When you hear about big organizations whose websites are attacked and customers’ private information is compromised, isn’t it a relief to know that no nefarious foreign hacker would care about your blog or website?
Then it happens to you.
And if (or when) it does, you will be in the majority. Each of us has a 69 percent chance of being a victim of cybercrime in our lifetime. That’s according to an April 2012 study by Symantec, makers of Norton Antivirus.
Consider that in a volunteer-driven environment such as a church, a website may be built and maintained by a non-professional, or a blogger unconcerned with the nuts and bolts that make the site run. If infected, there is no protection — malware will begin downloading as soon as a site opens, barring browser protection software. Visitors could soon be sending spam links, and lose personal information or computer control.
A talented hacker with the right skills and software can compromise all but the most secure site or account — and face it, you aren’t the Pentagon. You can still use many safeguards to lower your risks or alert others.
Access protection. A website/blog is only as safe as the devices that update them.
Several past columns have offered safe computing suggestions, including current software and regular scanning, firewall protection and being alert to unusual popups and browser appearances. (See links below.)
In addition, the connection used is important. An unsecured wireless connection can leave your access information vulnerable.
Also important, the information your church may store — Social Security numbers, giving records, mailing lists, payment cards — could put members and ministries at risk if a computer storing this data is infected. If you are unsure of your protection, ask a professional. Get tips at bbb.org/data-security.
User protection. Those who update a blog or modify a site have an access name and password. Make both difficult to guess. If you use “Admin,” “fbcadmin” or “webmaster,” change it! These are open invitations to a hacker. Instead, use a long password that is secure (i.e., not on a note taped underneath a keyboard). Then change the password on a regular basis. If there was a default admin account, delete it as soon as a new account has been set up and tested.
Scan your site. If your site was created from scratch instead of with a content management system (publishing program) such as WordPress, Drupal or Joomla!, your security may not be automatically handled. That’s especially true with webforms that collect information and allow comments, the most unsecure part of a site.
CMS programs may offer plugins, such as WordFence.com (free and premium) for the popular WordPress blog and website platform. Know how to update your CMS to keep the site current, and immediately install any patches.
Backup regularly. If your site is compromised, having the information stored elsewhere beats having to recreate all the information. One of the simplest ways to backup a site is to use cloud storage such as Dropbox.com and a platform like Mover.io or a plugin to move the files. Both are free.
Be prepared. What happens when you receive a notice that indicates your site is compromised?
If you’ll need a specialist, know in advance who that will be and his/her qualifications.
Google Webmaster Tools notifies website owners when malware is detected, while warning users to avoid the infected site, eliminating most of your traffic. But it also provides extensive step-by-step instructions and easy-to-understand videos to repair the site and the amount of expertise needed to fix it (google.com/webmasters/hacked).
The nonprofit StopBadware.org provides education and discussion forums to help those creating or cleaning up a website to prevent malware and clean up common hacks. A clearinghouse search allows you to see if a URL is currently blacklisted.
Don’t risk your reputation — or your church’s — over an unsafe website.
Ken Satterfield is a former media specialist and curretly marketing coordinator for Word&Way.