6 Jun, 2017 Getting Hacked Is Not The End of the World 6 June 2017 Sam Kuhnbaum Web Developer There are stories across the internet about people who’ve been hacked, the devastation it caused and the trials and tribulations they faced trying to rectify the hackers handiwork. While this is a reality of hacking, it represents hacking in the extreme and it is important to learn that for most of us, being hacked won’t be the end of the world. In fact, being hacked can be a blessing in disguise. Once you get over the trauma it causes, it can actually be useful: highlighting where you have weaknesses in your online security. From here, you can systematically work through your site with the help of your digital agency, to protect these weakness and deter future hacking attempts. Companies pay millions every year do exactly this. They employ what’s known in the digital industry as “white-hat hackers”. White-hat hackers intentionally hack websites, with the permission and knowledge of the company or individual they’re hacking, to root out any security issues and potential temptations and opportunities for hackers, so the company can defend against it. To see this kind of process in action, then there is a great video on hacking here. It is especially big business in industries such as finance, where customer data can be particularly sensitive and if it gets into the wrong hands, very lucrative, which is often what attracts the hackers in the first place. As the saying goes, where there’s money, there’s hackers. What Can Be Done To Avoid Getting Hacked? Security Through Education The first defence against being hacked, is to be aware of what hacking is and how you can be hacked and this is something a good digital agency can help you understand. During the internet’s early years, the term “hacker” originally referred to skilled programmers or developers, experienced with machine code. These individuals would hack unsatisfactory systems to solve problems, very similar to the practices of “white-hat hackers” which we mentioned above. However, several of these original hackers progressed to more damaging activities, bypassing password protected computers and networks to become known as “crackers”. So essentially not all hackers are crackers, but all crackers are hackers… Confusing isn’t it, which is why today, the term hacker has largely come to refer to anyone who performs some sort of computer sabotage, hence the new distinction of white-hat hackers for ethical hacking and black-hat hackers for criminal hackers. Essentially there are two main types of hacking: social engineering hacking and technical hacking. Hackers using the social engineering method tend to focus on “hacking the human” rather than hacking software and computers. It works by tricking people into breaking normal security procedures to secure sensitive information. It exploits human psychology through emotional manipulation and it’s hugely successful. Technical hackers tend to be the stereotype most people bring to mind when they think of how hackers work. Typically technical hackers use algorithmic methods like scripts or other network programming to manipulate data passing through a network connection. These scripts allow the hacker to gain insights into how the system works, so they can further exploit it. Other common forms of technical hacking include: viruses, worms and Trojan horses. What both technical hacking and social engineering hacking have in common, is that they both use phishing strategies to at best unethically and at worst illegally obtain information. Remember: hacking is not limited to websites. Anything connected to the internet can be hacked. Security Through Anonymity Another good defence against hacking is anonymity. As we said earlier, most hackers are attracted to hacks that will be lucrative. This could mean lucrative in terms of money, information and even devastation. The latter is why celebrities often get hacked, because the devastation hacking can cause for individuals living in the public eye can be extremely far reaching. This is why anonymity can be a great defence against hacking. If hackers can’t see the value in hacking you or your business, the chances are they won’t. For more on security through anonymity, check out our other blog on why “security is everybody’s responsibility”. Security Through Vigilance Vigilance is another good defence against hacking, and it is important for businesses to encourage staff to be vigilant too. This means keeping an eye out for typical threats hackers may use to sabotage you. Admittedly this is easier said than done, because hackers continue to get more and more sophisticated, however, there are still some common places on the web that hackers exploit. Some of the most common things to look out for are legitimate looking emails from software and service providers or shortened links used across sites like Twitter, which disguise the true URL. The mantra in these situations is to “think about links”. Don’t click anything unless you’re absolutely certain the source is safe and check and double check that the URLs provided in any third party email communications fully match the senders live website addresses. Often hackers employ very similar URLs, differing by a little as a single character from the legitimate one, to trick users into thinking it’s legitimate and giving it a click. Practical Defences Against Hacking While the above strategies can help you avoid being hacked, there are some more direct security measures that can be put in place to deter hackers and good digital agencies like Pixelbuilders, will do many of these as standard best practice. Hosting providers like Rackspace (a Pixel partner) can provide regular server backups and provide real time notifications, so if they notice any suspicious traffic activity to your site, immediate action can be taken. Speaking of backups, at the WP Leeds event our development team attended on August 23rd, Tim Nash in particular emphasised the importance of taking regular backups of your site and files. Backups are great because it means you can restore your website to the last version you know worked. It also means you only need to fix or restore anything lost between your most recent back up and the compromised version of your site, which is a heck of a lot quicker, easier and cheaper than rebuilding from scratch. Pen testing, or penetration testing as it is also known, is another great method to boost your website’s security. Pen testing is the practice of testing a web system, application or site to find vulnerabilities a hacker could exploit so they can be solved. This type of testing can also go a step further and report on the potential impact a particular security breach could have on an organisation, so countermeasures can be put in place. Like the work of white-hat hackers, pen testing provides companies with a list of vulnerabilities they can then systematically work through to resolve. We found this to be a hugely valuable process for several of our bigger clients in sectors such as finance. If You Have Been Hacked If you have been hacked then the best strategy is to isolate the hacked site or system from the rest of your network as a damage control exercise. Once isolated you can identify the issue and ultimately the cause. This is where version control can be a huge help, because you can narrow down when and where you think the suspected hacking occurred, much more effectively. To Recap… Getting hacked is not the end of the world: You can learn from it You can secure yourself better once you know your weaknesses You can take steps to avoid it You can take steps to secure against it And if you have been hacked, you can fix it. If you’re looking for a secure website or web system, speak to one of our digital experts today to find out what we can do for you.