Last week, I taught you a few things about how to get your small business’ website back online after a hacker had gotten in and messed with a few things. Whatever they did, it did not represent the best interests of your company, so we went in and fixed it. However, now that we have your site back up and running, we turn to the more important topic: How to keep a hacker from pulling the same stunt on you again in the future.
Web Security 101: Think like a Hacker
First of all, remember one thing: Hackers aren’t stupid. These are people who know computer architecture at least relatively well, have access to the internet, and have a lot of free time on their hands. A good hacker is equal parts programmer and behavioral psychologist. As such, the worst thing you can be is predictable. As a learning aid, check out this study on the most common passwords in 2011.
If your old password was on this list, doesn’t that kind of explain how you got hacked? Even if your server has a lockout limit of 3 tries (that is, after the third incorrect try, it locks the account and makes you reset your password), I, as a hacker, could hack your site in 13 days without you ever knowing anything is wrong, if your password is any one of the top 25. And I guarantee you this works for over half of online accounts. So choose your password carefully: The last thing you want to be is popular on this one.
And, seriously, if your password is “password,” “passw0rd,” “p@$$w0rd” or anything that even vaguely resembles “password,” you need a stronger password. Don’t be naïve.
That’s all I’ve got for this week. Next week, I’ll wrap things up with some useful tips on creating passwords, and how to best protect your company’s data.