During the current pandemic, with seemingly endless lockdown situations, a lot of business rely on their website to promote and sell their products. Unfortunately, most of them do not consider security for those websites. In a world where cyber criminals know about the dependence on online business, and increase their attacks accordingly, such negligence can be fatal.
A recent report on the state of Website security by cyber security company Sectigo analyses the problem. Here are some key figures from the report as well as five concrete steps you can take to secure your online business.
Survey shows contradicting results
The first and most dangerous perception of small businesses (SMBs) is the false thought that they would be too small to be targeted by cyber criminals. In fact, the report shows that about 48% of the 1100 businesses surveyed believe that they will not be targeted.
Strangely, even though SMBs don’t think they’d be interesting for cyber criminals, 54% think that their business would be seriously disrupted in case of an attack, with 72% also stating that they collect or store sensitive data.
The perception changes dramatically once the businesses are actually victim of such an attack. Of those SMBs who have experienced an attack in the past, 58% still feel vulnerable to some degree, regardless of measures already implemented.
Looking at the type of threats, data breaches rank top with 37% believing to be vulnerable in that area, closely followed by malware injection, denial of service attacks (DDoS) and malicious insiders (all at 35%). Ransomware, currently most prominent in the media landscape, completes the Top 5 with 34%.
How to protect your online business
What can SMBs owners and website managers do right now, without investing a ton of money or time, to help protect against malware, phishing, ransomware, or other crippling attacks? Here are some helpful steps in making your SMB more risk aware and preventing attacks.
- Threat awareness – Be aware that you are a target. In total, the study found that 50% had been attacked in recent years – with 20% experiencing a breach in the last year alone. Yet 73% believe that they are already effectively mitigating risk.
- Security Awareness – Make sure that on-site staff, as well as employees and contractors working remotely or on the road, understand the basics of avoiding malware, viruses and phishing.
- Secure authentication – Ensure that all your connected devices – laptops, phones, even edge devices like sensors and alarms – can be authenticated with a digital certificate. If, for lack of IT resources, this is not an option, implement a strict password policy for all digital services.
- Zero Trust – Implement a “Zero Trust” architecture – This means maintaining strict access controls for all servers, users, devices, and software accessing your company’s cloud-based systems. The very straightforward golden rule for this: only give access to employees which actually need access for their daily work.
- Go beyond the padlock – Website security is more than just the padlock-icon in the browser. Website security solution come in many different variations. It helps to see your website as a valuable assets and think about what you would do in real life to protect these valuables. That will automatically lead you to solutions like DDoS protection. Website Firewall, backup & recovery or malware protection.
Last but not least, for all of the issues mentioned above, do some shopping around. In most cases you will find solutions which will not break the bank or are even free for limited use. If your online business is expanding, and the potential damage of a cyber attack increases, be sure to invest in cyber security solutions, though. Again, think about comparing your online shop to a real-life shop: you wouldn’t leave your shop door unlocked at night or all the cash open on a table, would you? Even more important: investing in cyber security will certainly offer peace of mind.
Patrick Boch has been working in the IT industry since 1999. He has been dealing with the topic of cybersecurity for several years now, with a focus on SAP and ERP security.
In recent years, Patrick Boch has published various books and articles as an expert, especially on the subject of SAP security. With his extensive knowledge and experience in the areas of SAP compliance and security, Patrick Boch has served as product manager for several companies in the IT security sector since 2013. Patrick is Co-Founder and Editor of Cyber Protection Magazine.