Can your small business afford being hacked? According to CNBC, 50 percent of all small businesses have experienced a breach – and 60 percent of victims are out of business within six months due to the hefty cost of recovery. What makes small businesses such an easy target, and what can business owners do to keep their digital doors open? Find out in the latest episode of Decoding Security, as Website Security Research Analysts Jessica Ortega and Michael Veenstra discuss small business cybersecurity, recent security news, and more.
Tag: protect your online business
“There are two types of companies: those that know they’ve been breached, and those that haven’t figured it out yet.” Those were the words of a highly successful venture capitalist behind some of the most successful cybersecurity companies. And while the chances of being a victim of a security breach are very high, it’s not a forgone conclusion. There are steps every business should take in order to avoid falling victim, or at the very least limit the damage.
Budget should never be a reason for ignoring security. Neither should worries that you’re technically challenged. Here is a list of ten things you can do to help defend against cyber risks.
- Look in the window. Most business owners look at their websites and security risks from the inside-out, and never see what it looks like from a hacker’s perspective. Even a cursory inspection, but even better a basic website scan, could easily help you spot vulnerabilities quickly.
- Understand what the risks are. After all, you can’t fix them if you don’t know what they are. A little light reading on common business and website risks could tell you all you need to know. Focus on technical and procedural risks – from exploits of unpatched vulnerabilities to common errors by employees.
- Focus on passwords, and especially to your FTP account. Passwords can be the keys to the kingdom, and even the biggest security breaches at the biggest businesses have been traced to the smallest password mistakes.
- If your business has a lot of sensitive information to protect, consider having your website developers use a dedicated computer to access the website. This can significantly reduce the risks of things like keyloggers, which can steal website passwords and give hackers access. By using a dedicated computer that’s not used for anything else, you eliminate the risk of downloading a keylogger or other malware through drive-by downloads, email attachments, or infected files.
- Create a list of your Top 10 security rules, that everyone has to follow, and make that everyone knows what those rules are. Ten is a good number. You could easily have a hundred but too many could cause more harm than good. Focus on the biggest risks and vulnerabilities and pursue them relentlessly.
- If you accept credit cards, make sure you’re PCI compliant. Achieving PCI compliance is not difficult or expensive, especially for smaller businesses. Not only is PCI a great security place to start, you don’t have an option. Failure could mean big fines and the inability to accept credit card payments.
- Don’t forget to get physical. Not all attacks or exploits have to be digital or virtual. Hackers can walk into an unprotected business or rummage through a dumpster. And many of the information-rich laptops and tablets stolen in burglaries end up in the hands of cybercrooks.
- Control who you give access to. That can range from access to buildings and rooms to access to computers, networks, and websites, to access to specific files and privileges. It’s not about people getting access to sensitive data, it’s about the wrong people getting access.
- Choose your web hosting provider carefully. There are thousands to choose from so pick yours thoughtfully and focus on what they say about security. If they don’t talk about it at all, that could be a warning sign. If they do mention security, present them with your list of top security worries and risks and see what their response is.
- Review your security regularly, with a comprehensive top-down review at least a couple of times annually. Nothing stands still, and new vulnerabilities are being discovered or created daily.
Happy Cyber Monday! If your website has survived the Thanksgiving rush, let’s hope it doesn’t suffer from a post-Thanksgiving malware hangover. Because in the usual run up to Christmas, the only people busier than elves are hackers. And their favorite tool this year appears to be malware. What’s a website to do without trusted malware removal?
We took a look at many of the top security stories to hit the headlines in just the last couple of weeks, and it’s not surprising that most of them were about malware.
Security firm Symantec says that hackers have recently been very successful in delivering a nasty gift of malware to unsuspecting users by blasting out emails pretending to be antivirus software updates. What makes the emails so convincing, according to Symantec, is that they look very authentic and incorporate logos from most of the popular antivirus products – probably even those that you use. Because most users are likely to be familiar with the brands and use at least one of them, it makes the email appear more personal and genuine. And therefore more likely to be opened. And clicked – which is what causes the most damage.
Security firm Trusteer also announced that it discovered some of the most advanced financial malware yet, malware that not only has more features than any previous malware, but also creates a private and secure communications channel back to the hackers behind it. According to Trusteer, the malware can steal information entered into web forms as well as steal log-in credentials from dozens of the most popular FTP clients.
And this is especially dangerous to small businesses in the U.S. If this malware is able to steal the login and password for your business bank account, it will very quickly empty that account. And small business accounts are not protected by zero liability. So if the thieves steal every last dime you have in the bank account, you’re out of luck. And maybe even out of business.
To add to the misery, Trend Micro also reported that it discovered more than 200,000 different types of malware targeted at online banking in just the third quarter of this year, with at least 25% of them targeted at U.S. banks.
One of the most dangerous pieces of malware in circulation right now is Cryptolocker. This is ransomware. Once it infects your computer, it will encrypt or lock your files and then demand a ransom to unlock them so you can use them again. The ransom can vary, from $300 to more than $3,000. And even if you pay the ransom, chances are you still won’t get your data back. And thousands of users have fallen victim. Even one police department admitted that Cryptolocker had managed to kidnap their data.
And not to be left out, researchers have discovered that even the NSA has turned to malware to do their job, infecting at least 50,000 with a botnet that will allow them to spy on those computers.
To add website malware scanning and defense to your holiday to-do list call SiteLock at 855.378.6200.
Does your website have a bouncer, and if not, why not? Think about it. Websites are being probed by hackers millions of times every day, using sophisticated and automated hacking tools looking for any vulnerabilities they can exploit. It’s like having a store on Main Street that’s swarmed with visitors every single day, only you can’t tell which customers are going to pay you and which ones are going to shoplift.
A web application firewall, or WAF, is like a bouncer for your website. It stands between you and the street and determines based on a variety of criteria who gets in and who’s kicked out. It acts as a filter to make sure the visitors to your online store don’t mean you any harm.
If you’re like most small business owners, you probably don’t believe that something as small as a piece of malware could threaten your business. After all, what could you possibly have that malware could want? And why would a hacker pick on you when they have so many bigger fish to go after?
Maybe this story will change your mind. A very small, nine-person business in southern California recently announced that it would have to close down suddenly and permanently after a small piece of malware known as a banking Trojan managed to slip on to the computer of one of its employees.
When it comes to website security, many small businesses are in a constant state of change. Changing from a state of denial “I don’t need security because I have nothing to steal and I’m too small for hackers to find me anyway” to a state of panic “Oh no! I’ve just found out I’ve been hacked, they’ve been using my website to spread malware for months and now I’m blacklisted by the search engines.”
That’s the unfortunate state of small business web security, and it usually starts with the word don’t. That’s because most small business owners simply:
- Don’t give website security a second thought because they’re too busy with more pressing matters, like trying to meet this month’s payroll.
- Don’t think they’re big enough for hackers to bother with, not realizing that hackers now use automated tools that will easily sniff out unprotected websites in a matter of seconds.
- Don’t think small businesses are targets in general, in spite of the numerous studies that suggest they could actually be the top target.
- Don’t think they have anything worth attacking or stealing, although hackers think otherwise.
- Don’t know where to start with security and how to even begin plugging those holes and so keep putting it off.
- Don’t know what to do if they are hacked – which is usually the last step before that state of panic.
So much of the panic could be alleviated if small business owners took just a little time out of their busy schedule to think about security and understand how bad security or none at all can destroy a business, and how good security is a business enabler.
Bill Gates, co-founder of Microsoft, maintained that when it comes to business, security is job one. If you’re not protecting your website, it could turn into your greatest liability. Time and money are not an excuse because good security is automated, always on, and very affordable (I don’t want to say cheap in case you get the wrong idea but I really do mean cheap).
And good security leads everyone – you, your customers, your employees, and even your credit card processor – toward a state of bliss. Start on your journey by simply making sure that the next time the automated tool of a ruthless hacker comes sniffing around your website, you’ve beaten them to the punch and closed all the holes.
A great way to close these holes is by implementing website security solutions such as a Web Application Firewall and a scanner to detect potential infections. For more information on how these types of solutions can layer into your existing website call SiteLock at 855-378-6200.