43% of All Data Breaches Hit Small Businesses. Here’s How to Protect Your Site.
While data breaches at major retailers, hotels, and government agencies make headlines, small business owners are getting hit almost as often as big business.
In 2018, 43% of all data breaches worldwide involved small businesses, according to the Verizon Data Breach Investigations Report. And the consequences can hurt SMBs even more than enterprises.
Why do hackers bother going after small websites when there are so many big fish in the data-breach sea? Experts say it’s because many small-business site owners don’t have the expertise and resources to set up enterprise-level site security.
Criminals know this. And because organized cybercrooks often automate their attacks for efficiency, it’s as easy to go after small sites as large ones.
What does this mean for your site, and how can you protect your business? Let’s take a look.
Small Business Cybersecurity Breaches Mean Big Business Losses
Data breach and other hacks can end a small business. Cisco reported in 2018 that 45% of cyberattacks on businesses of all sizes cost more than $500,000 to clean up. Why so much?
When a site goes offline because of a malicious takeover, forget making sales. Customers get scared away, so the site loses future sales. That means the lifetime value of customers goes down and the cost to acquire customers goes up. Partners may back away after a breach, too, causing lost deals and missed opportunities.
Victims also must hire people to fix the site, evict the hackers, and figure out how to keep the hack from happening again. If customer funds or data were stolen, the business needs to make those people whole by covering their losses or providing credit monitoring.
Depending on where the business operates, it may face fines. Lawsuits are possible, too. As Cisco said, the costs are “enough to put an unprepared small/midmarket business out of operation—permanently.”
This disaster scenario is much less likely if your site has rigorous, up-to-date security. Your business doesn’t need to handle this in-house. There are third-party security services that will monitor and even fix your site for you.
But before you can choose your website security tools, it’s important to understand the major risks to websites, so you can evaluate the services available to you.
Know the Cybersecurity Threats to Your Website
Malware, which includes nasty attacks like spyware, worms, and viruses, can find its way into your site through unpatched security holes in your site code. Or it can get in through security gaps in plugins and apps. There’s also something called SQL injection, which installs malware that tricks your site into sharing data with attackers.
When attackers find a way in, they may steal files, redirect traffic from your customers, intercept their data, and even hijack your site to launch phishing attacks on your customers and partners.
Bot attacks are like the drones of cyberattacks. Hackers can deploy them to overwhelm and crash sites (DDoS attacks), exploit site security gaps to steal data, and install ransomware on sites. As for ransomware attacks—they’re on the rise—and they can be devastating.
Unfortunately, they overwhelmingly target small businesses. Last year, 71% of ransomware victims were SMBs. The average ransom demand was $116,000.
Ransomware victims are often forced to choose between paying a ransom they can’t afford or going out of business. A 2017 BBB survey found that more than half of small businesses would stop being profitable if they lost access to their data for even one month. Perhaps that’s why more than half of SMBs say they’d pay a ransom to get their data back, according to a cybersecurity report by AppRiver.
So, data theft, customer and partner loss, site shutdown, and unplanned expenses are all part of the risk landscape. A strong security program can help you avoid these problems.
Protect Your Website from Cybersecurity Threats
The first element in a good website security program is regular site backups.
A service like CodeGuard runs daily automatic backups that help you recover fast if your site is hacked. It can also help if you accidentally “break” your site during an upgrade, or if your server crashes and takes your site data with it. Rather than have your site offline for hours or days and spend money on emergency tech help, you can revert to the most recent clean version of your site with a mouse click and get back to work.
The second element in your site security program is constant vigilance.
Services like SiteLock can continuously monitor your site to identify and stop malware, SQL injection attempts and bot attacks. The monitoring service you choose should also scan for security gaps and outdated software to prevent hackers from exploiting those weaknesses.
Besides keeping your site running and protecting your data, site monitoring can keep your website on Google’s good side. That’s because when search engines find malware on a site, they sometimes blacklist it. As you might expect, that’s bad for SEO and your reputation.
But if you have a site monitoring service, not only are you protected from blacklisting, you also get a badge that shows customers you take their data safety seriously. That by itself can make people more likely to buy from you, and to keep coming back because they know your site is safe.
Ready to Secure your Website Against Cybercriminals?
CodeGuard takes snapshots of your site as changes occur, keeping you in the know. It also gives you the opportunity to go back to the most recent pre-change version with one click to minimize interruptions, expense, and downtime.
SiteLock scans your site for malware and bot attacks, looks for vulnerabilities that hackers might exploit, and gives you a site badge to show your customers you’re watching out for their data.
HostGator customers can get both of these today. Contact us to learn more.