On Friday afternoon, Facebook made the shock announcement that 50 million user profiles had been maliciously hacked early last week. Included in that number, were the profiles of Facebook CEO, Mark Zuckerberg as well as Sheryl Sandberg, Facebook’s COO. In addition to those 50 million, Facebook has also conceded that another 40 million could also have been affected through the same vulnerability, the “view as” feature, that has allowed hackers to gain access into potentially 90 million people’s profiles. For a platform of the size and scale of Facebook, which houses the personal data of up to 2 billion people worldwide, a successful hack can, and does, have catastrophic consequences. Unfortunately for Facebook, this is something they know all too well, having suffered incredible losses earlier this year during the Cambridge Analytica debacle as well as a scattering of other security-related blips throughout 2018.
As digital marketers, a huge part of our jobs is to ensure that any personal data we collect on behalf of clients, through blogs and websites, is kept under lock and key. With hacking behaviour becoming worryingly more common in the digital world, and the safety of our data at a higher than ever risk of being compromised by malicious actors, it is paramount we as the responsible party, take the precautionary steps to minimise the risk of hackers accessing it.
Here are some of the things you can do to help protect your website and its data from being breached:
Perform regular software updates. It may come as a surprise to learn that not keeping your software running in it’s latest version, can significantly increase the vulnerability of your site. Popular content management systems, such as WordPress regularly run bug fixes, perform updates and manage any other defects in their software that could potentially open up vulnerabilities to malignant hackers. Doing something as simple as updating your software from time to time, can considerably improve the security of your site. By the same token, make sure to regularly install updates of any plugins that you use and delete any that you no longer require, particularly if they are from third-party providers.
Install a Web Application Firewall. A Web Application Firewall acts as a protective layer that filters out any incoming bad activity from the good. WAF’s can be cloud-based, host-based or network-based although a cloud-based firewall is probably the most simple to deploy because they are low cost, available through a subscription and require the least technical know-how to set up. Web Application Firewalls have the ability to block a whole host of malicious attacks including cross-site scripting, SQL injection, impersonation and more.
Switch over to HTTPS. If you haven’t already made the move from HTTP to HTTPS then this should be made a priority. By switching to the HTTPS protocol, you are adding in an additional layer of encryption to your HTTP that conceals sensitive information when it is transferred between a website and server. Not being on HTTPS also affects your ranking in Google Search, so there’s no reason not to do it.
Make your admin login page harder to locate by hackers. For WordPress based sites, reaching the admin login page is as simple as adding “/wp-admin/” at the end of the URL. Many Content Management Systems allow users to rename the default database prefix to something else, so make it as difficult as possible for any potential hackers and rename it to something as arbitrary and obscure as possible. You can also set up additional security parameters for your admin login, such as limiting the number of login attempts within a specific amount of time or restricting access to this part of the site to a number of individual IP addresses.
Strengthen network security with secure, and regularly changed passwords. This step should be a no-brainer, but we’re all guilty of using easy to remember passwords and, worse yet, the same password for different accounts. Passwords should be changed frequently, be a combination of upper and lower case letters, special symbols and numerals and at least twelve characters long. Where possible, avoid writing down passwords but if you need to, you can store them in an encrypted format.
Make backups of your site. Whilst making sure you have recent backups of your website will not prevent hackers gaining access to it, it will make it much easier to restore if it does get hacked. It’s a good idea to schedule regular backups in case you forget.
Don’t wait until it happens to you to take the necessary measures:
The bottom line is that we can’t one hundred per cent guarantee that we will never get hacked in the future, but taking the precautions outlined above is a sensible way to add a layer of security to your website. You wouldn’t leave your house or car open to thieves, so neither should you with your website. With frequent updates, checks and backups, you will significantly mitigate the risk of hackers gaining entry to your site and misusing any sensitive data that they find there.