In 2019, the headlines were filled with one data breach after the next. Notably, the launch of the much-anticipated Disney Plus service left thousands of users stunned to be locked out of their accounts, while cybercriminals swiftly sold them on the dark web for a quick profit.
Additionally, Macy’s revealed its website suffered a security breach that left customer payment details vulnerable for a week. Unfortunately, this trend is unlikely to pass as we venture into the new decade. As the threat landscape continues to evolve, cyber attacks will become stealthier and more sophisticated.
While large corporate breaches like Disney Plus and Macy’s dominate the media headlines, the reality is no website is too small to hack. In fact, nearly 70% of small and medium-sized businesses (SMBs) experience cyber attacks. That’s why establishing website security as a priority in 2020 for your small business is crucial if you haven’t already. So, where should you get started?
Read on to learn more about the top four frequently asked questions about website security, and why it’s important for today’s small businesses to thrive and succeed online.
1. What is website security?
In a nutshell, website security gives you the power to protect your website and visitors from dangerous cyberthreats. The average website experiences a staggering 62 attacks per day, and website security provides powerful protection from these attempts to breach your site.
Some key website security solutions include:
- Website Scanning: A website scanner will check for and alert you to malware and vulnerabilities on your website.
- Malware Removal - Malware removal automatically cleans malicious content from your website, creating a safe visitor experience. You can think of malware removal like having an immediate pest control for your site — if there’s a malware-related issue, it is removed automatically.
- Web Application Firewall (WAF): A WAF acts as the first line of defense for your website, preventing cybercriminals and malicious traffic from entering your site.
2. Doesn’t my hosting provider protect me?
A common misconception amongst most website owners is that their hosting providers secure the websites residing on their servers. When, in fact, the hosting providers responsibility from a security perspective is simply to protect the server itself. You can think of the server like an apartment building, and your website like the apartment. The building management is responsible for providing on-site security staff, but each tenant is responsible for obtaining a security system for their apartment. That’s why it’s very important for website owners to proactively attain their own means of securing their digital storefronts.
Along with the security component, your small business should be aware of the revenue impact associated with leaving your site unsecured. In fact, one successful cyber attack can cost your business as much as $427 per minute from the downtime it takes to recover — and that doesn’t even factor in the costs associated with rebuilding your brand’s reputation.
3. What if I don’t sell anything on my website? Do I still need protection?
Ecommerce websites are undoubtedly significant targets for cybercriminals, but it’s still essential to secure your website even if you aren’t running an online store. Cybercriminals are interested in other assets, data, and resources outside of payment information.
What are cybercriminals looking for?
- Email addresses: The email list you’ve worked so hard to build could be a target for phishers and scammers.
- Your website’s traffic: A type of malware called a URL redirect could automatically send visitors from your website to a malicious website.
- Your keyword rankings: SEO spam is a type of attack that injects spammy keywords and links into your website. These keywords and links tell Google what your website should rank for in their search results. SEO spam forces your website to show up in results for the unrelated keywords, while preventing your landing pages from displaying in searches for terms related to your business.
- Your visitors’ attention: Defacements, a type of attack that vandalizes your site, are often executed with the intent to push a political or religious agenda.
4. I’m not really using my site; how could I get hacked?
If you are using your website mainly to “keep the lights on” for your business’s online presence, or you have a basic personal or informational site, website security should still be in the mix. It might surprise you to learn that your website is still vulnerable to attacks even if you’re not using it. In fact, if you’re not maintaining your website, it could be even more susceptible to attack for the following reasons:
- Outdated Plugins: Outdated plugins may contain unpatched security issues, which occur either because the patches were never downloaded, or never created by the developer in the first place. In fact, 44% of plugins in the WordPress repository have not been updated in over a year. When left unpatched, these issues may cause vulnerabilities.
- Outdated CMS: 52% of infected WordPress websites were not running the latest security patches for WordPress core at time of compromise.
- With cyber attacks becoming stealthier and more sophisticated by the day, ensuring you have the proper level of website security has never been more imperative. To defend your business’s reputation, revenue, and traffic, make it a point to tackle security for your website in 2020.