Most website owners and managers know that website downtime can indeed affect your search engine rankings as far as Google is concerned. With Google dominating the search market with about two-thirds of all search engine...
Hacker Prevention 101: Training for Employees
If you operate or own an online business your website is at risk of being hacked, regardless of how large or small your website may be. Smaller businesses may think they are not a big enough “fish” for a hacker to focus on. The fact is that almost every single website online has something of value to be gleaned. Even if it’s just personal information or a mailing list, there is information that a hacker can use if you leave it open for the taking. Even if your business is a small craft shop, you’re at risk of being hacked. Large businesses, on the other hand, may think their security measures are adequate for the prevention of would-be hacking attempts. The fact of the matter is that even with the best precautions in place, your site can and likely will be hacked no matter how advanced your measures to prevent it may be.
You cannot simply work to prevent hackers. You also must put strategies in place for the times they do set their sights on you. This will allow you to minimize any damage they may cause. Here are some basic hacking prevention and mitigation tips that every employee should be familiar with and keep on hand, allowing them to do their part to prevent hacking.
Use Strategic Passwords
There are many who feel that a password they can easily remember is the best road to take. The fact of the matter is that passwords should be one of the most strategic tools you use in your efforts to prevent hacking. Use strategic passwords. Never use the same password for more than one login account. It is also best to create passwords that are a randomized series of numbers and letters. There are password tools available with many Internet security programs that will help you create a password and file it securely in a “vault” so that you don’t have to remember all the different passwords used for all your various accounts and logins. The goal is to create a password that is practically impossible to guess for each login you use and then change those passwords every 30 days to help prevent hackers from getting into your website or accounts.
Use Two-Factor Authentication Whenever Possible
When you use two-factor authentication a one-time code is sent to you via your smartphone or an authentication fob every time you try to login to the authenticated account. You must enter the code in addition to entering your user name and password before you can get in to the account. By taking this measure, you ensure that even if someone did get your passwords, they wouldn’t be able to get into your account without the authentication codes.
Never Click on Links in Emails
Almost all the major hacking attempts in history, even today, including the hacking of the Sony and Target networks, can be traced back to a practice known as “spear phishing.” Spear phishing occurs when a hacker sends out a seemingly-innocent email. The email looks legitimate, so you click the link included. What you don’t know is by clicking that link you just downloaded malware onto your computer, smartphone, or other mobile device.
Be sure to understand that these criminals make it their job to look legitimate so they may mention personal information or other things that would get you to trust them. No matter who you think the email is from or how legitimate it may appear, never click directly on an email link. For example, if you were to receive an email that looked as if it were from your bank, don’t click on the link in the email. Instead, go directly to your bank’s website via your Web browser and look for any messages or alerts they would have sent you there. If the message seems so important that you can’t ignore it, call your bank (at the published number and not a number that may have been included with the email) and ask to speak to a manager or bring the email into your local bank branch and inquire about it. Whatever you do, do not click on the link in the email or go to any links from any email you receive.
Utilize a Website Monitoring Service
If someone is knocking at the door of your website or has gotten in and has begun to wreak havoc, you need to know about it the moment it happens so you can put your counter-measures in place. The best way to make sure you know about a problem the moment it happens is to utilize the services of a quality website monitoring service. If something starts going awry with your site or you suddenly come under a DDoS attack, the website monitoring service can notify you immediately so you can put your plan of action into place.
Make Sure You Have a Plan of Action
Speaking of action plans…when your website monitoring service alerts you of a problem, you need to have a plan in place to mitigate any damage the hacker may try to do. This means immediately changing all passwords and logging out all users so the hacker will no longer have access. It may also mean moving your site over to another server temporarily while you put your other site on lockdown, begin any necessary repairs or file restoration, and/or combat the efforts of a DDoS attack, etc.
While you may not be able to eliminate any and all risk that you’ll become a victim of a hacker, you can take some simple steps to ensure you are minimizing the risks that exist. By putting preventative measures in place and plans to mitigate damage if a hacker does make you his next target, you can ensure that your website will withstand the storm and be ready for any additional attacks in the future.