Anyone can get hacked. If you don’t believe me, here’s a list high profile websites that have been recently compromised: Premera Blue Cross, Chick-fil-A, Sony, U.S. Postal Service, Staples, Kmart, Dairy Queen, Home Depot, Jimmy Johns, J.P. Morgan, Yahoo Mail, Ebay, AT&T, Neiman Marcus, UPS, Apple iCloud, Microsoft, NBC, Twitter, and the U.S. Government.
Once an exploit is identified, robots crawl the internet looking for opportunities. Even if you do your due diligence, it’s still not unreasonable to assume that, at some point, you will get hacked. If you prepare for it, it won’t be that bad.
Similarly, Symantec, one of the world’s largest anti-virus software companies declared its own industry “dead.” The reality is the computer virus problem is too big. The attackers are too numerous. It takes a certain amount of bravery to admit defeat. Let’s work on mitigating risk.
Don’t host vulnerable data. Use third-party gateways processing e-commerce payments. Don’t “go it alone” to save a few pennies. They have a larger security staff than you ever will. If you are storing records, integrate third-party solutions.
Don’t use easy passwords, and change them once in a while. This doesn’t just apply to your website, it’s basic internet hygiene. A “brute force attack” is just a program that guesses thousands of passwords a second. If your password isn’t complex enough, it will bust down the front door and walk right in.
Invest in automated backups. If your site is ever compromised, identify an uncorrupted version and restore it quickly, patch up the exploitation and get you back on the road with minimal upset.