Cyber-attacks have more than doubled since the pandemic, and smaller businesses without the support of a large IT department are often among the easiest targets for hackers. Latest government research found that 22% of small businesses have experienced cybercrime in the last 12 months.
While you might not frequently read about these types of attacks in the media, they’re happening every day across the UK. The perpetrators are no longer simply bored teenagers in the far corners of the world; there are vast and powerful armies of bots designed to exploit online vulnerabilities by any means possible.
These attacks are usually randomised and unsophisticated; their sole aim is to bring down or breach the websites they deem to be the weakest. Basic errors in a website’s hosting and security configuration, such as unsecure file permissions, weak passwords in the site’s admin area or websites which run on outdated software are the most common routes in for hackers.
Sites with e-commerce facilities are at higher risk; hackers can insert malware or code into a web page to capture a customer’s card details at checkout, and subsequently sell those details on the dark web.
However, all types of businesses can be vulnerable. Most frequently, attackers use malware to delete content from a website or redirect its URL to a malicious source. Other challenges include brute force attacks where bots repeatedly try to guess passwords to gain unauthorised access, and DDoS attacks, where hackers flood a website’s server with requests to bring it down.
Recently, we’ve seen a rise in ‘bounty scams’, which target small business owners who may not know much about website security. Attackers send fear-based emails highlighting ‘dangerous problems we’ve detected on your website’, then request a large sum of money – a ‘bug bounty’ – to fix it. If the business owner refuses, they threaten to attack the vulnerability they’ve detected.
This new trend is worrying, but by far the most concerning tactic – which sadly we see all too often – is phishing. In this case, attacks are planned and relatively sophisticated. A hacker will break into email chains between a small business and a customer who needs to pay for a transaction – someone using a solicitor, a mortgage broker or insurance provider, for instance.
They’ll watch the email trail and wait for the opportunity, then mimic the company’s logo, email and invoice but change the bank details to their own. Unfortunately, there’s very little a company can do to protect against phishing attacks via email; we would simply advise businesses to make their customers aware of such scams.
However, there are lots of ways small businesses can improve their website’s security. Changing weak passwords, enabling two-factor authentication and updating software is the first step. Secondly, it’s important to use a reliable hosting provider with strong security measures; they should be carrying out regular security updates with all the latest patches. In particular, they should have DDos mitigation in place that blocks an attack before it hits your data centre.
The third step is to ensure you have strong firewalling measures in place. Attackers are ultimately trying to poke holes in your defences, but a good hosting provider can install additional security measures which detect any suspicious activity – like repeated failed login attempts – and ensure that user is automatically blocked.
For small businesses such as online retailers whose website is business-critical, a final level of security is penetration testing. This is where your hosting provider attempts to break into your site to identify any vulnerabilities before attackers do, so they can be quickly fixed. While no website can ever be completely immune to cyber-attacks, these essential measures will significantly reduce the chances of security breaches – and therefore minimise business disruption.
ProStack is a leading sustainable hosting provider which supports SMEs and online businesses across the UK. For more information and to find out more about ProStack’s secure hosting options and penetration testing services, visit https://prostack.uk/
2 Comments
Pingback: Is Your Website Prepared for a Cyberattack? | Edexec
Pingback: Is Your Website Prepared for a Cyberattack? | Dealer Support