Why hackers compromise a network? We explain the reasons and give you tips to minimise risk and action to follow if you've been hacked.
PWC have estimated that 90% of large businesses and 70% of small businesses suffered a security breach in 2015 based on a sample of 663 survey results.
Whilst it might be argued that anyone who had been compromised is more likely to reply to a survey, it still makes sobering reading and, more worryingly, figures are up year on year.
Who and why?
Hackers will compromise a network or server for a variety of reasons including:
Theft of confidential data (credit card and personal information)
To use the server’s resources (hosting malware, games servers and bots and stealing VOIP traffic)
For the fun of it (script kiddies)
To disrupt and damage your business (competitors)
For political reasons (if your website has political or campaign based content).
7 ways to minimise risk
Keep your servers and software patched and up to date. Unless you have strong skills in-house always choose a managed hosting supplier, it may be more expensive but if you use a competent host you will have a team of experts on your side.
Use very strong passwords, and have a password policy to change them if staff leave and at the very least every three months anyway. If possible use individual accounts so you have an audit trail and don’t use a single account with a shared username and password.
Turn off unused services, if you are not updating your site every day block access to ftp. Try to use the most secure version of each protocol, sftp (secure ftp) over ftp provides another layer of protection.
Backup regularly, at the very least daily and retain copies for a period of time. We keep daily copies, weekly copies and monthly copies of each site we host. We also retain a monthly backup for at least 3 months. If you are compromised you can then restore the site using a safe backup.
Have a contingency plan. Worst case scenario: if your web hosting account or server is being used to launch attacks against other servers you will almost certainly be switched off. If you rely on your site for business, have a defined and tested contingency plan.
Update software, especially open source software, as soon as a security update is available, this includes the core application such as Wordpress and plugins.
Use a security scanning/penetration testing service every 3, 6 or 12 months depending on the nature of your site. We run a penetration test as we launch a website or application, then periodically thereafter.
What should we do if we have been hacked?
Don’t panic, careful planning is essential at this stage. If you have a contingency plan now is the time to put it into motion. If you are in certain industries and/or the breach could have exposed personal data to a hacker you will probably want to unplug the server from the network and take a forensic snapshot of the disks and memory to aid in defining the extent of the compromise.
Talk to your host, see if they can see when the compromise occurred by analysing the server logs. Take the site offline and make an immediate backup. Remember that this backup could contain malware or other damaging code but if you need to roll back to a safe version you may need the data between your last safe copy and this backup.
Assess the damage
Was it the application (CMS, commerce platform etc….) that was compromised or the server?
Ask your host for their advice. If you are running a VPS or dedicated server you may need to install a clean version of the operating system, secure this and then restore your backup. Remember, if your email is on the same server you will be without email until the restore is complete.
Decide how to notify clients and users.
If no data has been compromised this might not be required but make sure you are aware of your legal obligations under the Data Protection Act or, if you are registered as a data controller, with the Information Commissioner’s Office.
If you would like to learn more about how to best protect your website from compromise please contact us.
Alternatively these links contain useful further reading: