Estimated reading time: 6 minutes
Table of Contents
- Is Small Business Website Security A Concern?
- What Is Website Security?
- Common Website Security Threats
- How To Protect Your Website As A Small Business?
- Further Reading
Website security can be a massive headache for many especially small businesses because cyberattacks cause expensive clean-up, disrupt your website traffic, and hurt your organization. Were you once or for multiple times hacked?
Is Small Business Website Security A Concern?
Fundera reported in the 30 Surprising Small Business Cyber Security Statistics (2020) on December 31, 2019 some startling facts below.
- 43% of cyberattacks target small businesses.
- 60% of small businesses that are victims of a cyberattack go out of business within six months.
- There was a 424% increase in new small business cyber breaches last year.
- 66% of small businesses are concerned or extremely concerned about cyber security risk.
- 14% of small businesses rate their ability to mitigate cyber risks and attacks as highly effective.
- 47% of small businesses have no understanding of how to protect themselves against cyberattacks.
- 66% of small businesses are most concerned about compromising customer data.
- 3 out of 4 small businesses say they don’t have the personnel to address IT security.
- 22% of small businesses encrypt their databases.
- Human error and system failure account for 52% of data security breaches.
- 63% of confirmed data breaches leverage a weak, default, or stolen password.
- 65% of small businesses have failed to act following a cyber security incident.
- 50% of small and mid-sized businesses reported suffering at least one cyberattack in the last year.
- Small businesses spend an average of $955,429 to restore normal business in the wake of successful attacks.
- 40% of small businesses experienced eight or more hours of downtime due to a cyber breach.
However, securing your website does not require a big budget but rather vigilance. Here are some tips.
What Is Website Security?
In a word, website security is protection of websites from cyberattacks.
According to Wikipedia, a cyberattack is any type of offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices.
The FBI in the United States investigates cyberattacks by criminals, overseas adversaries, and terrorists. They said that cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated.
Common Website Security Threats
Oftentimes folks find their websites unavailable due to denial of service attacks or having modified information. Besides, they got their passwords, email addresses, and credit card information stolen through their websites.
The Mozilla Developer Network MDN Web Docs is an evolving learning platform for Web technologies and the software that powers the Web. They have complied a list of a few of the most common website security threats which include:
- Cross-Site Scripting (XSS)
- SQL injection
- Cross-Site Request Forgery (CSRF)
- Denial of Service (DoS)
- Directory Traversal (File and disclosure)
- File Inclusion
- Command Injection
How To Protect Your Website As A Small Business?
Web Application Firewall (WAF)
First, your small business website should have a Web Application Firewall (WAF) that identifies and blocks malicious traffic.
An integrated malware scanner blocks requests that include malicious code or content. It defends against brute force attacks by limiting login attempts, enforcing strong passwords and other login security measures. It enables real-time firewall rule and malware signature updates as well as the Real-time IP Blacklist, which blocks all requests from the most malicious IPs, protecting your site while reducing load.
Secondly, you should scan your website regularly for vulnerabilities.
A Website Security Scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections. It also compares your files with what is in the repository, checking their integrity and reporting any changes to you. Repair files that have changed by overwriting them with a pristine, original version and easily delete any files that don’t belong. It also checks your site for known security vulnerabilities, abandoned and closed plugins. Content safety checks ensure that your files, posts and comments don’t contain dangerous URLs or suspicious content. It enables real-time malware signature updates, reputation checks and better control over scan timing and frequency.
Thirdly, you should keep software up-to-date including content management system (CMS), themes, and plugins for the purpose of bug fixes and security improvements. If you have the most up-to-date software, it will be difficult for hackers to take advantage of the vulnerabilities of your website.
Fourthly, you should secure user login credentials with a strong and unique username and password. Besides, you should change your login credentials regularly. Your passwords should consist of letters, numbers, symbols and at least eight characters. You should use two-factor authentication or a password manager.
Fifthly, you should limit user access within your organization. You should limit the capabilities granted to your outsourced tech support and content contributors as well as the time given to them to complete the jobs. Users should not share the same usernames and passwords.
Sixthly, your website should use HTTPS protocol. According to Wikipedia, Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS).
Without HTTPS, a hacker can alter anything on your website to gather your visitors’ information like username, passwords, and personal data. Folks will also see “Not Secure” on their browser when visiting an insecure website. Besides, HTTPS improves search ranking on Google.
TLS certificates are files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the HTTPS protocol (over port 443) and allows secure connections from a web server to a browser. It secures credit card transactions, data transfer and logins, contact details, and browsing of social media sites.
Seventhly, you should back up your website before and after you do one of the following.
- update your CMS, themes or plugins
- install new themes or plugins
- update your website content
Eighthly, you should set up your website in a way that makes it harder for hackers to find vulnerabilities in your website. This includes post/page comments settings, user roles and capabilities, file permissions and uploads, anti-spam e.g. reCAPTCHA.
Lastly, you should monitor your website traffic using web server monitoring and alert service.
Monitoring service enables you to monitor CPU utilization, data transfer, and disk usage activity using graphs over time. It also allows you to set up alerts to receive notifications whenever a metric crosses a specified threshold and critical issues arise in your infrastructure.
In short, small business websites are at risk of being hacked.
In order not to fall prey to cyberattacks and pay through the nose for cleanup, you need to take steps to improve your website security as your top priority.