Protecting Your Online Store From Hackers
From a recent investigation conducted by Verizon, It was reported that small-business owners were victims in 43 percent of data breaches tracked between Nov. 1, 2017, and Oct. 31, 2018. The report tracked security incidents across all industries, but the most vulnerable sectors this year were retail, accommodation, and healthcare.
So what does the issue look like in simple terms? Using SiteLock as a reference point If we take the sample size of infected sites they reportedly found in 2018 approximately 47,244 out of 6,056,969 checked and apply that percentage to the country’s estimated 30.2 million small-businesses websites, minus the estimated 36 percent that doesn’t have one, we can loosely assume that the estimated amount of infected small-business websites would be around 150,757, now let’s put that in terms of revenue loss. So, in this case, we are assuming that there is an average loss of $1000 per month that gives us a revenue loss of around $150,000,000 monthly.
Alarming right? Now as a small-business owner, you may not believe anyone would target your website, but that’s just it bad actors are likely not seeking out your site specifically, said Mark Risher, head of account security at Google.
The target of choice is when they’ve zeroed in on that one shiny, flashy car, and that’s the one they want to break into and they’ll try the windows, the doors … the moon roof. I think for small businesses, there is this temptation to assume, ‘No one would ever choose me; therefore I’ll just kind of skate by anonymously.’ But the problem is they’re not factoring in the degree of automation that attackers are using.”
Even the least-trafficked websites still average 62 attacks per day, according to SiteLock research. “These cybercriminals are really running businesses now,” said Neill Feather, president of the company. “With the increasing ease of automation of attacks, it’s just as lucrative to compromise a 1,000 small websites as it is to invest your time and try to compromise one large one.”
How to protect yourself and your customers
A lot of cyber-attacks can be attributed to automation, putting basic protections in place against phishing, malware and more can help your site stay off the path of least resistance.
Here are five ways to boost your small-business cyber-security.
1. Use a password manager.
There is an exhaustive amount of password advice floating around in the ether, but the most important is this, try not to use the same password on multiple sites. It is a difficult rule to stick to for convenience’s sake especially since 86 percent of internet users report keeping track of their passwords via memorization but experts recommend password managers as efficient and secure workarounds. Free password manager options include LastPass, Myki and LogMeOnce.
2. set up email account recovery methods to protect against phishing attacks.
Phishing attacks are an enduring cyber-security problem for large and small businesses alike: 83 percent of respondents to Proofpoint’s annual phishing survey reported experiencing phishing attacks in 2018, an increase from 76 percent the year before. Embracing a more cyber-aware culture includes staying vigilant about identifying potential phishing attacks, suspicious links, and bogus senders is key to email safety.
If you’re a Gmail user, recent company research suggests that adding a recovery phone number to your account could block up to 100 percent of cyber-attacks from automated bots, 99 percent of bulk phishing attacks and 66 percent of targeted attacks. It’s helpful because, in the event of an unknown or suspicious sign-in, your phone will receive either an SMS code or an on-device prompt for verification. Without a recovery phone number, Google will rely on weaker challenges such as recalling last sign-in location and while that still stops most automated attacks, effectiveness against phishing drops to 10 percent.
3. Back up your data to protect against ransomware.
Ransomware is a form of cyber-attack in which a hacker holds your computer access and/or data for ransom, it is the second leading malware action variety in 2019, according to the Verizon report, and accounted for 24 percent of security incidents. Hackers generally view it as a potentially low-risk, high-reward option, so it is important to have protections in place for such an attack namely, have your data backed up in its entirety so that you are not at the hacker’s mercy. Tools such as Google Drive and Dropbox can help, as well as automatic backup programs. You can also purchase a high-storage external hard drive to back everything up yourself.
4. Enlist a dedicated DNS security tool to block suspicious sites.
Since computers can only communicate using numbers, the Domain Name System (DNS) is part of the internet’s foundation in that it acts as a “translator” between a domain name you enter and a resulting IP address. DNS wasn’t originally designed with top-level security in mind, so using a DNSSEC (DNS Security Extension) can help protect against suspicious websites and redirects resulting from malware, phishing attacks and more. The tools verify the validity of a site multiple times during your domain lookup process. And though internet service providers generally provide some level of DNS security, experts say using a dedicated DNSSEC tool is more effective and free options include OpenDNS and Quad9 DNS. “[It’s] a low-cost, no-brainer move that can prevent folks from going to bad IP addresses,” Loveland said.
5. Consider signing up with a website security company.
Paying a monthly subscription to a website security company may not be ideal, but it could end up paying for itself in terms of lost business due to a site hack. Decreasing attack vulnerability means installing security patches and updates for all of your online tools as promptly as possible, which can be tough for a small-business owner’s schedule.
Based on reports from TrustGuard, your website is under constant attack; and with 84% of all websites failing their initial PCI DSS Scan. To mitigate against this, Trustguard comes with 4layers of security protection for website protection.
One of the devastating facts of the cyber world for small businesses is being attacked by cyber threats. What if one morning your website shuts down and you simply have no idea about it? How? What’s next? These attacks leave you shattered with so many questions marks left unanswered.
Which is why it is strongly advised that you have a large organization handle this for you.