During the last few years, the internet has seen unprecedented growth – to some extent, due to Covid19 with more people working from home than ever before. This has also meant an increase in ‘bad actors’: cyber attacks and hacking events are on the rise, along with security / data breaches and the seemingly endless notifications of ‘security incidents; being reported by both large and small businesses around the world.
Across our services, we have seen large increases in unauthorised access attempts – especially from so called ‘brute force attacks’ – script bots that “sit” on login pages and try many thousands of possible logins.
Why do they do it? They are keen to break in to sites to steal customer information, credit card data, passwords and more. At the least malicious level, this information is used to send out spam; redirect website traffic to adult websites and to cross-check against other stolen data to enable them to create further hacking opportunities. At the more malicious end of the spectrum, the stolen data can be used to blackmail or demand ransoms, or be used for ‘social engineering’ or for attempts to steal money from you or your bank account, often creating even more opportunities for malicious attacks.
When hacking occurs to your business or organisation, it usually causes huge disruption, potentially messing up your website, causing hours of time to fix, creating anxiety and distress and of course can be quite damaging for you and your customers. Quite often this can harm your online reputation too, which can take months to repair.
New Zealand clients also need to report certain hacking breaches to the privacy commissioner, as detailed in the updated NZ Privacy Laws – and this could expose you to large fines, in the case of your negligence around security of data.
Our Recommendations
Most of these suggestions are now mandatory for our customers, but helpful to know;
- Ensure you are a paid up member of the Club Purple maintenance plan.
- Use Google reCaptcha for website logins (especially important for ecommerce sites).
- Update your primary domain DNS to utilise CloudFlare CDN – this provides a speed boost to your website as well as a powerful additional firewall.
- Where possible implement Two Factor Authentication for logins.
- Make sure passwords are up to date, not used elsewhere, and are strong.
In regard to privacy and security, all of the above are important to help protect you and your customer’s – data. To comply with the 2020 Privacy Law update, you must also have a robust privacy policy and comprehensive plan in place and published on your website. In this respect, it is also a useful opportunity to consider what security policy you have in place.
Get Help With Your Online Security and Privacy
At Purple Dog, we are very aware of the importance of a robust security and privacy policy. In our experience from cleaning up hacked websites, we have developed an in-depth understanding of best practice and effective methods to protect important data. We provide audit opportunities for clients who would like to understand their potential risk exposure, along with mitigation strategies. In the first instance, we offer a Security and Privacy Review which follows a process to examine and report on how your business or organisation is doing, along with recommendations that can be implement yourself, or that we can implement for you.
This will help you to understand and address any potential weaknesses, provide solutions for strengthening your procedures, and offer a plan on moving forwards. All of this is designed to have a minimal impact on your existing day to day operation, so that you can get on with running your business, without too much extra hassle or inconvenience. To find out more, please get in touch: