By Kirby Mack
A cyberattack can target any firm, no matter the size.
Most of the time, a hacker’s main objective is to exploit one of the following valuable resources to make money on:
- Sought-after data that can be sold or used.
- The squeaky-clean reputation.
- Return traffic and/or a constant client base.
- It is important to you.
Even worse, if they aren’t holding you hostage they could be attacking your clients. A relationship that took months to nurture may now take years to mend. New clients are hard enough to close and are nearly impossible to get back if they leave.
Stealing Your Client List
If you have a submit form on your website, a hacker sees that as a piggy bank. Every submission you get with real world information is another dollar in the bank. An attacker will gather all of the visitor submissions from your site and use this information in many ways. They may sell it to a third-party advertising agent, steal their identity, or even try to sell it to a competitor of yours. And it’s not just your client’s identity that’s at risk. They can use the information collected to set up a mirrored email account. And with a complete list of your clients’ emails, posing as you, they can send out a phishing email to steal your client’s personal information. Think about it. You worked hard to capture that lead, it’s valuable to you. Why not protect it at all costs?
This Site Is Clean
Day and night, you labored to build your firm and you’re proud of the reputation it carries. It’s trusted and reliable and THAT makes you a target. A “clean site” in the eyes of the internet is all it takes for a hacker to desire to gain access to your website. Once they get in, they use your resources and hosting to hide their own malicious malware and scripts. Ensuring that their reputation stays intact, they then, in your name, do the following:
- Host phishing pages. A phishing page is a page built and hosted on your site in an attempt to fool unsuspecting visitors into sharing sensitive information, like passwords, credit cards or Social Security numbers. It may be built to mimic the look of Gmail, Facebook, or even your own homepage.
- Host spam pages and links. Your website is legit, and because of this search engines assume your content is too, including all posts and outbound or inbound links. Hackers love to hide spam on your site, often using it to boost SEO rankings for their own malicious business. Basically, making your site work for them.
- Spam emails. Getting spam emails past spam filters is a difficult endeavor. But almost all spam filters rely on IP blacklists to block everything from known IPs that send spam. An attacker will take advantage of the perfect reputation your IP has acquired and begin sending spam from your web server to bypass the spam filters. Ultimately doing irreversible online damage to your firm and its reputation.
Eventually, one of the above methods will have your site hit by Google for having malicious content. By the time you’re able to identify which files are corrupt, your site is already on the blacklist and automatically removed from all online search engines.
Hitching a Ride on Your Traffic
Ever visit a website and before you know it you’re automatically redirected to a form asking you to fill out your credit card information to receive your free $500 Wal-Mart Gift Card? This is a very common tactic that hackers use—it’s a simple redirect but highly effective—most of the time your visitors don’t even have to click on anything to be sent to the form. All the hacker has to do is to set up a timed redirect and visitors are instantly redirected to a malicious URL that gathers their information that the hacker can then use for profit.
But money isn’t always the end game for these attacks. In almost half of the cases we see, the attacker just wants to expose your vulnerabilities for their own ego. They look at it like a game. They just want to see if they can get in and when they do, they want to leave their virtual spray paint all over your online home.
Another diabolical way hackers piggyback off your website’s traffic is through the spread of malware. They will install their malware on your website, which will then infect the computers of every visitor. That malware will then hold the visitor’s system hostage until they have met the demands of the hacker.
It’s Valuable to You
Your website is important to you. You’ve likely spent a lot of time and money to get your site working flawlessly. Perhaps your website owns a sought-after URL, like RetireHappy.com, and many other firms would like to have it. Maybe your site hosts an online client portal or all of your client intake forms. These are things a hacker knows and will use against you by holding your site hostage and demanding some form of payment. Unfortunately, more often than not, after receiving payment, a hacker will still delete all of your files and folders, leaving you not only out of money but without a website.
The Good News
There’s no 100 percent guarantee to never get hacked, but there are ways to safeguard yourself and your site from hackers. Rule No. 1 is BE AWARE of the threat. You wouldn’t leave the front door to your house wide open when you’ve gone on vacation because you’d be asking for trouble. Like most people you’d lock-up and might even have a security system. These precautions wouldn’t prevent a security threat altogether but it sure would reduce the risk. Our advice is to take the same amount of care with your website.
How credible is your hosting server? Have you had regular software updates on your site? Do you know when the last hack attempt was on your site? And who, and where it came from?
These questions and issues are easy to address by a professional. They’re also very inexpensive to address BEFORE something happens. But after the fact is a different story altogether.
So, if you get the concept of locking your front door when you leave the house, take the same precautions with your website. Call a professional to make sure that your site is as safe as it can be, so you can avoid a problem that’s difficult or impossible to remedy in the future.
Kirby Mack is Director of Digital Media at Lone Beacon.