January 3rd 2019 was a bad day for Luas the Dublin Tram company. Hackers had targeted their website and defaced it.
The operator Transdev Ireland, were threatened with data being published on the internet unless a ransom demand of one Bitcoin (approximately 3,300 Euros or US $3,800) was paid.
In this case, the site has no data stored on it’s server relating to clients or client transactions, the actual ticket purchasing is done on a seperate site with no data stored on luas.ie.
In this particular case we can be pretty certain that the defacement is harmless (other than being an inconvenience).
What about your site?
So, the question has to be asked, what would be the impact on your business if your business website was hacked? How can you reduce the risks?
If you store data on the website about clients (even the information captured on contact forms) you may find yourself in a difficult position. We are not saying don’t store this data, we are asking you to think about how the data is stored and managed.
- Do you need to store the data on the website?
- Is the data encrypted?
- Do you delete the data on a regular basis? (Once you have dealt with the data, remove it).
These simple questions should be answered as part of your GDPR documentation, Website Cookie and T&C’s anyway.
There are a lot of other questions that should be asked, these are more to do with good housekeeping than anything else.
- When was your website last updated?
- Do you have a site and database backup from that updated?
- Do you have automated scanning and virus protection on the server where your site is hosted?
- If your site is hosted with a 3rd party, what guarantees do they provide with regard to securing your site?
Many third party hosting companies will take your site offline if it is hacked or infected. Having a recent backup with all of the content and database backup will reduce the time it takes to get your site back online. Of course the original vulnerability still will be there, but you will be back online whilst the site logs are inspected to locate the hack method.
If you don’t have a backup, then you may be lucky and your hosting company may have a copy they can restore but this is usually at a price.
We quite like WordPress sites, yes they can be slow to load and you have to do a lot of optimisation to keep load times down, but the number of plugins that are available to help make life easier is amazing.
Of course, being a popular choice for DIY enthusiasts who love to totally manage their own sites makes the WordPress Framework a target for hackers.
As a result there are several solutions (plugins) that provide protection. Wordfence is one of the best known and offers a great deal of protection, even in the free version.
Further information and support
You can contact us for support requests about protecting your website, hosting and other security concerns by completing the form below.