Skip to content

Blog Post

You’re Not Too Small to Fight Back

fight-backLast week we noted that small business Web sites are more and more often coming under attack. This week, a look at the objectives these hackers have, and ways to fight back.

There are three main strategies the hackers are pursuing:

  1. going after customer data, credit card details, and bank account information (especially on e-commerce sites)
  2. injecting malicious code into sites, which infects the computer of anyone who visits, without their having a clue
  3. simply wiping out data entirely (a trend that’s becoming more and more prevalent these days)

And, as noted last week, hackers are increasingly wreaking their havoc on small sites. Like this one, say, or yours.

So that’s the bad news. What about the good news?

Even though smaller sites are being targeted specifically because they tend to lack security, your site doesn’t have to be a sitting duck. The usual reason that smaller sites are less secure is that their owners don’t take the time and effort to protect them properly. With a little investment, your site can be hardened to the point that the bad guys leave you alone because it’s more trouble than it’s worth to crack your site.

Giving Your Web Site Fangs

The first thing to consider, if you’re an e-commerce site, is PCI-DSS compliance. PCI-DSS is a standard of security birthed by the major credit card companies. Technically you’re required to conform to PCI-DSS standards if you accept credit cards on your site, though there are still (unfortunately) a number of sites that don’t meet the standard. We’ll explore PCI compliance in an upcoming post.

Choosing the right hosting plan is also important. Options range from shared hosting to a VPS to a fully dedicated server. In two weeks we’ll look at these options in more detail, including how to determine which plan is right for your situation.

E-commerce or not, there are myriad steps you can take to protect your server. You can:

  • make sure to use strong passwords for logging into your site’s back end
  • avoid using common login names such as “admin,” “administrator,” “webmaster,” etc.
  • install plugins (depending on your platform) to monitor and protect your site
  • lock down the file permissions on your site

We’ve developed a comprehensive security program especially for WordPress sites, so if you’re interested in help with those last two points, please contact us! (Thus endeth the shameless plug)

Finally, regardless of what precautions you’ve taken up front, the key to it all is constant vigilance! Keep tabs on your site, be in tune with its vital signs, and you’ll be in a position to recognize when something’s not right and to take appropriate action to fight back.

We’ll continue the discussion about hosting in two weeks. Next week, however, we look at a milestone for us here at MWD Web, as well as what you can learn from our example.

Photo Credit: Furryscaly via Compfight cc

MWD Web