How hacking disasters happen – and how to avoid them

Avoid disaster and stay safe by making good password hygiene a key component of your company’s policy

Kimberly Genly

You sit down with a cup of coffee and open your email ready for anything – except this! Your inbox is full of frantic messages from customers demanding to know if their information is safe. Your company website has been hacked, and in its place is a seething mess of advertisements for off-brand pharmaceuticals.

This scenario happens to tens of thousands of business owners every day. Many people falsely assume that because their site gets little traffic, or is small, or because it does not store personal information, it won’t be a target for hacking, and therefore they don’t need to secure their website. This is a recipe for disaster.

Although it’s true that larger sites see more hacking attempts, we find that the average five page informational site experiences a minimum of 10 hacking attempts per day.

Every day, an uncountable number of hack-bots crawl the web, visiting websites great and small. These bots test every site they come across for dozens of common vulnerabilities, and if they detect one, they strike. There are three main places that a hacker can target your website:

The server on which your website is hosted

The website files themselves

The connection between the person accessing the website and the site itself

Ask your web team what actions they’ve taken to defend each of these areas. If one has been forgotten, take action immediately; it costs hackers a fraction of a fraction of a penny to take over a vulnerable site, but it can cost you thousands to regain control, fix the hacked content, and to regain your lost reputation with your clients.

Once the three main avenues for hacking are covered, there’s one remaining area to cover, and your tech team won’t be able to do it for you: keeping your passwords safe. Here are a few simple rules to live by to keep yourself (and your business) safe online.

Password hygiene rule #1

Choose good passwords to begin with. A good password is:

  • Long. A minimum of 10 characters is a good rule of thumb, but more is always better. To make your password memorable and hard to crack at the same time, use long strings of words. For example, you might include an entire stanza of song lyrics. You can remember the words to your favorite song, right?
  • Does not use any part of your name or company name, including initials.
  • Does not use common phrases like “password” “letmein,” names like God or Jesus, or sequential numbers like 123 or 8910.
  • Includes special characters such as $, # or &. However, bots know that most people will only include a single special character, and most people only do so at the end of their password, so mix it up.

Password hygiene rule #2

Do not reuse passwords. Each site you have a login to should utilize its own not-shared-with-any-other-site password.

Password hygiene rule #3

Give each person with access to your website or online portal a unique login, and de-activate it if they leave the company.

Password hygiene rule #4

Every computer in your office should have an up to date anti-virus program running at all times. Run regular deep scans to make sure no one is spying on you. If you or your employees work from home or other computers, make it company policy that they need to install and keep active an anti-virus program there, too.

Password hygiene rule #5

Store and transmit passwords securely. Make sure that your password management software 1) exists, and isn’t a series of sticky notes, and 2) saves your passwords with encryption. Don’t send passwords through insecure channels like email or IM.

Hackers are a real threat to your business. Roughly 30,000 to 50,000 websites are hacked per day, and most of that hacking is being done by bots that never get tired or bored. Stay safe by making good password hygiene part of your company policy, and talk to your web team about increasing security.

Kimberly Genly is the director of digital services for local web and marketing agency Marketing EQ. She can be reached at