Cybercriminals don’t only target large companies.
The unfortunate reality is that small businesses are just as likely to be attacked and usually have fewer security measures in place. Most hackers use automated bots that scour the web looking for easy opportunities. They don’t discriminate based on the popularity of a site and are so prolific, as reported by ZD Net, that they make up 20% or more of all web traffic!
Unless you’re a large business or one that collects a lot of sensitive data (like a healthcare provider or financial institution) it’s unlikely that a hacker will specifically target you. But you’re still vulnerable to more common — and still dangerous — automated bot attacks.
If you aren’t prepared, the results can disrupt your business and cost you time and money. But a few simple changes can defend your site against the majority of attacks.
The effects of cyber attacks on small businesses
How many small businesses are attacked? Studies vary, but they all report substantial numbers:
- This article shows that 68% of small businesses have been victimized by a cyber attack within the last 12 months.
- Another says that 47% were attacked at least once in the past year, with nearly half of those suffering multiple attacks.
- Forbes reports that 58% of malware attack victims are small businesses.
The harm caused by a hack ranges from stolen data to fraudulent charges, a damaged reputation, lost customers, expensive site repairs, and even lawsuits. One source predicts that by 2021, cyber attacks across all businesses will cost $6 trillion, twice as much as they cost in 2015. Yes, that’s trillion — 12 zeroes.
For small businesses, studies have found a range of average cyber attack costs, from $120,000 to $1.24 million. When you include larger businesses, the average spikes to nearly $4 million. But smaller businesses feel the impact more keenly — they lose a greater percentage of revenue. For online stores and businesses that hold large amounts of sensitive data, a breach could translate to losses company wide. According to the Better Business Bureau, only 35% of small businesses that lost their data because of an attack were still profitable three months later.
How can you protect your small business?
Just as locking your doors and setting an alarm wards off potential burglaries, investing in a few online security measures will deter the majority of attacks. These fall under two categories:
1. Prepare for a cyber attack
Your employees are the first line of defense, whether they maintain your site or log in occasionally to respond to comments. Anyone with access to your site could cause a vulnerability. Train your employees on best practices, like setting strong passwords and logging out of shared computers when they’re finished working.
Preparation also involves assessing risks and planning system-wide responses:
- Create automatic backups for your site
- Practice restoring your site — you don’t want to be scrambling in the middle of a hack
- Audit users with access to your site and remove past employees and unnecessary accounts
- Consider a BYOD (bring your own device) policy
- Implement a password policy that requires users to update passwords regularly and follow best practices
Each scenario calls for a different response so you can maintain business operations while minimizing losses and protecting customers.
2. Protect data and other assets
Protecting a website is similar to protecting a home: lock your doors, set an alarm, and have a recovery plan. Jetpack provides the functionality you need for all three of these tasks.
Lock your doors
Keeping hackers out starts with setting strong passwords — hopefully you’ve already done that! The next most effective tool is a brute force attack prevention tool.
During brute force attacks, automated bots attempt to break into your site with different combinations of usernames and passwords. Because hackers use a large network of computers, they can try thousands of passwords per second! Jetpack’s brute force attack protection tools automatically block these attacks. You can quickly view the number of attacks that were prevented in your dashboard — the average is 5,193 over a site’s lifetime.
Supplement your strong password and brute force attack protection with unique usernames. Avoid overused phrases like “Admin”, “Support”, and “Manager.” The more typical your username, the easier it is for someone to guess.
Add another layer of security with two-step authentication. This takes things a step further by sending a unique code to your mobile device; your site will ask for the code before allowing you to log in. Even if someone correctly guesses your password, they must also physically possess your phone in order to log in. This is an incredibly effective method of safeguarding your website.
To enable secure authentication, start by turning on Secure Sign-on. Then:
- Navigate to the Two-Step Authentication page of your WordPress.com account.
- Click the blue Get Started button.
- Select your country and enter your cell phone number. Click Verify Via SMS.
- You’ll receive a text message with a code. Enter this code in the Verify Code window in your WordPress.com dashboard.
- Finally, you’ll be prompted to print backup codes. Make sure to do this, as it’s the only way to log back into your account without support if you lose your phone!
- Click All Finished.
If you’re up for an advanced task, consider adding a firewall for complete protection. A firewall is an extra barrier between visitors and your website that monitors and filters out any potentially harmful traffic. You may need to contact your web host to set this up.
Install an alarm
If someone was trying to break into your house, you’d want to know, right? Jetpack offers tools that monitor your site and alert you if anything’s wrong so you can address it as quickly as possible. Hackers are stealthy — you might not be aware of the damage they’ve caused until it’s too late to fix.
Jetpack Scan automatically checks your website for suspicious code or activity each day. If it finds something wrong, it instantly sends you an email with detailed information about the threat and any compromised files. You can also view the security alerts in your activity log, and automatically resolve most known threats with a click.
Downtime monitoring checks your website every five minutes from servers around the world. If it’s not loading, you’ll receive an instant notification, via email and in the activity log, so you can troubleshoot or restore a backup. When your site’s working again, Jetpack will send another email so you know exactly how long it was down.
Recover after an attack
If your site is hacked, it’s important to minimize the damage. Backups are your best tool: if you’re able to restore a full, clean backup of your website after a hack, you can get your business up and running in minutes, not hours or days.
Jetpack Backup provides Real-time backups: copies of your site are continually saved as you edit so that you never lose any of your hard work
Backups are saved on Jetpack’s secure servers, completely separate from your website. This means that if your site is compromised, your backups won’t be. And if you can’t access your website at all, you can still restore a backup by accessing your site’s activity log.
Best of all, it doesn’t involve any development knowledge —just a few clicks.
What’s the greatest threat to your small business?
Your greatest threat is inaction – hoping nothing bad happens to you. Just like no one wants a house fire, flood, or hurricane, no one wants someone to hack their website.
But small business owners rarely have time to spend on security measures. They’re focused on delivering products or services, making sales, managing employees, marketing, and accounting. That’s why the best security tools operate automatically, behind the scenes. You don’t have to waste time every week backing up your website. You don’t need to scan databases or website files for viruses and malware.
So, here’s your action plan: consider how much time and money you’ve invested in your website and how much it would hurt to lose it all. Then, decide which security procedures and tools you need to implement. Finally, put your plan into action!
Jetpack 