords they use on other sites.
Make sure that all of your website’s integrations with other sites and services (i.e. Facebook Connect, Twitter integration, etc.) are secure.
Again, you can usually find out about vulnerabilities by doing a simple Google search and you should directly ask your developers how they’re protecting you.
Make sure that you – and not just your development team – have a backup of all of your code and databases in case something should go wrong.
While it’s impossible to completely hack-proof your site, there are simple steps you can take to drastically reduce your chances of being the victim of a successful cyber attack. Hopefully, the tips above will save some of you from the devastation that can happen when your site is compromised by hackers.
Cate Costa is the President of Only Honest, Inc., a virtual public square for political debate and the nomadic entrepreneur behind www.CateCosta.com where she gives entrepreneurs free tips, tricks, and tutorials to launch and grow healthy businesses while she explores entrepreneurial ecosystems around the globe. She loves all things entrepreneurship and is a travel and food junky. Connect with her on Facebook, Google+, or Twitter.
Image Credit: www.telegraph.co.uk