Blogging: I Got Hacked And So Can You

20 Actionable Security Tips To Keep Your Site Safe

Guy in Hoody Hacking. It’s not just large, high profile retailers like Target and Neiman Marcus that get hacked. You can too.

The Target, Neiman Marcus and other retail hackings were the result of malicious malware created by a 17 year old Russian from St. Petersburg. To be clear, he didn’t actually hack the stores’ systems. He sold his software hacking kit for $2,000 a copy on the black market.

Over the weekend, the Actionable Marketing Guide website was hacked. Unlike major retailers where customers’ financial information was exposed, this site’s hacker(s) posted a racy ad under the header on each page.

We were lucky. My webmaster estimates that the break-in occurred less than 12 hours before we knew about it. He was able to locate and replace the compromised files quickly. We then proceeded to change usernames and passwords to prevent a reoccurrence.

This hacking wasn’t personal. Like Target and Neiman Marcus, it was about financial gain and experience. But it’s a warning for other bloggers and website owners. Hacking can happen to you.

Blogging-I got hacked

20 Actionable security tips to keep your site safe from hackers

So what can you do to reduce your blog or website’s exposure to hacking attacks?

Administrators and other users

  1. Never call your admin user “Admin”. This is the first thing that a hacker will try.
  2. Don’t use real names for the people who have administrative privileges on your website. Nothing that can be found on your site, directory or other social media profile.
  3. Have a backup administrator in the event that your admin is on vacation or unable to act quickly to restore your site.
  4. Keep the number of users and respective privileges limited. Don’t give your guest bloggers admin or editor privileges.
  5. Make sure that you have a level of redundancy. As with your administrator, ensure that someone within your organization can handle the system in case of an emergency or if the people in charge aren’t available.
  6. Remove people from your systems once they leave your organization. For companies, this should be part of your HR notifications. This is particularly important if the parting isn’t amicable.

Passwords

  1. Skip words that can be found in a dictionary. Skip birthdays and spouses’ and children’s names.
  2. Don’t use the same password across multiple sites. This is particularly important for people in your organization who work on more than one site.
  3. Don’t use a common password for everyone in a firm or department. The worst case is using something as universal or guessable  such as “Password” or your firm’s street address (150Madison).
  4. Don’t make your passwords so complex that people can’t remember them. When I worked for a major international bank, this was a common problem—and where did employees store their passwords? On a posit under their blotter.
  5. Use at least 8 characters for your passwords. Include a combination of upper and lower case letters, numbers and symbols.
  6. Understand your risks. Realize that signing into sites or allowing a website to see information from your computer or login to a social media profile can comprise your information.
  7. Update/change passwords on a regular basis. Even if you think you’ve kept your passwords safe, you can’t be 100% certain that they’re not on some old backup disk or in an old email archive.

Communications

  1. Don’t send usernames and passwords via email. If you have no other option, send the username and passwords in separate emails. Especially don’t put the word “Password” in the subject line.
  2. Limit communications to one person at a time. For example, don’t send a list of people an email with the same password.
  3. Always change passwords sent by third parties. This includes a range of services such as your hosting company.
  4. Have a crisis plan. Be ready to respond quickly to any issue.

Backup

  1. Make sure that you regularly back up your files and database (if your website has one.) If you have a technology department that’s responsible for this, this is a good time to go over and talk with them. If you don’t have a technology department, call your technical support person and decide how you should handle backups and where they should be stored. (Note: This is important in case of other emergencies such as a fire.)
  2. Have the contact information for the person who can restore your files if necessary. Make sure that the appropriate people can get in touch with this person, especially if it’s at night or on a weekend.

Software

  1. Upgrade important software whenever there’s a new release. To this end, make sure that any blogging or other marketing sites are part of your technology department’s checklist. The reason for this is that when new releases of software are made public, they announce the security holes that have been fixed. Therefore, hackers learn where to look to hack websites that are still using older software versions.

Realize as I did that hacking isn’t about you. There are people and bots out there that consider this a challenge and will try this just because they can.

Happy Marketing,
Heidi Cohen


Heidi CohenHeidi Cohen is the President of Riverside Marketing Strategies. You can find Heidi on , Facebook and .

 


Social Media Success Summit Register Now And Save!

 

Content Marketing World 2015   I'll be there. Come and join me!CMW_2015
Get $100 off the registration fee – use our promo code: Cohen

 


Free eBook — The Video Marketing Handbook

Everything you need to build a video marketing strategy.

The Video Marketing Handbook covers everything from video production through to optimizing and tracking your video's performance. Vidyard has partnered with experts to bring you an incredible resource packed with inspiring examples and proven best practices.

  • How to introduce a storytelling culture at your company
  • Types of videos you'll want to produce throughout the funnel (and their strategic purpose)
  • What a typical video marketing budget looks like (for in-house or outsourced assets)
  • Defining your video marketing goals and strategy
  • Using analytics to determine your success with video
  • Generating new leads with embedded CTAs
  • Using video viewing data to score and qualify leads
  • And much, much more!

Download This Free eBook Today!

 

 

Related Articles

 

Photo Credit: http://www.flickr.com/photos/svenjajan/3128894157

Tags , , . Bookmark the permalink.

5 Responses to Blogging: I Got Hacked And So Can You

  1. FromPushToPull says:

    Thanks for sharing your experience, Heidi. This is valuable to know and this is a good list of safeguards to implement. I have found that blocking spammers IP addresses is also helpful to prevent the same spammer from repeat abuse.

  2. Shannon says:

    I just don’t understand why people *still* use easily guessed passwords. Not to suggest that’s what happened to your site. But people tend to use the same password everywhere they go online. All that does is ensure that the hacker gets to log in to ALL of your accounts.

    I use Roboform. It’s a safe and secure no-brainer way to generate and remember very strong passwords. No keylogger will benefit from my browsing habits. One click and I’m logged in to whatever site I belong to. No typing, or remembering, passwords.

  3. I just wish that hackers and people who do similar activities would channel that energy and time into something useful and productive. This world would be such a better place. Glad you got everything worked out!

  4. Rob Newman says:

    My customer’s site was hacked even though he used a complex password. He’s a painter who style reflects Norman Rockwell. His password was “Rockwell123!!!” He was shocked that his password was discovered.

    I explained that a “person” did’t sit there and guess his password. Instead, a malicious computer program tried logical password possibilities. A website with a strong Norman Rockwell influence could probably contain a password that was also influenced by the same famous painter. Adding a sequence of number and special characters to the end of a password is a very common practice by people.

    My advice: Think of a combination of letters, numbers and special characters, mix ’em all up, and then use that jumbled mess as your password.

  5. GREAT TIPS HERE
    PASSWORD THING
    IS REALLY GREAT
    BEST
    REGARDS
    SAVING IT