Cybersecurity & email scam updates
20 May 2020COVID19 has meant a fundamental change in the way everyone is working across the board. This change has brought about some amazing innovations and paradigm shifts which will probably benefit many once the crisis is over.
But, as with everything, for every person finding ways to improve lives, seeking to adapt or developing strategies in positive ways, inevitably the opposite is also happening in the darker recesses of the scammer and hacker world.
This article is an introduction to our new cybersecurity and email scam updates that we’ll be sending out on a regular basis to help clients stay aware of what’s happening and how to avoid potential ransomware and data breaches. We’ll be giving you essential news about new scams, threats to websites that don’t have anti-hacking software and how to stay safe online.
What are website hackers after?
The TV programmes always show hackers trying to (and mostly succeeding to) gain access to high-security servers of organisations like the FBI, the CIA, the White House etc. So it’s natural for a small business owner to assume that as they don’t have any top secret information on their website, then a hacker wouldn’t interested in their website.
Unfortunately, that’s not the case. Here’s why hackers love attacking small business websites:
- To use your server to send spam/scam emails
- To use your website to plant spyware on your customers’ computers and devices
- To divert your traffic to their dodgy websites
- In order to hold your website to ransom
How to prevent your website from being hacked
Don’t use plugins
If you’re managing your site yourself, then you may have no option but to use plugins, but you should know they are a big risk. One of the reasons our software for WordPress helps your site stay secure is by not using the plugin framework. Instead, we overlay WordPress with our proprietary software that delivers a better front end experience.
Plugins are a risk because it’s easy for hackers to find out which plugins you have and then exploit known vulnerabilities in their code. And it doesn’t matter if they’re a ‘trusted’ source. Recently Ninja Forms and Elemental were both found to have major vulnerabilities and the list of minor plugins that have been hacked over the years are countless.
Protect yourself against brute force attacks
Whether you’re amending the code, using IP Blacklisting software or just monitoring who’s attacking your login page, please don’t leave your website unattended and without protection. Imagine that there’s a little programme that can automatically test (as an example) 218 trillion password variations in 22 seconds.
Always keep your website content management software up to date
Most content management companies do their utmost to help you keep your website safe. They do this by publishing updates which will include improvements and security patches. Keep your website software up to date on a regular basis and you’ll be helping to keep out unwanted intruders.
Set up automated backups of your server/hosting
As an extra precaution (plus it’s just good practice) make sure you have an automated back up happening every day or so. But again, you still need to keep an eye on your website as there’s no point in restoring a back up that’s a back up of the compromised software.