If you are a small business owner with a website, you’re probably familiar with how much effort it takes to put one of those things online. Not as easy as the marketing would have you believe.
Having published your site, you may be tempted to be satisfied to just have it online. Perhaps you're not interested in doing much else with it.
If that's the case you’re probably not thinking about what would you do if your website got hacked. That might be something you ought to consider. Of course, you may ask, who would want to hack your teeny website?
Regardless of how small your website is, hackers are gonna do what hacker’s gonna do. The one thing you can count on them to do, is hack.
In the course of my business, I currently host and/or manage between twenty and thirty websites. Recently some of those sites were hacked, which inspired me to do this video and post.
You don’t have to have a huge site to be a target for hackers. Even a small site can serve a hacker's purposes.
Why Do Hackers Hack?
There are several reason hackers target websites. Identity theft is a big one. If they can get into your site and it turns out that you reuse passwords, then they may be able to access other online properties including your bank or credit card accounts.
In addition to identity theft, a hacked website could be used as part of a botnet to create a DDoS or distributed denial of services attack.
This happens when a hacker gains control of a large number of websites and uses them to target to particuar website and overwhelm it with requests.
If you recall a few years back, Ellen DeGeneres hosted the Oscars. During the show she took a selfie of herself and a handful of celebrities that were in attendance. She tweeted out the picture and it immediately got retweeted 3.3 million times.
If you suddenly throw that much traffic at a site, it may have a hard time keeping up. This ends up crashing the server and making the site unavailable.
If you're a hacker with control of enough websites, you can create one of those. Whether it's for political or economic reasons, this remains a favorite tactic of hackers.
The Deceptive Site Designation
One thing you'll want your teeny tiny website to avoid is being placed on the naughty list. What does that look like?
When someone navigates to your site, instead of immediately seeing your site's content, they're presented with a screen that looks like this.
That’s, not a good look.
I had that happen to a few sites that I was taking care of, even with the security software I had in place.
Security on a website is like putting security bars on your windows doors. They keep the majority of bad people out, but they're not stopping anybody if they’ve got time, a blow charge and some sledgehammers.
Putting security on your website doesn't make you immune to malware and hackers, but it does make you a less likely target than other sites without security software in place.
When I build a website I install a standard security package.
Every so often, that's not enough. In those cases, you'll need to find the vulnerability that let them in, patch it or hire someone to patch it for you. Getting peace of mind back for your website is definitely worth it.
Are Your Credentials Compromised?
The number one thing the number one thing to keep the bad folks from wandering onto your website and doing whatever they want to do is have strong passwords. I know, creating strong passwords can be a pain in the neck.
Even so, it’s still worth it.
A cool tool to check your security status online is a site called Have I Been Pwned. https://haveibeenpwned.com/.
There are two different flavors of this website. Email check and password check. Both will tell you if the information you enter was compromised during any reported data breaches.
If you find your email or passwords have been compromised, immediately change my password and consider using two-factor authentication.
Use a Password Manager
I have between 1500 to 2000 passwords. It would be impossible to remember all of these passwords and simply writing them down on paper or storing them in a document on my computer is a bad practice.
That's where password management sites come in handy.
I use Roboform. I don’t have any kind of relationship with these folks. But I can vouch for their service. I just started using them way back in the day when I didn’t know about the other ones that were out there. ,
In addition to Roboform, there’s Lastpass and 1Password. A quick Google search may produce more companies in this space. These are the ones I am familiar with.
Using password managers allows you to create very strong passwords, either on your own, or by letting the computer generate them for you.
If you continually use weak passwords because they're easier, you’re gonna get what you’re gonna get. It could work out for you, but the longer you’re online, the greater the odds are on you getting hacked. Once that happens the fun starts.
Do your due diligence and jump on the password manager that fits how you roll.
That’s it for today. Be secure and I'll talk to you next time, bye,
