Yes, a hacked website can happen to your school. Here, the myths, misinformation, and truths. Plus, tips for protecting yourself.
If you surfed the Internet in 1994, you could probably have gone to all 3,000 websites. (And back then, a hacked website was rare.) Today, you’d be hard pressed to visit even a tiny fraction of the billion-plus sites out there.
Exponential growth has come at a price: About one percent—or ten million—of these websites are hacked or infected.
While your chances of escaping an attack are good, hackers strike randomly and harshly, and you should do everything possible to protect yourself.
Knowledge is power, so here are six commonly held myths about hacked websites—along with a cold, hard dose of reality—and how you can safeguard your site.
MYTH 1: Malicious code is distributed primarily through email.
REALITY: That was true in the early days of the 1990s. But today, cyber criminals disseminate malware primarily through websites. Google’s Safe Browsing discovers thousands of new unsafe sites every day.
MYTH 2: Only rogue websites (porn, gambling, and other vice sites) and illegal marketplaces on the dark web can infect you.
REALITY: In its 2015 Annual Security Report, Cisco identified the industries that pose risks to website visitors. Surprisingly, they include arenas like agriculture and mining, aviation, food and beverage, insurance, media and publishing, and real estate and land management. All these sites get substantial traffic, which makes them seductive to ill-willed hackers.
MYTH 3: Cyber criminals target large companies and government organizations, where they can access a minefield of data.
REALITY: Small businesses are just as exposed as the big guys. With their sophisticated automated scanning tools, cyber crooks scour the Internet looking for vulnerabilities in legitimate websites—which could be anything from your pet sitter’s little blog to a giant dating site (remember the embarrassing Ashley Madison attack of 2015?). And because small firms don’t have huge budgets for security precautions, they may be more tantalizing targets.
Once they find a hole, hackers deploy their malicious code—often without the victim even knowing it. The infected site can then unwittingly spread its virus to site visitors.
Note: A website’s interactive features make excellent gateways: Any user-controlled area—such as such as email signup forms, blog-post comments sections, and customer login pages—can potentially be used to infiltrate a site.
MYTH 4: Hackers strike PCs, not Macs.
REALITY: Yes, there are more people out there using Microsoft Windows than Mac OS, making them likelier hacker prey. But Macs are no longer immune, and cyber crooks are determined to exploit all kinds of platforms and devices, including smartphones, tablets, printers, cars, and even medical devices.
MYTH 5: Hackers are just kids and hobbyists looking to make some mischief.
REALITY: The underworld of cyber criminals is well-organized and big business. Villains can make big bucks providing stolen credit card info, Social Security numbers, banking credentials, and other prized data to the black market.
MYTH 6: A strong firewall can singlehandedly stop attacks.
REALITY: You absolutely need a secure firewall in place. And hackers know that, which is why they’ve gotten crafty and turned to social engineering—the art of tricking people into giving up sensitive information or granting access to their system. For example, someone posing as a technician calls the victim to “fix” a problem and eventually secures the person’s login info.
Now that you’ve had a dose of reality, here are some measures you can take to minimize your hacking risk.
Six Ways to Protect Your Website From Attack
- When building your site, make sure your developers know what’s required to protect your site and that they use secure coding principles
- Verify that your web-server and other software are up to date
- Use SSL to encrypt web traffic containing personal information—like credit card and bank account numbers, Social Security numbers, and other sensitive data
- Keep a close eye on your site and perform regular scans to detect unexpected changes or viruses
- Back your site up frequently; in the event you’re hacked, you can restore it
- Never give your password or username to anyone—especially someone you don’t know
Has your site been hacked? Tell us about your experience below. Or if you have any tips or insights, we’d love to hear those, too.