The feeling might best be compared to the emotions I felt when my home was invaded. First there was disbelief, then anger, and finally a lingering sense of vulnerability.
According to a 2013 survey by the National Small Business Association (NSBA), 44 percent of small businesses have had their websites hacked. Now, add mine to that list.
The nightmare began last month with an ominous note from Google: “Our system has detected activity which may violate Google policies in…”
A further read revealed that the giant search-engine and advertising company had effectively quarantined a suspect page on my website. “Malware” had been detected.
A call to my developer confirmed the worst: The website I’d built with such care and expense was under “active attack,” and cleaning up the malicious files and “closing the vulnerabilities” would “run somewhere in the neighborhood of $1,500 – $2,000.” (Hacker victims in the NSBA survey averaged $8,700.)
Unlike the politically motivated hackers looking to advance an agenda, those who attack business websites are typically seeking cash.Once malware files are planted, hackers may gain access to business bank accounts or customer credit card data. Some malware even attaches itself to the computers of online customers, allowing hackers to continue their criminal rampage.
If big companies like JPMorgan Chase, Target and Home Depot represent a mother lode for hackers, the websites of small business owners are more like plump, soft targets. Only 21 percent of small business owners in the NSBA survey said they had a “high understanding” of cybersecurity, and 42 percent cited website security as the biggest challenge they face in the use of technology.
For a business owner, getting hacked feels like an extreme violation. My operations were effectively shut down for several days and I nearly got booted from the shared server that hosts my site.
“This was not personal,” my developer said, reassuring me that the hacker, who apparently felt so proud of his work that he signed his name, in all likelihood knew nothing of me, my business or my website. It was simply a crime of convenience.
In the end, I was able to save some of the clean-up costs by instructing my developer to amputate a portion of the infected site. It was a tough decision, but that’s money I’d rather invest in building a new site.
While no website can be made hacker-proof, here are some takeaways I learned from my experience:
• Talk to your developer. In six-plus years, I had never asked about my website’s security.
• Keep software up to date. Software programs are constantly being upgraded to address security flaw. (NSBA survey respondents cited upgrade costs as their top technology concern.)
• Be especially vigilant if you allow customers to upload files or post comments to your website.
• Never open emails that appear suspicious; delete them immediately.
Here is a link to the NSBA survey:
Source: The Charlotte Observer