Have you ever experienced fear in someone's voice? "My website's gone!" The business's owner's voice was filled with anxiety vaultmarket. The money spent on marketing and promotion for the site - to attract new customers to the site was now in danger. Instead of the corporate website the website was a black and white page that said that the website has been "Owned" by some hacker from Indonesia. "Can this be fixed? How did this happen? Why would someone do this? How can I keep this from happening again?" The questions were asked with a speed of light. Jack'sday had turned upside down. Let's consider how prevalent the risk of compromised websites and what you can take to safeguard yours.

Hacked and Infected - Website Threats on the Rise

Security experts believe that there are two kinds of companies left in the US one of which has been targeted by hackers and those that do not know that they've been compromised. Forbes magazine recently published an article that read "2013: The Year You Get Hacked". Google is now flagging up to 10,000 websites as compromised each day. The number is steadily on the rise.

There are various types of dangers websites are exposed to, dependent on what the company it self. Let's examine some of the specifics of web-based threats and the kinds of companies which are at risk.

Website Attacks Motivated by Profit

Websites that have high-value information are often the subject for sophisticated hacking attacks. The intention of hackers is to steal valuable information which can later be sold. Most often, the targets are credit card numbers, trade secrets, or any other data that is of the potential to be worth money.

Small businesses are usually not targeted in these kinds of attacks, since they generally don't have this kind of information in their websites. Even small-sized e-commerce sites usually handle transactions involving credit card information through third party PCI compatible processors and gateways - which means they don't have credit card data stored on their site.

Phishing, DDoS, and More

You've probably heard of these incidents firsthand or through the press. Phishing scams take as emails that "look" like they come from a big financial institution and then direct users to a fake site. These types of attacks are popular and you've probably gotten these types of emails before. If you receive something similar to this in your inbox - just delete it without clicking the link.

DDoS (distributed denial of service) attacks usually make the headline news when they affect companies that are large. Google and Yahoo both have been completely shut down for the duration of time as a result of large attack of distributed denial of services. In essence, these attacks employ large numbers of affected computers to function as drones, and overpower the website targeted by massive numbers. Denial of service attacks usually target very large websites, so this is not a risk for most small businesses.

Website Vandalism

This type of cyberattack typically affects small companies. In this type of hack, criminals attempt to deface a site and put a new homepage on the site. The new page has an announcement about the name of the hacker's screen.

Nothing the hacker gains as a result from this type of attack other than bragging rights in addition to the street "cred" among others engaged in the same activities. It's the equivalent online of how troubled kids walk through the neighborhood at night and slam mailboxes with baseball bats - there is no gain being sought. The only aim is destruction.

Like vandalism to tangible property, people who damage websites usually have another go at it when the website is repaired. Once a website has been compromised it is a target for attacks in the future. Hackers distribute lists of sites that they have targeted - imagine this as a resume for hackers. If a site is added on a list such as this, they often become the frequent targets of similar attacks over the course of years.

Larger enterprises usually have facilities and procedures in place to safeguard their websites and protect themselves from this kind of vandalism to websites. Small businesses frequently don't take this threat seriously until they've experienced the effects by it.

Website Infection and Malware

This kind of attack also typically affects small business websites. In this type of attack, the website may be affected by a virus or malware. The goal of the virus or malware is typically to infect computers of the users who visit the website. In this instance the site is an instrument utilized to advance the goals of the criminal - which include deleting files, to identity theft.

This is one of the most devastating types of attack for small business websites because the attack is not immediately evident. The infection or malware can be disguised as a Trojan horse, so it's not detected until it is activated. This means it is usually able to stay hidden and sometimes even for weeks.

The business's owner typically discovers that there's a problem on the website after receiving complaints from customers or customers who visited their website and had their computer infected because of. If Google detects the infection it will display an alert next to your site if it appears up in the results of the search. Sometimes , the first indication that there's something wrong is when the owner goes to his own site and then is a warning from McAffee or AVG warning that they are visiting the site that is infected.

Software Updates - First Line of Defense

Most commonly used methods that bad guys break into a small business website is through vulnerabilities in the program or software the website runs on. It is important to stay informed of the latest releases of the program that your website runs on and making sure that you update the software every time there is a new version released is a hassle and having your website messed up could be a major nightmare.

If you're operating an WordPress website, keeping your software updated is as simple as regularly going through your dashboard and plugins to see if new updates have been made available. If they are, then press the icon to update, however, make sure you've backed-up your website prior to doing so. Sometimes an update may not function like it's supposed which is where backups come in handy. Another thing to look out for is if the most recent plugin version is more than two years old, you should quit using the plugin as it has most likely been abandoned by the creator This isn't a good sign.

A website that is operating on the latest software and plugins can go a long distance to helping protect your website against any kind of problem.


The most effective thing you can do to ensure the security and integrity in your passwords is change the passwords regularly (like every three months) and ensure that your password does not contain an entry in the dictionary. Dictionary attacks remain an effective method hackers use to brute force their way into accounts. They just try every word in a dictionary of commonly used passwords. Utilizing lower and upper cases, numbers, or special characters to create a password that is at 8 characters in length is a minimum. A longer password is better but ensure you remember it and have it recorded in a secure place.

If you are sharing your password with others, make sure you update it once they no longer require it. A common occurrence when the security of a password is that the password leak turns out to be from someone whose computer got infected by a virus, which took the passwords from the computer. Change your password on a regular basis as well as after certain events (like the departure of an employee or contractor leaving) can make a huge difference in protecting your website from harm.

Website Monitoring

Sometimes things can occur that go wrong. This is where backups and monitoring are useful. Monitoring can alert you of a problem as soon when it occurs. This is basically software that scans your website continuously to ensure that it's secure. If there is a problem, you're alerted instantly so that you can correct your website right away.

Software Shield

Software security isn't a silver solution, but it could give you a solid amount of protection against lots of different dangers. There are many different security programs available. alike - there are some free tools on the market, but the top quality software comes with a cost and a warranty. If they don't trust the software enough to back it with a guarantee - you shouldn't put much stock in it either.

Protecting Your Website

The best way to protect your site is to rely on a multi-layered strategy where there is no single point of failure. Security of websites is a constantly evolving field - you need to ensure that your security strategy is robust enough to be able to adjust to any new threats. Once you have this strategy in place, you won't have to be concerned about what happens.

In the case of Jack we investigated and found that hackers gained access via a flaw that was recently discovered in some of the software that runs his website. The site was restored from backups and a solid website protection program with warranty was put in place to ensure that he is able to relax with security knowing that his website is properly protected.

If you'd like someone else to oversee your security on the website, take a look at our website protection programs (complete with warranty protection). With the appropriate level of protection and proper systems installed, you'll feel confident about your website's security.