The Reciprocal Consulting Blog

There has been a lot of background noise in recent days about website security – or rather the lack of it. One phrase that has been coined, probably by a journalist eager to sensationalize things, is the danger of a digital 9-11 attack. There’s no doubt that many businesses and governments aren’t protected sufficiently to ward off such an attack, but what about smaller businesses – how much protection do they need?

If we’re talking about a digital 9-11 attack, I don’t think small businesses need to worry. Any attack of that nature is going be directed at governments and financial sectors. That doesn’t mean you are safe from other attacks. Most businesses lack any real security measure to protect themselves, yet a small digital attack on their website could do immeasurable harm to that business’s reputation.

We can’t do much about the causes of these attacks. In some cases, people are targeting a business because of its policies; in other instances, it is purely random. So how can you protect yourself? There are a number of ways.

First and foremost, regularly back up your site and your database if you use one. Every day is the ideal situation with the backup copies stored away from your server. With backups, you can at least restore your site to a good copy should anything untoward happen. Your website should also include software designed to block hackers and viruses from getting a foothold. It is estimated that websites unknowingly help to spread 15% of all computer viruses and malware. I am sure you wouldn’t like to see your website suddenly listed as a malware site.

Your reputation is important. Take the steps to protect your website, and to protect your visitors. At the same time, you will be protecting your own online reputation.

A call came in and it was a client asking why he wasn’t getting any sales. A quick look at his website revealed that it was flagged as a malware distributor. The client was spending hundreds of dollars a day on PPC ads. No wonder he wasn’t making sales.

If you’ve been hacked and the hacker has inserted a Javascript code or malicious malware onto your site, its files and folders, or on your server somewhere then it doesn’t matter how much money you spend on advertising or how well written your PPC ads, Google will flag it as a malware distributor. Visitors to your site wills see a big red interstitial ad notifying them of the danger. You’ll lose money so pause your PPC campaign immediately.

In order to clean up the site you need to take a look at all your files, particularly the index files in each folder, and see if there are any code insertions that don’t belong. If so, remove them.

After you have removed the malware or unwanted code, change your passwords – to your blog, your hosting account, and anywhere the hacker may have had access to. Make them difficult to crack. Then log into your Google Webmaster Tools account and request a site review. Google will crawl the site again and if the malware has been removed the flag will be removed. You can start your PPC ads again.