Listen to podcast:
Good morning, internet fans. It’s Ryan Perry, Simple Biz Support. Today is a Thursday, January… I almost gong to say July for some reason… 14th and definitely with the weather out there it is not July, it is cold and gloomy, which is perfect weather for Sonoma County this time of the year. And speaking of Sonoma County, I have Virginie Dorn with Business Website Center down in Petaluma as usual. And Virginie, you want to talk about something cool and exciting, it’s hip, it’s cutting edge, it’s like driving a Bentley and that is, backing up your website.
Virginie Dorn: Yes, it’s not that exciting, but the day you need your backup of a website because you either forgot to renew your hosting or your site was compromised by a hacker or malicious malware, you would be happy you did the effort of having a clean backup. We’ve been getting a lot of calls in the last couple of months for all sorts of people across the nations and if we didn’t… For our website we don’t have a backup to help them with, so we have to start from scratch, which is quite expensive for the site owner. So, it’s all about backups today. It is so important. It is about insurance policy that if anything happen to your website, regardless again you missed a payment of your hosting provider or it got hacked, you are able to get it back on its feet very quickly for very little money, and you don’t lose your investment.
RP: Right. And let’s talk a little bit about the facts or the numbers behind it. We do have some hard numbers. I think that’s from 2013, that was about 9 million websites and I forget if that was 2013 or 2014, but it was roughly 30,000 websites a day were infected. I think the latest expectation is somewhere around 18 million for last year, is that correct?
VD: Yes, the express desktop coming up with numbers it will take some time to get the accurate data, but they expect them about 2014, 9 million websites infected has doubled last year. Doubled. So if it happens to you don’t take it personally. It happened to another 18 million people out there. It can be quite damaging to your company, again, especially if you don’t have backup you have to start from scratch so you have to go back to square one to developing a brand new website with new content, new images, it could be a total nightmare and a disaster for some of the companies that rely heavily on their website.
RP: Yeah, and before we’re actually gong to talk about some different ways to back up your website so that you have some information, some tangible information that you can use today and go check and see if things are in place or if tools are not in place. And I think this is really important because a lot of times people, you build your website, you set it, forget it. I have the mentality for years that, “Eh, I’m a small guy. I have a small company. I’m not Coca-Cola, I’m not GM, nobody’s gong to mess with me,” but that’s changed in the last couple of years because one, a lot of people are on WordPress, I’m on WordPress, a lot of other small business owners are on WordPress, maybe they’ve built it out themselves, they had somebody else build it but now they’re responsible for… They set up the GoDaddy hosting account or HostGator hosting account, boom, it’s there, it’s alive and what we don’t realize, and in the last couple of years, because I’ve seen it personally with my clients is that the small guys are getting hacked and it’s through automation.
VD: Correct. There’s two kinds of hacking, the one where people will actually target specific companies and their website. They usually paid for the hacking. It could be corporate espionage, you name it. The most frequent way, about 19 million or whatever the numbers is of website infected, is through malicious script. And what hackers do, they build their portfolio just like a graphic designer will build a portfolio of logos with design or brochures, hackers do it in numbers of website where scripts have been able to hack. So, when we are ready to be hired by some kind of horrible company, they can say, “Hey, my script last month infected 600,000 websites around the world.”
VD: So this is just a script that is looking for entryways. There are ways to protect you, but again, the backup is the first thing to do. It’s like a burglar, if they want to get into your house they can. So you can lock your doors, you can add security bars to your windows, you can put a couple of security guards or watch dog, a tall fence, barbed wire. If someone really wants to get in, there’s a way for them to get in. Now, if you put all the security measures in place it reduces your chance of course, but typically it’s extra money. So if your site got hacked, don’t get too mad at the webmaster because it’s just the way hackers are working on it for these malicious scripts they send out there.
RP: And basically if a website gets hacked there’s a couple of different things. Maybe they just changed some pages but typically they’re going to attack the database and the database is kind of what is that background information that’s working that keeps everything together especially if you have a WordPress site that has a blog and it’s a CMS, those require a database. If that database gets scrambled, you can’t just go in and fix it, and that’s the reason why you need a backup so you have a clean slate of, yes, of all your pages, your pictures, or content, but more importantly is that database. Correct?
VD: That is correct. So they will find a way through the database in most cases and then they will corrupt the data inside the database and it will eventually show up in the visual parts and sometimes you’re infected for a couple of months but the damage is not quite visible yet. Now saying that you can do some repair work. Sometimes their script will delete entire files and folders just by the nature of the script then those have to be replaced, so you will need a programmer to do that. If you don’t have a back up… For instances it deletes your slide show and you don’t have a back up of a slide show, well it’s gone. It has to be either put back or recreated. So that’s why we’re so keen on having those back up because that’s so easy you wipe everything on your server and bring back a clean copy and you’re done and then you can take the extra measures which we will be discussing next week. But today is all about the backups.
RP: Yeah and the other nice thing about the backup is that instead of trying to go in and clean something and maybe you still leave a little bit of that malicious code left over and it can reinfect, when you start clean you’re starting from a clean slate so that you know everything’s clean now. With that being said one of the things we were talking about before the episode started was you need to make sure that you’re database is clean. And like you just said you may not notice there’s a problem until two, three, four months later. So if you have a back up that’s backing up on top of itself everyday versus creating a backup and then creating a new back up, that could create an issue because you may have an infected back up versus being able to go back in four months and going “Alright, here’s a clean version. Let’s install it that.”
VD: That is so true. Typically we recommend to our clients to keep backups for 12 months. For most companies having a full backup at the first of every calender month is good enough, so January all the way to December. Once we get to the new January we delete last year’s backup for that month. We back up not just the folders and make the website what it is, all pretty, but also the database. So there are two backups to make and there are different ways to do it. You can do it manually, you can do semi-automation, or you can pay someone to do your backup which is what we would recommend. Maybe we can touch on the manually. If your a really hands on type of site owners you can try to do it by yourself. In most instances you’re with a large hosting provider like NetClick Solutions, HostGator, GoDaddy. You should be able to go onto your hosting account, go to the dashboard that handles your sever and see if there’s a way there to create a backup.
VD: Once a backup is saved through you’re hosting account it is in 99% of the times through your server. So having a backup left on the server is fine, but if the server gets compromised your backup is also compromised. So what we recommend as well as SiteLock, which is one of the largest security web companies out there, is you do download those backup once a month. After they are made you back them up… You download them onto you’re local hard drive. So most people it’s their just regular computer or maybe they have a local server inside their office, and in addition to that you make sure your local computer is backed up on the cloud with a program like Carbonite, Crashplan those are like $60 a year and they will back up your entire computers. Not just your backups of your websites but all the other important files you have. So backup on your server, download the backup, save it on a secured computer and have that computer backed up as well.
RP: With anything redundancy, redundancy, redundancy. So the idea is that if the server that’s actually hosting your website is also storing the back up on the same server, if that server from the hosting company becomes infected not only is your website infected but also you’re backup. So by downloading a backup to your local computer you now have at least a fail safe, and then the fail safe on top of the fail safe is then make sure you back up your data to a separate server that way it’s pretty much impossible that you’ll ever lose your website.
VD: Yes. Do it. It is not that complicated. The first time around might take you an hour. Truly call your hosting provider with technical support. Most of them are really nice. GoDaddy for instance 24/7. So any time of day you will get someone in the US. They’ll show you how to do it, or they may even do it for you. If you do it manually just make sure you know what you’re doing and, again you don’t forget to do the backup of your database as well, not just the folders. Database again, it contains all your text and your images. If you have a content management system like WordPress or custom CMS or e-commerce site, membership site all those have a database. If your website is hard coded then you don’t have to worry about a database. But primarily we will say “Call your hosting provider today. See if they have a new product to back up your website and restore it” should there be any problem.
VD: I’m a big fan of GoDaddy. I know it’s like Starbucks for coffee, but again 24/7 customer support, they are very easy to talk to and they just launched a few weeks ago side backup and restore. It’s only a couple of dollars a month. They back up and save your backups for you every month. It’s $2, cheaper than a cappuccino. You can sleep well at night. If there’s any issue you give them a call and they can either guide you through the manner into restoring the clean backup, or they can do it for you. So that would be my recommendation. Get your hosting provider to do it for you if they offer that product.
VD: Yeah and I think the key advantage is, one, if you’re doing it yourself kudos on you because at least you’re backing up. The problem is when the site goes down you need to take care of that now and if you never done it before it could be a little cumbersome. It’s like “oh yeah I set this up a year ago but where are my files, how do I get them, how do I clear everything out and then reinstall them? How do I know if my backup is infected or not infected? By using a company such as GoDaddy who’s already got systems in place they are a large enough company that they have not only the system’s in place so they can go through the technical manual and go, okay step one, step two, step three. But they have employees that deal with this on a daily basis and so for them it’s just boom boom boom we can get it done. You’re going to find that for the couple of dollars that it cost you, the headache it’s going to save if your website gets hacked is more than worth it.
VD: Oh yeah I mean you can lose your entire website investment if you don’t have a single backup of it and you’re unable to find your webmaster maybe they’re out of business or they don’t have a backup because that’s not their job perhaps. So now you’re there with you lost your website it’s so infected it’s not worth salvaging. It’s like crashing your car and you have no insurance and it can not be repaired. So the backups, in a nutshell again use automation if you can it’s become very affordable and a lot of the big providers are there offer that type of service. Backup your website every first of each calendar month that’s for your website folder. If you have a database I recommend at least once a week to backup your database especially if you make weekly changes to your blog or your shopping cart, you want to do that backup every week.
VD: Some clients do it daily, but that’s just because they are membership websites so they have a lot of activities and their members serving things on their dashboards. Now also save your backups onto your PC. Make sure your PC has a cloud base backup system as well as like Crashplan is one of my favorites and Carbonite is very good as well. If you do those steps you’ll be in good shape and again keep them for 12 months probably my sixth recommendation. Keep them for 12 months then get rid of the last one ’cause it will be taking space.
RP: The last thing I want to say is that for people that are out there using WordPress there are plugins for doing backups and what’s nice is they’ll automate the system and they can actually email the backup to you so that every week or every month you can have an email and if you ever have a problem all you got to do is go back in your email and you can go ahead and get that backup. Again you got to know what to do with it if your site does go down and that can be a problem sometimes so the free solution is not always the best solution but at least do something. I mean with so many websites getting hacked every single day it’s just smart money to invest your investment and your business.
VD: Yes do it today too don’t wait until next week ’cause these infected websites are rampant right now.
RP: Yeah. Alright perfect! Well that’s it for today show Virginie. I appreciate the time and energy that you put into it. Next week we’re going to talk about some of the things we touched on and that’s side lock and prevention. How can we prevent your website from getting hacked in the first place. So that’s next week same time, same place, same computer screen Thursday at 9:45 AM Pacific Standard time. Virginie I hope you have a great week and are looking forward to the weekend.
VD: Thank you Ryan bye.
RP: Alright everybody take care and enjoy the rest of your Thursday.