Google have now released a State of Website Security in 2016 review......based on it's statistics from last year. And it's an eye-opener! Because in 2016 the number of hacked sites has increased by 32% compared to 2015, and that percentage is likely to keep on rising!
61% of those hacked were not notified of it because they never registered their sites in Google Search Console. The only way they'd know is when their site was destroyed or defaced, or when their web host closes their account due to them sending out spam, or being used as a phishing site to perpetrate criminal activities.
Google have pinpointed the reasons that so many websites were hacked:
1. Outdated software and missing security updates!
Really, this one goes without saying! If you run software that is outdated then you're playing Russian Roulette......and one day you will get the loaded chamber. It's just a matter of time!
2. Compromised Passwords!
Use strong and difficult passwords......and change them often! And this applies to all online accounts that you have, including Social Media!
3. Phishing and Social Engineering!
Google have been emphasising for over 2 years that every site should be accessed by a secure connection using HTTPS/SSL encryption. And it's now reached the stage where they're putting warnings in browsers to all site visitors if this system is not in place.
So if your site gets hacked.....what can you expect? Well Google have listed the most widely used defacement processes so you know what's coming your way.
1. Gibberish Hack!
This will create pages of nonsense that will ultimately divert to a porn site! You'd better prepare your story for when users contact you demanding to know why you sent them to something like that....and infected their computer with a virus or trojan at the same time.
2.Japanese Keywords Hack!
Your site will get blitzed with Japanese words directing viewers to sites that are selling fake merchandise. If you ever wanted to feature in search engines for terms like "Rolex Watches" then this is your chance!
3. Cloaked Keywords Hack!
With this attack, hackers usually use cloaking techniques to hide the malicious content. They can make the injected page appear as if it's a part of the original site.....including a fake 404 error page. They'll then sell the links on your site to a third party who will use them for whatever purposes they want. But be aware that these purposes are not going to be legal or family friendly.
All this info comes directly from Google's analysis of internet activity in 2016. It's not speculation or assumption.....it's the facts!
So what action can you take to protect your website and your business?
Strong passwords, use current software both on the site and server (and keep updating it), only use professional web designers and web hosts, implement HTTPS/SSL encryption, and ensure that your site is protected by it's own firewall built into the application.
How many of those can you answer "Yes" to?
The way things are headed now, these are not options, they're essentials! If you're not prepared to ensure these are in place then you may as well shut your site down and just use a FaceBook business page. Because if you leave it too long, a third party with bad intentions is going to make that decision for you.
I'll leave you with this thought! Those of us of a certain age can remember hearing news reports of bank robberies, post office robberies.....and even mail train robberies. Ever wondered why it's gone pretty quiet on that front in recent years?
It's simply because the gelignite, firearms, masks, and getaway cars have now been replaced by computers!
Not convinced? Did you know that the UK Chancellor has announced a new five-year £1.9 billion scheme to counteract cyber-crime in the UK? Would he do that if there wasn't a serious problem that affects everybody?
The reality is that official government statistics have shown that there were 3.8 million instances of cyber-crime in the 12 months up to June 2016 in the UK alone! And it's rising!
Ignoring the recommendations above means you're actually contributing to the problem! And looking at it another way, it's the equivalent of hearing there's a spate of burglaries in your area and then leaving all your doors unlocked! Ask yourself.....would you really do that?
Published in WebSpain
Have you been Compromised? I would be pretty sure that you already have been.....but you don't know it!
Would you like to find out for sure? Then read on......because we have a simple online check for you.
You may not know, but over the last few years, millions of email addresses have been leaked, stolen and sold in hacking attacks on thousands of websites!
This is big business, because your information and data is worth money! The results of this test may well be a shock to those people who are concerned about the security of their personal information. For those who are not remotely concerned about security, and there are a percentage who fall into this category, it still won't register. Nothing ever does until they get totally blitzed.
So here is the test.....just enter any e-mail address that you use then see the results: https://haveibeenpwned.com/
If your data has been compromised (and my guess is it will have been), then the screen will turn red and you will be told where the data breach has happened.
Your next course of action is to visit the sites that are listed and change your passwords to something very secure. You should do this now......not later!
What can you do to protect yourself in the future?
1. Your website should be running on the latest software.....not on an application that has been outdated for years.
2. Your website should have SSL Security in place.
3. Your website should be protected by a security firewall.
4. Stop using high risk webmail accounts like Yahoo, Hotmail etc. GMail is by far the best option.
5. If you have accounts on other sites under your e-mail account, then keep changing the password regularly.
6. Any passwords you use should be complex using a combination of low and upper case letters, and symbols.
7. Use professional security programs on your computers such as Kaspersky or Eset.
8. Backup the data on your computer to an external drive on a weekly basis.
9. If you're not using your computer.....then turn it off! Don't leave it permanently connected to the internet.
That's my advice.....given in good faith, and in your best interests! I can't do anything about the points from number 4 onwards. Points 1 to 3 fall into our area, but unless you're prepared to take those points seriously we've very limited in what we can do to protect your interests.
Was I compromised? Yes.....on Linkedin and DropBox, but I dealt with those issues immediately, so the risk was eradicated. But I keep on top of security issues and take it very seriously.....do YOU?
Published in WebSpain