There’s not a month goes by without a cyber security issue hitting the headlines. The attacks that break the news, though, are just the tip of the iceberg. Businesses, big and small are getting attacked every day and in huge numbers. For those that fall victim, the fallout can be devastating: 60% of SMBs go out of business within 6 months of an attack.
How cyber-attacks are developing
Cybercriminals are benefiting from technological developments in the same way everyone else is. With tools like AI and machine learning at their disposal, their ability to hack systems has reached a new level of sophistication. And with the Internet of Everything becoming part of our everyday lives, it means there are far more ways for them to get access to our personals and business data.
One of the most frightening aspects of cybercrime is that these new hacking tools are being sold on the dark web. Criminals can get hold of them in the same way everyone else downloads a programme from an online vendor. This can make them much more widespread and proliferate the amount of hacking taking place.
The biggest vulnerability
When it comes to getting hacked, the biggest vulnerability in many businesses is often the attitude of the owners. Because it’s the big companies we see on TV and in the papers, many SMBs think that their business is too small to be of interest to a cybercriminal – but this is a dangerous misconception.
There are over seven million attacks on UK small businesses every year according to the Institute of Directors. Despite this, the Small Business Trends website tells us that 51% of them do not spend a single penny on cyber security. That lack of security cost UK businesses £30 billion in 2016 and caused many smaller companies to fail.
What damage can a cybercriminal do?
For 60% of SMBs to go out of business after an attack, the damage must be substantial. Some hackers are after intellectual property such as designs, plans, big data and patents that they can sell on the black market. Personal data is another popular target, especially if you keep credit card and bank details of your customers. Lose this, and you can now be fined up to €20 million and get sued by the customers whose data you have lost.
Hackers will sometimes disrupt entire business operations by taking your critical apps offline. Processes that rely on software to run will cease. For small businesses, this is often done as part of a ransom. If you don’t pay up, you won’t be able to carry out your business.
The most common attack is on websites and there are multiple ways they can be attacked. For companies that rely on their site to do business, this can have devastating consequences for income and business reputation.
9 ways to increase your cyber security
To prevent your business falling victim to a cyberattack, we recommend the following:
1. Update your software to the newest versions
Hackers use tools to search the internet looking for websites and systems that use old software with known vulnerabilities. If your software is vulnerable, they’ll exploit the vulnerability to hack you.
2. Follow software developers’ guidelines
Developers know their software and its weaknesses better than anyone else. If they make a security recommendation you are best advised to follow it. Sign up for updates to make sure you do not miss any critical notifications.
3. Get an SSL certificate for your website
SSL (Secure Sockets Layer) certificates encrypt data that passes between a server and a client. This means any customers that buy directly from your website are assured their payment details cannot be stolen during the checkout process. You can buy an SSL certificate from your web host.
4. Use intrusion prevention tools
Intrusion detection and prevention tools stop hackers getting access to your website or online system. They offer strong protection for some of your apps and can be enabled using cPanel or Plesk.
5. Secure your site with the .htaccess file
The .htaccess file has many useful applications and these include its ability to prevent unauthorised access to the database and admin area of your website and to block unauthorised directory browsing and access to your files. This can be achieved by adding a few lines of instructions to your .htaccess file. For more information visit the Htaccess Tools website.
6. Scan your site for vulnerabilities
Vulnerability scanners, such as Site Scanner, make sure your website is monitored for intrusion, software holes and malware. If an issue is found, it can be dealt with quickly before serious damage takes place.
7. Securely configure your application firewall
A securely configured application firewall will protect your site from malicious SQL injection and cross-site scripting attacks. In addition, it blocks any HTTP requests that don’t conform to pre-set rules.
8. Beef up your password management
Password security requires more than having strong passwords. It also covers the way passwords are used and managed. A strong password policy is, therefore, also recommended.
An effective solution for password management is to use a credential vault. These create very secure passwords that the users themselves don’t need to know. Instead, they are just required to authenticate their ID. This way, passwords cannot be lost, stolen or given away.
9. Regularly backup your data
What causes most businesses to fail after a cyberattack is their inability to recover quickly from the damage that has been inflicted. If your website is taken offline and all your content and data are deleted, it could be the end of your business. However, if you have a recent backup of that data and your website files, you could be back online and operating again very quickly.
For this reason, backing up your website is not really an option – it is a necessity.
Cybercriminals will continue to develop increasingly sophisticated means of attacking websites and systems and no business is free from that threat. For business owners, cyber security is a responsibility that needs to be on the agenda and hopefully, the information given in this article will help you make your site more secure.
WHUK provides a range of effective services to protect our clients’ security, these include SSL certificates, remote backups, vulnerability scanning, robust firewalls and expertly staffed 24/7 technical support. If you are concerned about your website security or want to know how WHUK can help your business stay secure, get in touch on 0800 862 0890.