Both Google and Lenovo had website hacks this week – one of Google’s many international sites and Lenovo’s major site were victims. This type of hack can be easily executed on small business sites also. Imagine, if the criminals can get to these giant corporation sites with their massive security measures, think how much easier it would be to get to a less secure small business site. And it isn’t only activists that want to disrupt sites. Security experts say website hacks are increasing.
How the Hack Is Done
The hacker locates your domain address at a registrar. Your domain name (yourbusiness.com) has the equivalent of a phone number to reach your site – a domain name system record, referred to as DNS#. Every site has one. It’s how traffic is routed through the Internet. This DNS# is also called an IP address and has a layout like this: 188.8.131.529.
If a criminal gets to the numeric IP address of your site and can change it, he can reroute traffic to another site and control your website. From there, it is easy to change your website content. If the hacker also changes the MX record which defines the mail server, he can now read your emails.
What a Small Business Can Do
Make sure that your domain name registrar has strong security measures for changes to domain names. Talk to your provider about domain name privacy. For a fee, often under $25/year, the company will mask your domain name details and register proxy information. It makes it harder for a hacker to find details about your technical support and domain name ownership.
If your registrar offers two-factor authentication or a callback process for verification before processing a change to a domain name, use it.
Consider buying similar domain names so a hacker can’t easily reroute to a name that your website visitors think is authentic. You don’t have to host the additional names anywhere. Or you can do a redirection to your actual site. Think about names with similar spellings, with hyphens between words and extensions such as .net and .biz.
If you are not comfortable that the security measures at your domain registrar are strong enough, move your domain to another company. There are a number of reputable registrars. Shop around for one that seems highly security minded. A few more dollars a year is well worth the extra security they provide. Many good registrars will help you transfer your domain name to their registry.
Please follow us on Twitter!