It won’t come as a surprise that 2017 was the worst year yet in terms of cyberattacks, with an 18 percent increase [opens PDF] in reported breach incidents. Considering that 93 percent of all 2017 breaches could have been prevented, it’s clear that many businesses need to put greater emphasis on their website security strategies.
Protecting against the increasing sophistication of hackers should be a top concern for small and medium-sized businesses (SMBs) – generally organizations with 250 or fewer employees that lack the dedicated IT teams and budgets of their enterprise counterparts. This shortage of resources makes them a prime target: 70 percent of all cyberattacks are aimed at SMBs.
Don’t let your business succumb to a preventable attack. If any of these three signs apply to your small business, it may be time to rethink your website security strategy:
You Don’t Know Who Is Responsible for Website Security
Many businesses that experience a hack don’t know who handles their security. Generally, this means no one does. In fact, 25 percent of SMBs [opens PDF] admit that they’re not sure who owns the responsibility to secure their website. Responsibility falls on the website owner, not the webhost, or any other third party. Too often, a website has been completely unprotected for its entire existence – a scary thought when you consider the average website is targeted by hackers 44 times per day, according to SiteLock’s Q4 2017 Website Security Insider.
You Haven’t Taken Inventory of Your Website
Often, SMBs aren’t familiar with the type of Content Management System (CMS) their site runs on (WordPress, Joomla!, etc.), let alone the steps necessary to update and secure it. Research shows that despite the constant release of new patches to handle evolving threats, SMBs typically don’t take advantage of them. For example, recent SiteLock research shows that 55 percent of SMBs [opens PDF] whose WordPress sites were affected by a breach were not running the most up-to-date core version of the CMS.
There are three factors that typically drive a website to be outdated. First, business owners are busy running their day-to-day operations and don’t keep up with necessary site maintenance. Second, patches happen frequently, and it’s hard to keep up without a defined process or patch automation when possible. Third, there is a general lack of education about website security and maintenance, including the false assumption that when a patch is needed, it happens automatically.
You Don’t Have a Response Plan
Considering the prevalence of cyberattacks, an in-depth and well-tested response plan is a necessity for any business. Every employee should understand their role in how to respond when a breach occurs. If your team is capable of springing into action immediately, you have a better chance of mitigating the damage. Another option would be to work with a third-party expert to handle website security and can develop and execute on a response plan if necessary.
3 Proactive Steps to Address Security Holes
If it feels as if there’s a new cyber threat every day, that’s because there is – in fact, a new malware specimen emerged every 4.2 seconds in 2017. SMBs without in-house cybersecurity teams and dedicated resources must make it a priority to guard themselves against these threats.
To increase the security of their websites, SMBs should implement the following measures:
Designate a Website Security Lead
Establishing website security begins by assigning the task to an internal leader or team. By defining responsibility in this way, companies can solve the accountability problem that leaves so many businesses’ sites vulnerable. In terms of determining responsibility for website security, that’s a conversation that should always begin at the highest level of leadership. While options vary in terms of assigning a leader, one possibility – particularly at smaller companies -- is to outsource that role to a security expert.
Automate Where Possible
If taking inventory of your website tends to fall to the wayside, a “set it and forget it” model can be the best option for website security. Automating the scanning and patching of your website is easily done by partnering with an outside vendor or implementing a website security solution with this capability. Either option allows you to rest easy and focus on running your business, knowing that web security maintenance is taken care of.
Get Educated About Security Best Practices
Without a foundational knowledge of cybersecurity, your team will not effectively implement your response plan. To ensure the highest levels of website security, all employees should be educated in the fundamentals of cybersecurity and best practices to keep data safe. As hackers become smarter and more broad-based in their attack strategies, the need for all employees to be cyber literate will only increase. Providing consistent and comprehensive cyber training can also help prevent irresponsible employee actions such as accidentally engaging with phishing kits or malware mailers.
Running a profitable business while trying to protect it in today’s ever-evolving cybersecurity landscape is hard work. It can’t be done alone or without thoughtful planning and execution. But when business owners gather the proper experts and resources needed, they can be confident their website is secure in an increasingly challenging and risky online environment.
About Neill Feather
Neil Feather is the president of SiteLock, the leading provider of website security solutions for business. At SiteLock, Neill leads the company's approach to 360-degree domain security by providing industry analysis and utilizing rapidly evolving data sets related to security and hacking trends. Neill has over 20 years of experience in the technology and systems industry, notably providing technology solutions and industry insights for Johnson & Johnson prior to joining SiteLock. Neill holds B.S. degrees in Statistics & Information Systems and International Business from the Pennsylvania State University, and an MBA from the University of Pennsylvania's Wharton School of Business.