Searching for content within a database can be a little trickier than searching files, but the options are pretty similar. Following up on last week’s blog titled, “How to Look for Malware in your Website Files” we talk about how to look for malware in databases and what types of things you should be looking for.
Tag: website scanning (Page 1 of 2)
Did you know that SiteLock scans more web pages in a day than McDonald’s sells hamburgers? How about that we analyze more source code files per day than Dominos sells pizzas in a year? We’ve put together this infographic to give you an idea of how quickly we work to mitigate cyber threats.
We celebrate Independence Day to honor the adoption of the Declaration of Independence on July 4, 1776. As Americans, we have the right to freedom of religion, speech, press, and the Internet.
According to a recent report from Google, nearly all website owners rely solely on Google’s Safe Browsing program to alert them when their site has been hacked. The report, released this month titled “Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension,” concludes that only 6% of webmasters discovered an infection via proactive monitoring for suspicious activity. That’s alarming.
Why is this a problem?
Consumers have endless choices of where to shop this holiday season and your store – whether brick & mortar or online— must stand out. A well-designed, easy to use website is critical in cutting through the clutter to attract holiday shoppers and drive them to make a purchases. Unfortunately, the same features that improve user experience and retain customers can leave your website vulnerable to a cyber attack and pose a significant threat to your business.
So you’re thinking about finally launching your first website. Or you’ve had a website up and running for years but it’s time for an upgrade, an overhaul, and brand new chapter in your online presence.
You’ll have plenty of things to think about and to get right, so just make sure you don’t leave security as an afterthought.
- Where will you host it? Hosting matters. Some hosts take security very seriously, because they understand that their reputation counts on your trust in them. Other hosting companies are less than enthusiastic about spending their budget on your security. Choose a host that has lots of experience, a reputation for reliability, a solid support team that’s there in an emergency, and a relentless commitment to protecting your online presence.
- What do you intend to use it for? Will you just use your website to advertise your business and encourage people to call or drop by your physical store? Will you collect personal information, maybe even accept credit cards, and even run your entire business online? What you collect and transact on your website will determine how big a target you could be and how much you could lose if you fail at website security.
- What kinds of information will you collect? It’s not just about collecting information from visitors to your website, it’s about what kinds of information, what you do with it, and how you protect it. Remember, even if you ask visitors to share their email address so you can send them a newsletter, that email address is of great value to hackers and identity thieves. The more information you request, the greater your responsibility to protect it. Are you ready for that responsibility?
- Will you have e-commerce? Selling your products and services online has never been easier, and it’s a great way to maximize sales and minimize costs. But it comes with risks, and in particular the risk that hackers will breach your security and get their hands on customer credit cards. So before you start accepting online orders, talk to security experts who can make sure security is built in from the start.
- Will you have to be PCI compliant as a result? If you plan to accept credit or debit cards , you have to PCI compliant. No discussion, and no exceptions. But getting in compliance is not as daunting as it might sound. For most smaller firms, the process is quick and straightforward. You can complete much of the process yourself in a matter of minutes, then use a firm like SiteLock to perform the regular website security scan you’ll need in order to be PCI compliant.
- Will you be using lots of third-party plugins? One of the great things about building killer sites is the number of low-cost and even free plugins you can use to give your customers the best experience possible. The downside is that many of those plugins may have security weaknesses or vulnerabilities that have to be patched quickly. So you’d better make sure that have a process in place to identify plugins with known issues and update all your plugins regularly.
- Who’s going to manage, update, and access your site? Maybe you’re talented enough to build and run the entire site on your own. But chances are, you have better things to do. Whoever you choose to build and maintain your website, whether a friend, a local guru, or your web hosting company, you need to make sure that security is a key part of every decision they make. And make sure they know what they’re doing when it comes to security. So many breaches are as a result of mistakes by programmers and web designers who didn’t think about security.
- Do you know enough about security to be dangerous? Dangerous to hackers, that is. You don’t have to be a security expert to have a secure website. But if you’re running any kind of business you have to familiar with the basics of security, identity theft, fraud, privacy, and all their cousins. Just like running a bricks and mortar store – if you don’t know how to spot a fake $20 bill, you’re going to end up with lots of them. So take some time to learn about what hackers are up to so you can spoil the party and ruin their day.
- Who’s going to guard and patrol your online premises? You know you can’t right? You can’t be there all the time, and the web is a very big and dangerous place. So never open a business on the web without first enlisting the protection of a company like SiteLock. Having the best experts with the best technology in a constant state of vigilance for any sign of attempts to break into your business is more than worth the dollar a day it might cost you.
- So how are things at home? Nothing personal, but one of the easiest ways for hackers to break into your website and steal your customer information is to infect your personal and home computers with malware first, then use that to steal your passwords as you log in to your site. So make sure you and everyone at home is aware of the risks and knows how to avoid them.
Good luck on your journey. May your website welcome lots of visitors that leave happy and return often. And make sure it’s as repellent to hackers as it is welcoming to shoppers. This shopper will thank you for it.
Happy Cyber Monday! If your website has survived the Thanksgiving rush, let’s hope it doesn’t suffer from a post-Thanksgiving malware hangover. Because in the usual run up to Christmas, the only people busier than elves are hackers. And their favorite tool this year appears to be malware. What’s a website to do without trusted malware removal?
We took a look at many of the top security stories to hit the headlines in just the last couple of weeks, and it’s not surprising that most of them were about malware.
Security firm Symantec says that hackers have recently been very successful in delivering a nasty gift of malware to unsuspecting users by blasting out emails pretending to be antivirus software updates. What makes the emails so convincing, according to Symantec, is that they look very authentic and incorporate logos from most of the popular antivirus products – probably even those that you use. Because most users are likely to be familiar with the brands and use at least one of them, it makes the email appear more personal and genuine. And therefore more likely to be opened. And clicked – which is what causes the most damage.
Security firm Trusteer also announced that it discovered some of the most advanced financial malware yet, malware that not only has more features than any previous malware, but also creates a private and secure communications channel back to the hackers behind it. According to Trusteer, the malware can steal information entered into web forms as well as steal log-in credentials from dozens of the most popular FTP clients.
And this is especially dangerous to small businesses in the U.S. If this malware is able to steal the login and password for your business bank account, it will very quickly empty that account. And small business accounts are not protected by zero liability. So if the thieves steal every last dime you have in the bank account, you’re out of luck. And maybe even out of business.
To add to the misery, Trend Micro also reported that it discovered more than 200,000 different types of malware targeted at online banking in just the third quarter of this year, with at least 25% of them targeted at U.S. banks.
One of the most dangerous pieces of malware in circulation right now is Cryptolocker. This is ransomware. Once it infects your computer, it will encrypt or lock your files and then demand a ransom to unlock them so you can use them again. The ransom can vary, from $300 to more than $3,000. And even if you pay the ransom, chances are you still won’t get your data back. And thousands of users have fallen victim. Even one police department admitted that Cryptolocker had managed to kidnap their data.
And not to be left out, researchers have discovered that even the NSA has turned to malware to do their job, infecting at least 50,000 with a botnet that will allow them to spy on those computers.
So if website malware scanning and defense is not on your Holiday to-do list, it might be a good time to update that list. After all, it’s supposed to be the season of cheer.
For those of you who had website security on your list of New Year’s Resolutions for 2013, and haven’t been able to check it off yet – there’s still time! Every January we, as business and website owners, create to do-lists for what we want to accomplish in the coming year. It all looks great on paper, but then reality sets in. We have businesses and websites to run. Families to care for and spend time with. And fine – maybe a fantasy football team to manage. Bottom line – we’re all really, really busy. And suddenly it’s the middle of November, and there are still a few outstanding items we’d love to cross off our lists.
Website security is one of those things that we know needs to be addressed (the horror stories of hacked websites are everywhere), but it tends to get put off for many reasons. Some of us underestimate the importance of securing our website, some are afraid it will be expensive, and some think it will be too hard to manage without an IT person on staff. The truth is, website security is not only more critical than most people realize but it is also much easier than most expect.
Here are 3 easy ways to enhance your website security (and improve your online business) before December 31st:
1. Ensure safe holiday shopping for your customers. This is the busiest time of year for most eCommerce sites, so maximize your sales opportunity by displaying a trust seal. Most website scanning services provide a trust seal to publish on your homepage and show your visitors that your website has been scanned and is free of malware and viruses. Trust seals boost customer confidence in your online business, and have been proven to increase conversions by 10% or more. Not only will you be making more money, but you’ll also be alerted of any malicious files that could be on your website. So that you can remove them (some services like SiteLock can even do this automatically) before they can cause your site to be taken down at the worst possible time. It costs a lot less than you think, too. And is worth its weight in security gold.
2. Purge and update your plug-ins. This is one of the easiest things you can do to protect your website, and also one of the most important. You know how every once in a while, it feels necessary to peruse your Facebook friend list and do some purging? Maybe you realize that you don’t want to share your personal information with Jason from your kindergarten class or Vicki from 6 jobs ago? This is the same way you should approach any third-party software or plug-ins on your website. Using outdated versions is the single most common way for a hacker to gain entry to your website, and all your information, and often that of your customers. So make a list of all the plug-ins and third-party software on your site, peruse it, and purge (uninstall) anything you no longer use. For the ones you do use and want to keep, make sure you have the latest versions and updates installed. I don’t have a Facebook analogy for this part; you’ll just have to take my word for it.
3. Educate your employees about phishing emails. If you are someone who is extremely cautious about opening emails from unknown or large company senders, it may be hard to believe anyone still opens spam emails or (gasp!) downloads the enclosed attachments. But the reality is that not everyone is aware. And even those who are careful are often so busy and inundated with emails that a few might slip through the cracks. Plus, hackers are getting scary good at impersonating legitimate business emails – PayPal, FedEx, Apple, to name just a few – and luring victims to click on links in order to update account information, track a package, download an important update, etc. All you need is one employee to click on one of these fraudulent download links, and you could be handing over your entire business to a criminal. Financial data for you and your customers – stolen, and your reputation – ruined, in a matter of seconds. As many of you head into your busy season, a 10-minute company meeting or brief communication on the warning signs to look out for when opening email could go a long way to protecting your business.
See? It’s not too late, you guys. These 3 steps are cheap or free, quick, and easy. But they could save you from being one of the 30,000 small business websites that are hacked each day. And most of all, you can finally cross that New Year’s Resolution off your list.
Who is visiting my website: Good bots, bad bots, and humans (oh my!)
There are two basic categories of traffic that visit your website – humans and (ro)bots. An invaluable benefit of the TrueShield web application firewall is being able to differentiate, not only between these two basic groups, but also to separate the good bots from the bad. Bots get a bad rap, since most people associate them with cyber attacks. But if it weren’t for the search engines using bots to index your website, your site would never appear in a search and all your SEO efforts would be wasted. These are the good bots, and if your website application firewall is blocking them you could be hurting your online business instead of protecting it. SiteLock ensures that these bots are able to access your site and do their job for you. Knowing more about your visitors also enables you to spend smarter when it comes to marketing dollars, and to provide your advertisers with the most accurate numbers. When it comes to your website traffic (and, well, pretty much everything else in life), knowledge is power.
If you’re like most small business owners, you probably don’t believe that something as small as a piece of malware could threaten your business. After all, what could you possibly have that malware could want? And why would a hacker pick on you when they have so many bigger fish to go after?
Maybe this story will change your mind. A very small, nine-person business in southern California recently announced that it would have to close down suddenly and permanently after a small piece of malware known as a banking Trojan managed to slip on to the computer of one of its employees.