A few years ago I spoke at a local business group. My presentation was on Essential Website Security and covered the Truth and Myths surrounding security. With all of the recent attacks on websites, there is a growing concern. As you can imagine there were many small business owners in the group concerned with their website getting compromised. Their concern is warranted because small business websites are often low hanging fruit for hackers. Small business owners are often busy running their business and have little time to focus on the website. Unless the website has a serious problem it isn't a priority. What I have seen cleaning up numerous websites is a spectrum of compromise. As I prepared for my presentation I developed what I call my "Security Nightmare Spectrum". This spectrum goes from least to most severe and destructive. The last four have a significant impact on marketing as it will affect search engine ranking.
- Vulnerable - Website software is missing the latest security patch(s) and is vulnerable to attack. Often these attacks are automated and simply looking for vulnerable websites.
- Initial Hack/Hidden - The vulnerable website now becomes compromised as an attack finds the vulnerable website. Often this results in the installation of a backdoor so that hacker can leverage the vulnerability in the future. At this point, the hacker will often wait out the backups so that any remaining backups contain the backdoor.
- Spam Links or Google Ads - Hacker puts spam links or Google ads into the website to monetize the traffic coming to the website. The website owner is often unaware of this for some time. With this type of attack, it may not seem obvious to visitors that the website is compromised.
- Email Spam - Hacker sends out email spam from the compromised website. Often the spam email is advertising for porn, enhancement drugs, or merchandise.
- Email Blacklisting - As a result of email spam, the website server will get blacklisted meaning that email from the website server will get blocked or discarded as spam. If the website server is also the primary email server then legitimate email will also be affected.
- Malware - Hackers put malware on websites to attack visitors that come to the website. Malware is software, like a virus for a website, that does bad things to the computers of website visitors. Malware can come in many different forms: trojan horses, phishing, schemes, pharma hacks, and information scraping.
- Website Blacklisting - Industry leaders such as Google, Bing, Norton Safe Web, McAfee SiteAdvisor, etc check for malware on the website and if found will blacklist the website. Blacklisted website will lose nearly 95% of its organic traffic destroying the time and money invested in marketing.
- Defacement - Hacker destroys most of the website and puts a page(s) up of their own making. Often this is used to promote a political agenda. I have included a screenshot of a website I worked on that was defaced.
Protect your digital investment with a quality company that will provide the security and support that you need. If you have concerns about your website security, please give us a call at (800) 771-3950.