As small businesses prepare to endure a widespread cost of living crisis, it appears that a loss of consumer spending power has been coupled with a rise in targeted cyber attacks in recent months. With the news that small businesses are three times more likely to be targeted by cybercriminals than their more established counterparts, this article explores how lighter workforces can fight back.
In a recent Forbes article, Edward Segal noted that between January and December 2021, researchers at Barracuda Networks, a cloud-based security firm, found that employees of small businesses with fewer than 100 staff members will experience 350% more social engineering attacks than their larger enterprise counterparts.
Findings from security firm Purplesec’s 2022 cybersecurity insights showed that 43% of cyber attacks target small businesses, whilst 70% were unprepared to cope with a cyber attack.
Furthermore, AdvisorSmith data shows that 42% of small businesses experienced some form of cybersecurity attack in the year prior, with 69% expressing concern for attacks in the coming 12 months.
With 72% of small businesses implementing measures to limit the impact of security breaches, it’s essential that companies are familiar with their options when it comes to ensuring that they have the best chance of keeping their website running smoothly and their customers safe from breaches.
With this in mind, let’s take a look at some website hosting essentials that can be undertaken to help ensure that small business owners are keeping their company safe from harm online:
Mitigating the impact of cross-site scripting
According to a study from Precise Security, cross-site scripting (XSS) formed the most common form of cyber attack online, accounting for 40% of all attacks. Although XSS occurs fairly frequently, they’re generally easy to combat–provided that businesses have a well-functioning website.
Cross-site scripting works by targeting the users of a site, rather than the web application itself. Here, cyber criminals insert code into an insecure website, which is then run by the visitor–potentially compromising their accounts to activate Trojan horses or to modify content in order to cause them to give up personal information.
For businesses, the risk posed by XSS can be hazardous–particularly from a reputational point of view where customer trust can be compromised.
Fortunately, most websites can protect themselves from XSS by setting up a web application firewall (WAF). This can behave as a filter that instantly blocks malicious requests from corrupted code. For most businesses WAF should be offered as standard from web hosting companies, but it could be worth checking to ensure that it’s covered in the package.
The importance of protecting data
Another essential consideration to make revolves around the protection of data. As data breaches can be significantly damaging for online businesses, one of the most important strategies involves giving data backups and encryption the attention they deserve.
This means that a company’s sensitive data can remain safe even if it falls into the wrong hands.
To action this, work on encrypting and then backing up sensitive data, including private customer information, employee information and all other forms of essential confidential data.
Again, the importance of utilising backups to protect data can extend to your website content itself, and businesses can benefit significantly from finding a WordPress host that offers daily website backups as part of their hosting package.
Keeping phishing at bay
Phishing can be one of the most significant dangers facing small businesses. Expert Insights data suggests that phishing attacks have grown 65% in the past year whilst accounting for more than $12 billion in losses.
These attacks take place when a cyber criminal entices a user to click a malicious link, or download a malicious file–or give up their information, bank details, or credentials willingly.
Phishing has become more sophisticated of late, with many attacks effectively replicating close contacts or mimicking trusted organisations in order to gain sensitive information. For small businesses, the rise of Business Email Compromise, in which attackers trick employees or executives into giving up their business account passwords, can be especially damaging.
Furthermore, they can be difficult to effectively tackle. However, there are a number of measures that can be taken to give the best chance of successfully countering such a threat.
Significantly, multi-factor authentication (MFA) is an important measure to take to limit the risks of phishing. MFA places an added layer of security to the authentication process when somebody attempts to access an account. This process can require added verification at all times or when an individual attempts to log in from an unknown device.
Should your business involve any exchange of sensitive data, payment information, or other forms of confidential data, it’s essential that measures like MFA are added to your website in order to protect against phishing attacks.
Although cyber attacks are a trend that’s continually impacting small businesses, there are a number of measures that can be taken to deliver the best chance of online safety. With this in mind, it’s possibly worth reviewing your web hosting package and the accessibility of essential security measures on your pages. Ultimately, dedicating the time and effort to shore up your website today can help to stave off reputational and financial damage later down the line.