AD FEATURE: Small businesses with poorly hosted websites are easy targets for hackers
Cyber-attacks have more than doubled since the pandemic, and smaller businesses without the support of a large IT department are often among the easiest targets for hackers.
Latest government research found that 22% of small businesses have experienced cyber crime in the last 12 months.
While you might not frequently read about these types of attacks in the media, they’re happening every day across the UK.
The perpetrators are no longer simply bored teenagers in the far corners of the world – there are vast and powerful armies of bots designed to exploit online vulnerabilities by any means possible.
These attacks are usually randomised and unsophisticated – their sole aim is to bring down or breach the websites they deem to be the weakest.
Common hacking tactics
Basic errors in a website’s hosting and security configuration are the most common routes in for hackers.
Sites with e-commerce facilities are at higher risk. Hackers can insert malware or code into a web page to capture a customer’s card details at checkout, and subsequently sell those details on the dark web.
However, all types of businesses can be vulnerable. Most frequently, attackers use malware to delete content from a website or redirect its URL to a malicious source.
Other challenges include brute force attacks where bots repeatedly try to guess passwords to gain unauthorised access, and DDoS attacks, where hackers flood a website’s server with requests to bring it down.
Recently, there’s been a rise in ‘bounty scams’, which target small business owners who may not know much about website security.
Attackers send fear-based emails highlighting ‘dangerous problems we’ve detected on your website’, then request a large sum of money – a ‘bug bounty’ – to fix it.
If the business owner refuses, they threaten to attack the vulnerability they’ve detected.
Phishing attacks
By far, the most concerning tactic is phishing, where attacks are planned and relatively sophisticated.
A hacker will break into email chains between a small business and a customer who needs to pay for a transaction – someone using a solicitor, a mortgage broker or an insurance provider, for instance.
They’ll watch the email trail and wait for the opportunity, then mimic the company’s logo, email and invoice but change the bank details to their own.
Unfortunately, there’s very little a company can do to protect against phishing attacks via email so the advice for businesses is to make their customers aware of such scams.
Improve your website security
However, there are lots of ways small businesses can improve their website’s security.
Changing weak passwords, enabling two-factor authentication and updating software is the first step.
Secondly, it’s important to use a reliable hosting provider with strong security measures – they should be carrying out regular security updates with all the latest patches.
The third step is to ensure you have strong firewalling measures in place.
Attackers are ultimately trying to poke holes in your defences, but a good hosting provider can install additional security measures which detect any suspicious activity – like repeated failed login attempts – and ensure that the user is automatically blocked.
For small businesses such as online retailers whose websites are business-critical, a final level of security is penetration testing.
This is where your hosting provider attempts to break into your site to identify any vulnerabilities before attackers do, so they can be quickly fixed.
Find out more
ProStack is a leading sustainable hosting provider which supports SMEs and online businesses across the UK.
For further information and to find out more about ProStack’s secure hosting options and penetration testing services, visit the website.