Malware is coming for your website. Sounds alarmist, right? But consider a 2017 white paper from research firm Cybersecurity Ventures, which notes that every 40 seconds another business falls victim to a ransomware attack — despite worldwide cybersecurity spending that’s quickly approaching the $100 billion mark. But there is good news: Fast, effective malware removal is not hard to find.
Under attack? Step to the front of the line with Website Security Express — clean up starts in 30 minutes or less. It also includes a web application firewall (WAF) for ongoing protection.
If you think your website needs malware protection, you’re probably right. If you think attackers will take a pass because your site is “too small” or you don’t have enough data, you could come to regret this. Why not take steps to reduce your malware risk now?
The malware lifecycle
Cybercriminals don’t rest on their laurels. As digital security providers and researchers unpack one iteration of malware, attackers develop a new strain or a new tactic that’s never been seen before.
As noted by Forbes, some attackers are using data gleaned online to perform account takeover (ATO) attacks.
Once inside the network using legitimate credentials, attackers can steal user data, hold corporate secrets for ransom or install persistent malware threats.
Too often, small companies hear the term “malware” and associate it with large-scale, website-crippling attacks such as targeted DDoS campaigns. While this is one facet of malware, most infections are designed to go unnoticed for as long as possible, giving attackers time to collect data on company operations, current web security and employee behavior ... then silently slip into critical systems.
Spot the warning signs
Not sure if your website is infected with malware? Join the club. Attackers recognize the value of making their malicious code look and act the same as legitimate applications and requests.
Malicious code has one goal: To create a “crack” in your digital defences that hackers can slip through.
Still, if you’re paying attention it’s possible to catch the telltale signs of early-onset malware infection. These include:
Poor site performance
If your site struggles to load and users suddenly report performance problems, malware could be to blame.
Page changes
Have pages or links been modified from their original versions? Hackers love to insert malicious links that, when clicked, take users to “drive-by” malware sites or create pages that look legitimate but are fake. The goal is to trick unsuspecting users into submitting passwords and other private information to the fraudulent site.
Troublesome traffic changes
Photo: Joey Banks on Unsplash
Increased network traffic is a good thing — if it correlates with increased customer or employee behavior. If you’re seeing traffic spikes without a commensurate uptick in unique visitors, malware could be at work behind the scenes.
Email issues
Email marketing remains a critical part of prospect conversion for many small businesses, but hackers could use malware to take control of your email list and start sending out their own malicious emails. Listen to your website visitors — if they tell you something isn’t right, pay attention.
Best practice makes (almost) perfect
Next up? Perform a security audit to figure out where you’re ahead of the curve and close any gaps hackers might use. Follow this list of tasks:
1. Update all applications and scripts
Are your applications, scripts and APIs the latest available version? Are any currently making headlines for big security gaps? Manually update everything. If you haven’t already enabled auto updates, learn how to set them up for:
If you use WordPress for your website or blog, you’ll need to update it as well, including any plug-ins and themes you’re using. While you’re at it, delete any plug-ins you’re no longer using.
Photo: Glenn Carstens-Peters on Unsplash
2. Delete old accounts
Employees come and go, but their user accounts often hang around just waiting for attackers to exploit. Identify and remove old accounts.
3. Punt weak passwords
Weak passwords like “password” or “123456” make it easy for hackers to break into your website. Use strong password rules to limit risk. Learn how to pick strong passwords here.
4. Scan your system
Run a malware scan like Sucuri’s free SiteCheck to see if you’ve picked up any malware. Or automate the process with a malware scanner like GoDaddy’s Website Security. This tool scans every page of your website once a day and includes automatic malware removal. The Express and Deluxe plans come with a web application firewall (WAF) to screen out suspicious traffic before it ever reaches you.
One security strategy you might consider now is adding SSL encryption to your website. This digital certificate encrypts everything that flows between your website and visitors. That means nothing visitors or clients submit to your website — names, emails, passwords, banking details — can be intercepted or stolen. No reason to make this easy for hackers.
Early malware removal could save your business
Malware is evolving, and all attackers need is a crack in site defences to wreak havoc. But website owners aren’t helpless. Watch for the signs — unexplained traffic spikes, slowdowns or strange site behavior could point to malicious actors.
If you really want to limit their chance of success, conduct monthly security audits. Scan your website for malware, update your operating system and apps and implement security best practices. And if you discover you’ve been hit by a malware attack, go with GoDaddy’s malware removal and WAF solutions to scrub your website clean and prevent future infections.
