Anyone can get hacked. If you don’t believe me, here’s a list high profile websites that have been recently compromised: Premera Blue Cross, Chick-fil-A, Sony, U.S. Postal Service, Staples, Kmart, Dairy Queen, Home Depot, Jimmy Johns, J.P. Morgan, Yahoo Mail, Ebay, AT&T, Neiman Marcus, UPS, Apple iCloud, Microsoft, NBC, Twitter and the U.S. Government who gave up the personal data for every single federal employee. You can now add LastPass, (a password storage company) and Ashley Madison (an infidelity dating site) to the list.
Those are some big fish, so they naturally have a target painted on them. So do WordPress and Joomla websites, because there are so many of them. Once an exploitation is discovered, robots crawl the internet looking for opportunity. Even if you do your due diligence, it’s still not unreasonable to assume that, at some point, your website will get hacked. If you prepare for it, it won’t be that bad.
Similarly, Symantec, one of the worlds largest anti-virus software companies declared their own industry “dead” this year, and have gone on to focus on damage control. The reality is the computer virus problem is too big, our enemies are too numerous. The battleground is undefendable. It takes a certain amount of bravery to Symantec to admit defeat. So let’s follow suite, assume we’re on the losing side of the security equation, and work on mitigating risk.
Don’t host vulnerable data. Use third party gateways like Authorize.net for processing ecommerce payments, and keep that liability on them. Don’t “go it alone” to save a few pennies. They have a larger security staff than you ever will.
Similarly, if you are storing HIPAA sensitive medical records, use a third party solution. Medical records are highly prized by the hacking community. They are sold and resold to be used to commit Medicaid and insurance fraud. Don’t assume your little intranet is safe, we can hear that bomb ticking.
Don’t use easy passwords, and change them once in awhile. This doesn’t just apply to your website, it’s basic internet hygiene. A “brute force attack” is just a program that guesses thousands of passwords a second. If your password isn’t complex enough, it will bust down the front door and walk right in.
Invest in automated backups. Meridiansix needed a safety net, so we built a custom backup solution. Our system is 100% cloud based and we store multiple versions of your website, e.g. one year old, every month for the last year, every week for the last month and every night in the last week. If your site is ever compromised, we’ll identify an uncorrupted version, and restore it quickly, patch up the exploitation and get you back on the road with minimal upset. At $200 a year and a tax write-off, it’s just the right thing to do.