Today, being online is a standard! Whatever the size of your business is, customers want to pass orders, check new products or interact with your company online, anytime and from anywhere. For sure, Internet offer great opportunity! But this 24/7 accessibility brings another question. Should small businesses worry about website security? Or, should it be regarded as the exclusive privilege of the largest companies?
Old habits die hard! Despite the spread of alarming reports on the vulnerability of small businesses, important decisions to tackle this issue are often postponed. Wrong perceptions of cyber risks and lack of budget or expertise prevent small business owners to choose a proactive strategy. Is it worth taking the risk? Testing your website security is not only a good practice. Regulators tend to make it compulsory and many more internet users feel concerned with the questions of privacy. A Russian proverb says: “Trust, but verify”.
Statistics are sending clear wake-up calls…
Based on security expert reports, cyber attacks against websites increased by 56% in 2018. A typical small business website is attacked more than 58 times a day. Almost half of those websites have high security vulnerabilities and small businesses are targeted 43% of the time. According to the US National Cyber Security Alliance, 60% of small and midsized businesses that are hacked go out of business within 6 months.
Another recent study of the web hosting company GoDaddy over 65,000 infected website cleanup requests from small business customers from across the globe, nearly half reported suffering a financial loss due to hacking. More than 3 out of 10 small businesses who suffered a cyber breach reported they had to inform customers and clients.
… but wrong perception of the risks still remains.
Despite the alarming trend of cyber attacks on small businesses, a vast majority of small businesses still believes that hackers are only interested in attacking large firms and their companies are too small to warrant the investment. As it often goes unreported by the media, this cyber criminality keeps flying under the radar. The impact of cyber attacks remains underestimated until you get hit.
The lack of internal expertise or budget are additional difficulties to overcome. Small businesses don’t have IT staff and hiring external experts has a cost. The increasing sophistication of hacker threats requires specific expertise to understand the impact of some attacks on your business and anticipate them. Setting up the security strategy of your website can only be done after assessing the vulnerability of your website.
A different reality.
The reality is different! Unfortunately, it happens to often that small businesses worry about website security when it is too late. First of all, most hackers find small businesses to be very attractive targets precisely because they know that they may not have comprehensive cyber security defenses in place. Moreover, tons of automated tools are scanning the web 24/7 looking for vulnerabilities without making difference between very small or large businesses.
Small business owners underestimate the cost and consequences of a cyber attack. Hackers do not simply break websites! Backups cannot solve all the problems. Being the victim of a cyber attack can bring more complex problems. It can impact your business in an invisible way, for long period. If your website is hacked by malicious software then it’s also possible that your internal systems connected to it will ultimately be vulnerable to ransomware and other attacks.
Running a website might also involve a problem of liability. Your customers expect a safe online experience when they visit your site. If hackers accessed information through your company’s online systems, most likely, you would be held responsible. Recently, a polish retailer gets €645,000 fine under GDPR for “insufficient organizational and technical safeguards” (read). While the question of liability is still not clear cut, businesses can protect themselves and their customers by following the guidelines included in this article.
What to do then?
First, you need to know where you stand. No need to spend money to secure the door of your home if the windows is wide open right ? Most hackers are looking first for easy-to-accomplish exploits. You can reduce drastically your risk exposure by patching the biggest security holes before hackers use them.