Almost every day there is news about websites getting hacked, organisations getting infected by ransomware or malware, and businesses suffering massive losses due to stolen data. In fact, Google blacklists thousands of malicious websites daily. These websites are created by hackers and are identical copies of legitimate sites. The idea is to trick users into revealing their login details and sensitive information like credit card numbers and bank account details. In this environment, you’re smart to be thinking about virus protection.
If your website is already infected, check out GoDaddy’s Express Malware Removal. It can start cleaning up in as little as 30 minutes.
In this article, we touch upon the key things that you need to know about malware and virus protection.
5 things you can do now to protect against viruses
Viruses and malware can bring a business website crashing down. If you haven’t been infected yet, use these virus protection tips to minimise your risks.
Invest in a malware removal tool.
Add SSL encryption.
Make regular back ups.
Keep everything updated.
Review your PCI compliance.
Before I list the preventive strategies, let us first discuss the scope of the problem and how it could endanger your business.
Viruses, malware and other threats
Essentially, malware is a piece of software written by a hacker with a specific intention. The intention could be various things, and the motive is usually financial gain. A hacker might write a malware to:
- Steal sensitive data such as login names and passwords.
- Inject malicious code that allows them to take over a website.
- Deface the website.
- Use the site for phishing.
They could also be looking for information relating to your business, to sell it to your competitors.
How does a website get infected?
Every website is hosted, or stored, on a server on the internet. This is what makes it possible for people anywhere to view the site whenever they like.
Servers are powerful computers that run 24×7 and host multiple websites. A hacker will try to infect the web server that hosts your website. On finding the software code for your website, the hacker will make modifications and insert his damaging code. That could infect one of your web pages or your entire website.
This malicious code is then copied to the computers of anyone who visits your website. And that’s how it spreads.
What are the risks to your business?
If your business website gets infected by malware, your customers are in grave danger. If they learn about the infection, they will most likely not transact on your site or simply avoid visiting it.
Your business’ reputation would take a beating. Customers would lose confidence and trust.
Hackers who steal login credentials of your customers could make fraudulent purchases using stolen credit card numbers. They can then plant malware on your customers’ computers and use these as ‘zombies’ to access other web servers.
A large group of zombie requests to a web server will result in unnecessary traffic to that website — and deny access to legitimate visitors. This is called a distributed denial of service (DDoS) attack.
Apart from that, hackers could steal confidential business information from your databases on the web server — and sell it to competitors. They could potentially study the techniques you use on your website to get better search rankings on Google — so that your competitors’ website would always appear before yours in search listings.
The Google blacklist
If Google finds that your website is infected, it will add it to its blacklist and your website will not appear in search results. Clients who try to go directly to it will receive a big, bold warning.
Any business that depends on its website to carry out day-to-day operations will suffer if its website suddenly goes offline. The consequences include:
- Huge inconvenience until the site has been restored to a clean state.
- Loss of credibility and goodwill.
- A decline in business and clients.
- Financial hardship due to what it costs to fix the infection.
Hackers could also do horrible things like defacing your website pages and replacing these with their own pages. That would be embarrassing.
So, there is a loss of reputation, loss of trust and loss of business opportunity.
What you can do to prevent future infections
Hackers will always come up with new, ingenious ways to attack websites. And the more sophisticated the website, the more likely it is to be targeted. (By sophisticated, I mean more features — like shopping carts, analytics, online payment options, etc.)
Even if you use the best security defences, there is no guarantee that your website will not be attacked in the future. But here are some virus protection strategies that can minimise the likelihood of that happening.
1. Invest in a malware removal tool
Removing malware from an infected website requires expertise. This task is often done manually by security experts.
You can avoid this scenario by installing one of the malware removal tools that are available online. They are both effective and reasonably priced.
GoDaddy offers one such tool. Website Security scans your entire website and automatically removes any malware it finds. The Express and Deluxe plans include a web application firewall (WAF) that proactively prevents malware from reinfecting your website.
2. Add SSL encryption
Secondly, I recommend you get SSL protection from a reputable Certificate Authority (CA). One such CA is GoDaddy, and you can view all their plans here. The SSL certificate is a digital certificate and it does the job of encrypting anything entered by customers on your website. This encryption keeps hackers from stealing sensitive details in transit.
3. Make regular backups
Thirdly, always run daily back ups of your website. That way if your website does become infected, recovery is much easier because you’ll have a clean copy to revert to.
Website Backup from GoDaddy includes automatic daily backups, built-in daily malware scanning and one-click restore.
There are basic manual backup tools offered with WordPress and other content management systems (CMS). However, if you want automatic, set-and-forget daily backup and advanced restore capabilities, you can get a premium Website Backup. If the worst should happen, it will take only a single click to restore your website to a clean state.
4. Keep everything updated
Next, ensure that your CMS is updated. A CMS is an application — WordPress, Joomla or Magento, for example — that’s used to create a website. You should also ensure that plugins, operating systems and all software on your web server are regularly updated.
Software updates often include patches for recently-discovered malware and viruses. By updating your software as soon as you receive notification, you minimise your risk of infection.
5. Review your PCI compliance
Finally, if you are accepting payments on your website, then you must ensure that it is PCI- compliant. The Payment Card Industry (PCI) Data Security Standard is a set of requirements that businesses must satisfy if they accept major credit cards. In some cases, businesses are required to pass a quarterly vulnerability scan.
Virus protection takes vigilance
There is no silver bullet to prevent your website from being infected by malware. But you can try the various approaches described in this article to minimise the chance of that happening.
And do remember, an infected or hacked website means loss of reputation, loss of trust and reduced business opportunity. So it would be worthwhile to make the investments needed to secure your business website.