In this modern era of technological progress and advancing IT resources, small businesses have gained an amazing opportunity to level the playing field with the bigwigs in their niche and their fiercest competitors. A florist from Small Town, Canada, now has a chance to sell her creative flower arrangements across the globe if she is so inclined. Using WordPress, Flora has created a website for the (potential) customers to see what she has to offer and how it can be done.
It took her just a few minutes to have the website up and running even though our Flora is not so tech savvy. However, once she has done that and opened a new line of communication between her and her customers, she must also think about protecting not only her business, but also the users of her website.
You might want to ask what hackers would want from Flora. Well, if you think that just because you run a small business, there is no reason to be targeted, you are mistaken.
In the cyberspace, we are all the same. In fact, small businesses may be in even more danger than high-profile companies. (Read about 5 biggest security myths in one of our previous blog posts.) Small businesses possess more digital assets than individuals, that’s for sure, but they also have less sophisticated security than big brands. For that reason, thinking you can hide because you are small is dangerously stupid.
The most common end goals of cyber attacks, in general, is to misuse sensitive financial data or a person’s identity online. That can be done in several ways:
- Data breach – Online business data consists of people’s payment credentials, but also their personal health information, intellectual property and so much more. Once breached, these huge amounts of information can be abused directly or sold on the black market.
- Brute force attacks – They are executed by programs which attempt to guess users’ credentials by trying out as many combinations as possible. Many people use actual words in their password, which is why hackers have invented the so-called dictionary attacks. There are also reversed brute force attacks, where a single password is tested against as many usernames as possible.
- Ransomware – It is a form of malware that hijacks a database or a system, either to encrypt it and make it worthless to the user, or to lock it down so the user cannot access it – until they pay ransom. Of course, there is no guarantee that even paying ransom will help the victim restore their possession.
- Backdoors – Typically, a backdoor attack is a malware that enables an unauthorized entrance to a computer system, not by fighting or manipulating the security measures, but by bypassing them altogether. There are no smoking guns or traces that an evil act has been committed, which makes backdoors especially hard to discover.
- Phishing – A form of manipulation where the hacker pretends to be a trustworthy source. They may even clone a regular website or an email in order to appear harmless and legitimate. The point is to trick you into performing an action – enter sensitive information or click on an attachment that contains and immediately executes malware.
- Defacement – It is not always done for nefarious reasons. Hackers sometimes do it just for fun, to stroke their omnipotent egos, or to test their skills on a playground, practicing for something bigger. By breaking into a server, the hacker can change the looks or content of the targeted website. It often happens via SQL (code) injections.
Now that you know what dangers lurk on the Internet, how can you protect your business? There are a few things you can do:
- Update regularly – Even though developers work tirelessly on patching up security holes in the WordPress platform, as well as its themes and plugins, that effort alone cannot provide protection if not used. As soon as an update or a fix for a specific security issue is available, use it. By keeping your website resources up to date, you avoid your data being stolen or your website’s IP address blacklisted.
- Change your login credentials – When you create a website, the first thing to do is to change username and password. Use a unique and long combination of upper and lower-case letters with numbers and special characters for your password to make it that much more difficult to crack. Also, employ the two-factor authentication so that no one but you can gain access to your website.
- Use SSL & HTTPS encryption – Getting it will secure your browser’s communication with servers by encryption, so no third party can understand it, even if they are intercepting the conversation. The encryption is inventing a secret language that will never be used again after this conversation is over. It’s a mighty measure of precaution which Google now demands from all websites that deal with consumers’ sensitive information.
- Monitor traffic – Any change not caused by you or a member of your team should be suspicious. Content injection or defacement is a sure indicator that the website has been breached. However, as useful as it may be constant monitoring of just about every page on your website, as well as its infrastructure, it can be a tedious job. That’s why it might be a good idea to choose a service that could automatize this process.
There are all sorts of cyber threats aimed at small businesses with online presence, which means companies are constantly at risk. No matter how small your business is, if you own a florist shop or a bank, if you don’t keep it safe, you will endanger it. You owe it to your customers to keep their personal and sensitive information safe, as much as you owe it to your employees to keep your company’s reputation untarnished so that it may continue working.