Raiding Your Business Without Opening a Door

YOUR COMPANY’S WEBSITE IS JUST A CLICK AWAY, SO MAY BE ITS DOWNFALL.

Most businesses consider security an essential part in protecting their employees, their product, and even their office. They’ll often lock up executives’ offices, file cabinets, and outside doors after every work day to protect unwanted intrusion.  They may even have a more sophisticated security system that includes motion detection sensors, window sensors, and night vision HD Cameras throughout the building with a security guard and check-in desk at the entrance. Either way, it’s clear that most businesses are rightfully concerned about their assets falling into the wrong hands, such as thieves or local competition, and are willing to go to great lengths to prevent it. But what’s often overlooked, in the process of spending a respectable sum of money and time on protecting an entire office, is their online presence.

Protecting an office building while leaving the company’s website vulnerable is almost like a Bank keeping half their money in a vault and the other half in the parking lot. With half the money in the parking lot, unguarded, it’s just a matter of time before the wrong person takes notice. The same applies to a vulnerable website eventually attracting cyber criminals, or hackers.

“The website’ homepage only displayed a ransom note demanding money…”

Hackers have the ability to extract all kinds of information from a company’s website, depending on the type of content and activity being hosted of course, and use that information for financial gain, political agenda, or to simply damage your business. Whether it’s to extract sensitive personal information, including financial data, or the intent to completely wipe out your website, hackers have many different ways to succeed when proper security measures haven’t been implemented.  Robert Gallione, an online security expert at Green Group Studio, has even seen sites hijacked for ransom. He says, “There was a client who came to us for help after their entire website was taken offline from injected Malware. The hacker was able to exploit a security vulnerability within this client’s content management system to hijack and encrypt the site, effectively taking it down. The website’s homepage only displayed a ransom note demanding money to have it unencrypted and working again. We were able to resolve the issue by restoring a backup that was taken prior to the attack, and then made the necessary patches to their website’s code to prevent any future vulnerabilities.”

As hackers become more sophisticated, proper measures to safeguard a company’s website is proportionately growing even more important. Just as a burglar can enter an office through an unlocked window or door, or even gain access through a stolen key, hackers have a myriad of options to find a site’s potential weaknesses. Robert warns that the most serious threats to a site’s online security comes from SQL injections, Cross-Site Scripting, Brute-Force attacks, and Malware. “Websites can be exposed to these types of attacks at any time, but with proper protection from a professional it can certainly be stopped,” he adds. 

Robert Gallione and the rest of Green Group Studio’s web security specialists can be reached at [email protected].