5 Ways Your Website can be a Cybersecurity Risk
You might not think that your company's website is a cybersecurity risk factor for your business, but in today’s digital world, it definitely can be! How?
Here are 5 ways that your company website can be a cybersecurity risk.
1. Classic Watering Hole
Think of your website as a classic watering hole. If an attacker wants to gain access to your business systems, then targeting your website is an excellent way to do this. Like a watering hole, your team is going to visit your website consistently and therefore is less likely to be picked up in any kind of malicious activity on your site.
If you're running a content management system and the attacker can gain access to the admin area, they know that it's going to be one of your authenticated team members accessing that area of the site and this allows them to be very specific in their targeting. Note that your clients could be targeted as well using the same watering hole tactic. So whether it's your business or your client's businesses that are the target of the attacker, allowing the attacker to replace legitimate links on your website with malicious links could lead your clients to download software that has malware included. This is not good!
2. Credentials are Risks
The second factor that can compromise your website is when an attacker can replace a legitimate forgotten password recovery tool with a tool of their own. Then when your team is prompted to recover their own password, and put in their username and password for the website, it will instead go into a system the attacker controls. Often your team will be using the same credentials for your website, and for other business systems so a savvy, sophisticated attacker can easily access credentials which might not seem important otherwise.
3. Social Engineering
Websites by nature are publicly accessible. An attacker will be able to determine not only the software that your website is running on and the problems you and your team typically counter running it, but also they can even find the name of the company that built the website for you. By contacting your team purporting to be from that business and asking for some help to diagnose a problem with your website, your team can inadvertently be lured into installing malware on your business system which gives the attacker access.
4. Business Infrastructure
Your website needs to be hosted on a web server somewhere. Sometimes businesses use their own hosting infrastructure. If an attacker compromises your website, it can escalate that compromise out to the web server as a whole. So, if you're running other business systems on that web server such as email, customer relationship, or management software, then the attacker can gain control of those systems as well. Alternatively, the attacker could use your web hosting infrastructure as part of a botnet for general malicious or criminal activities. This now leads to our fifth cybersecurity risk.
5. Business Reputation and Money
Your business has a website to help support marketing communication efforts and in the end, make you money. If an attacker can compromise your website and use it for hacking, spamming, malware distribution or other malicious activities, it can lead to your legitimate business IP address and the main name being added to a blacklist.
This can seriously hamper your ability to communicate with your client and the general public which can also lead to a direct and indirect loss of earnings and revenue.
Knowing this info is the first step to avoiding being victim to a cyber attack but now what can you do to prevent it? A key component to this strategy is to choose a reputable WordPress agency as your partner so that they can help you plan, build and host your site in a secure way.
We at Bwired have you covered, and take care of things such as backups, security maintenance, and scanning, as well as training and support for your staff. Visit us @ bwried.ca
About Bwired Technologies
Celebrating its 10th year, Bwired Technologies empowers digital leaders by creating competitive advantage through the design and development of robust web, mobile, and digital solutions. The company’s Rhyno Cloud™ also integrates high-speed hosting, cybersecurity, maintenance and support into one fully-managed solution. Visit Bwired.ca
At the dynamic cross-section of Digital Technology, you’ll find Dan. An experienced technology strategist with a strong understanding of business and agile software management. Dan founded Bwired in 2009. He holds an iMBA degree from the University of Illinois, a bachelor's degree in Economics and Business Administration from Wilfrid Laurier University, and a Software Product Management Specialization from the University of Alberta.