(and What to Do If You Are)
According to Sophos Labs, over 30,000 new websites are identified each day distributing malicious code to users. Roughly 9 million websites are currently considered “hacked” by Google even though the search engine quarantines approximately 10,000 websites a day using its Safe Browsing Technology.
All websites, from personal blogs to the largest corporations, stand a chance of being hacked. There’s a huge amount of malicious code out on the internet and relatively few preventative measures a site owner can take. Small- to medium-sized businesses are especially at risk due to the fact that premium web security options are likely out of their price ranges. Knowing how to recognize, prevent or eliminate a web security problem is a must for the independent business owner.
Are You an Easy Target for Hackers?
There are two kinds of malicious attacks that could affect the security of your site: attacks of opportunity and targeted attacks.
An attack of opportunity is random in the sense that the hacker is not looking for your site in particular. Hackers use automated tools to scrape the web searching for security vulnerabilities they can exploit, then infiltrate and attack. These tools make it easy for cyber criminals to cast a wide net so that they can target the most vulnerable, easy-to-access sites they can find.
Targeted attacks, meanwhile, take considerably more time and skill. Hackers specifically target a website, usually a large business or government agency and often to gain access to protected information and customer data. Prominent recent examples of targeted hacks include attacks against Target and the IRS. These attacks are calculated, require a high level of hacking ability, and can compromise important information.
Finding Out You’ve Been Hacked
Though Google itself cannot help much to prevent hacking, they will notify you (as well as users) if they believe that you have been hacked. You’ve likely seen search results paired with the message “This Site May Be Hacked.” That’s Google’s handiwork. You can imagine the kind of havoc that kind of message can wreak on your website’s credibility, click-through rate and search performance.
Google will also likely send you a message via Google Search Console, a free tool for webmasters. Search Console can display a variety of errors with a plethora of possible solutions, as outlined in the infographic below:
Staying vigilant can help reduce the chance of your site being hacked. Here a few tips for proactively bolstering your website’s security:
- Consistently maintain and monitor your site so that you can be immediately aware of any potential issues or threats.
- Follow good coding principles.
- Choose difficult passwords to help protect your site.
- Limit login attempts or enable two-step verification.
- Keep your software up-to-date.
- Keep a clean backup of your site’s files and keep it current so that you can restore it if necessary.
Knowing how to identify and quickly respond to each type of alert Google sends you can make the difference in maintaining your site’s credibility. Once you’ve corrected the problem and your clean site is brought back online, it’s important to let Google know so that your site won’t continue to be flagged. Make sure that your pages are available and clean and that you’ve verified ownership of your site through the Search Console, then submit a reconsideration request or request a malware review. Google will scan your site. If it’s clean, they’ll will remove the warning from your site. Reconsideration requests can take a while to go through, so check Search Console often and try to be patient.
Hacking can be hugely dangerous, especially to small- or medium-sized businesses, but by taking the proper precautions and knowing how to quickly respond to alerts in Google, you can correct vulnerabilities before they become detrimental to your site’s performance.