British Airways, the iconic airline trusted by millions of business commuters and luxury travellers, slipped up recently. They had to admit that over 380,000 customers had their data stolen.
Think this is a rare story? Not at all.
Think it won’t happen to your business? Think again.
When talking about the attack, cyber-security expert Professor at the University of Surrey, Alan Woodward, said:
“It looks very much like the details were nabbed at the point of entry – someone managed to get a script on to the website.”
This means that at the point of entry, the card details were taken. Using an online booking system or card payment solution? Then you’re potentially at risk too!
What can you learn from this?
Quite a lot, actually. If you’re running your own site and especially if you’re using theme on WordPress, (other less popular Content Management Systems (CMS) are available), website, you are at risk of a potential hack.
What do you need to do? Here’s our quick advice.
1. Get updated
It’s fairly straightforward to update your site, especially in WordPress.
Note that we thoroughly recommend running a backup before you do though, just in case the worst happens.
Why should you update when the site seems to be functioning fine and there’s a small risk that the update could break something?
Well the simple fact is, WordPress, and other CMS platforms, are very popular and very tempting to hackers. Working out the flaws in the code and the holes in the chainmail is an exciting prospect for spammers and hackers. With the freely available downloads and access to themes, it doesn’t take a genius to see why hackers will try their luck.
In the past Apple Macs weren’t considered to be hackable, but this is purely because hackers weren’t trying to hack them because more people had a PC. Now? Now Macs are very popular and the hackers go where the numbers are.
So update your core files and themes regularly. Check in once a week and keep everything watertight. Updates are created for a reason and it’s mostly to fix a problem in the structure of the CMS to protect you. But back up before you do. Just in case.
2. Avoid poor plugins
If you’re one of the 75M people running a WordPress based website then you’ll be well aware of the brilliant plugins that you can add and install to your site. It’s so simple and it’s easy to see why website owners love them.
But that does mean people can be careless when choosing plugins. Not only are many of these plugins simply too bloated and slow your site down, but many of them are easy to break into, giving hackers a way of gaining access to areas of your site.
It’s not as rare as you might think. Be careful which plugins you use. Updates are released for a reason, so please update them regularly. Recently Carphone Warehouse was hacked and data was stolen purely because of an out-of-date WordPress install and some questionable plugin maintenance.
3. Be GDPR compliant
4. Back everything up
This one’s simple. Back up your data and your website. Don’t just rely on the cloud either; get it backed up somewhere else and get a back up of the back up, just for good measure. You don’t want to be a statistic of a business that lost time, money, credibility, customers etc. because you didn’t have anything in place. We know of businesses which have been unable to keep trading after losing data.
(Get a backup plan in place or check out our WordPress Maintenance Packages.)
What would you do right now if your site was hacked and messed about with? Malicious attackers could change anything on your site. With a backup we can quickly roll back time and fix your site and get rid of that headache. Without a backup it’s a lot more messy. A LOT MORE. Why would you do that to yourself?
5. Make sure your password isn’t ‘Password123’
The most popular password in the world in 2017 according to Wikipedia was 123456 and the second was ‘password’. Don’t be that party pooper! Seriously. If you have any respect for your business or your customers just don’t do that.
Also don’t use ‘12345678’ either, or ‘qwerty’ or your maiden name, dog’s name, or your Twitter handle. Never use simple to hack or easy to guess passwords. In fact, don’t use a password at all, and use a ‘pass phrase’ instead.
Be sensible. Most people are leaving the keys in the door … oh and please never use ‘admin’ as your username.
You think that BA is a potentially more interesting target for hackers than your business. It’s easy to sit there and think “It’ll never happen to me” but 70% of information breaches happen against companies with fewer than 100 employees.
Because small businesses don’t tend to invest as much effort in monitoring and security hackers who attack are less likely to get caught. Small businesses are also more vulnerable to phishing attacks.
Why do they do it? From pr0n sites trying to sell stuff, to dodgy link building SEOs, to ransomware, they have the motivation. Hackers can also take information and sell it on the black market, making it a source of income for other criminals.
We can help you make sure this doesn’t happen to you.
Our WordPress Maintenance Packages are cost-effective and there for you when you need them most.
Don’t get headaches – get the support your business website needs, now.