As a small business owner, website hacks are likely the furthest thing from your mind, but they are a risk you should be aware of. Over 30,000 websites are hacked every day, and many of them are small businesses that often don’t have the resources or the technology to properly protect their site. Hackers go after small websites to steal credit card data, private information, and other saleable assets, and it is up to you to protect your company, your customer data, and your reputation.
It’s important for you to understand your risks, why website attacks happen, and how to improve your website security if you want to protect your site.
How Website Attacks Happen
There are dozens of reasons that your site may be hacked, and hacks can happen in different ways.
For example, a Denial of Service (DNS) attack is typically launched at an entire server or group of servers, and is used to steal data. Java-based exploits are more likely to attempt to download malware or to infect visitors.
The three most common types of website attacks are brute force, SQL injection, and cross-site scripting.
- Brute Force – Brute force website hacking is simply using scripts (like a program) to attempt to figure out your password by entering different letter combinations until they get it right. In most cases, you can protect your site by setting a maximum number of login attempts and using more secure passwords.
- SQL Injection – Here, a hacker inserts a malicious script into an unsecure form to attack the database. This is often used to steal data like usernames and passwords and credit card numbers, but it can also be used to alter and delete data on the site.
- Cross-Site Scripting – Cross-Site Scripting, or XSS, happens when a hacker inserts a malicious script into your site. This can create redirects, can cause your site to download malware, and can result in lost data.
How Website Attacks Affect Businesses
A website attack can affect your business in several ways. In most cases, cyber attacks are done for profit, which means they attempt to steal data they can use or sell.
Loss of Reputation – If your website is infected with malware, you lose customer data, or otherwise suffer from a hack, it will affect your business reputation. In some cases it will also affect your search engine optimization.
No Service – If your website is offline, you cannot offer service or sell through the site. This can cost you money for as long as the hack continues.
Data Breaches – Data breaches are the largest concern in the instance of a website hack. Losing company data, personal data, or customer information can be detrimental to a business. If you store customer information, it is your responsibility to keep it safe, and a data breach is your fault. You are liable for lost data, which can result in identity theft, loss of funds, and exposure of personal information. A data breach can also result in lawsuits.
How to Protect Your Site from Website Attacks:
- Keep Everything Up to Date – Make sure that your website, scripts, plugins, and server software are up to date. If you are managing everything yourself, try to set up auto-update protocols, so that your platform and content management system update automatically. If you aren’t, make sure that security updates are one of your tech team’s first priorities.
- Use Security – If your server doesn’t include its own antivirus and firewall, you should either get them or install a security app directly onto your CMS. There are plenty of security options available, and you should be protecting your servers just like you would your computer.
- Don’t Use Basic Login Options – If you’re using a Content Management System like WordPress, Joomla, or Drupal, you have default login URLs. For example, WordPress uses wp-admin. Changing this basic URL protects your site because hackers won’t be able to find your login as easily.
- Check Your Passwords – Did you know that the most common password is still 12345, and the most common user name is still Admin or Admin1? Make sure you use a more complex log-on, and then properly store your information.
- Backup Your Data – Make sure your server regularly backs up your data so you can easily restore everything in case of a website attack.
- Encrypt Data – If you store any confidential information, take online payments, or store customer data (even emails), you need to encrypt the data. This ensures that even if someone steals their information, they can’t use it.
For your tech team:
If you have a tech team or web developer, you can make specific requests to protect your site.
- Parameterized queries to prevent SQL injection
- Use Content Security Protocol (CSP) to protect yourself from Java based attacks
- Check file and directory permissions.
Improving your cybersecurity is the best way to protect your website. If you’re unsure if website attacks are a risk for your business, use the Threat Sketch risk analysis to determine your cybersecurity risks so you can better allocate your resources to better protect your business.
About the Author: Brandy Cross is a freelance writer specializing in technology and marketing solutions for SMBs, with experience writing for everyone from startups to Fortune 500s.