By Robert Zimmer
Small business owners are beginning to realize that their website will at some point be in the crosshairs of hackers. Doing nothing is simply no longer an option – after all, it’s not worth the embarrassment, loss of customer trust, the risk to their brand’s reputation or even their very survival. While most small firms have a limited budget for protecting their website and associated data, they can no longer afford the luxury of “rolling the dice” on security. It’s now time to employ tools that provide comprehensive protection by searching and closing vulnerabilities that hackers look for when targeting their next victim.
With roughly 30,000 new websites hacked every day and a clear gap in security funding and expertise, small businesses are facing an existential threat that’s climbed 300% over last year’s stats. It is becoming imperative that SMBs recognize the new reality that they are now the most common target of cybercrime. Integrating security into their daily operations is now just as important as paying employees and ordering enough product to meet demand.
Certain small businesses segments are targeted for specific attacks because they constantly interact with their client’s data (doctor offices, healthcare providers, ambulance services, even small police departments). Another common reason that businesses are specifically targeted is the use of outdated computers and operating systems. Microsoft stopped releasing security patches for Its XP system (developed in 2001) in the fall of 2014. There is simply no way to upgrade security on older machines or software, yet 7% of businesses worldwide still use XP for everyday client interactions despite the risks.
Despite non-stop media coverage of high-profile breaches, small business owners still lag behind their larger counterparts in shifting to become part of a better protected internet for all. Many of the breaches that occurred at Fortune 500 companies actually started with someone hacking into a small business vendor or client to use as an access point into the larger corporate network. Yet, a glaring lack of awareness about the value of personally identifying information and security best practices still leaves some SMBs dangerously perched on the slippery slope of risk, and despite growing frustration among customers.
Businesses that transmit any sensitive data (such as credit card numbers, billing addresses, etc.) should encrypt all data traffic using SSL or TSL protocols. Even though hackers have adopted SSL encryption, this still adds a necessary layer of protection that can prove vital to protection.
Hackers are turning increasingly to web applications which allow them to circumvent firewalls and network security tools to surreptitiously access your company’s “crown jewels.” Just as hackers utilize sophisticated scanners to pinpoint weaknesses, firms must adopt some form of vulnerability probe that scans for vulnerabilities that could invite unwanted interest.
Once you’ve implemented the best security barriers that you can afford, including cloud-based firewalls and application scanners, then it’s time to patch an even bigger vulnerability – your employees. Educating your workforce about the need for smarter passwords, being vigilant against phishing emails, and thinking before they click will add immense value to your overall security investment.
Robert Zimmer is vice president of the strategy at GamaSec, a global provider of website security solutions for small and medium-sized businesses. The company offers a unique combination of cloud-based website vulnerability identification, remediation-as-service, web attack prevention as well as a Data Breach Limited Warranty. Founded in 2006, GamaSec is headquartered in Israel with offices in New York City. Visit www.gamasec.com.