Why Your Small Business is Always at Risk from Cyber Attacks?

For too long, business owners have assumed that their small business website is not at risk from cyber attacks. But little do they know, their website is like a bullseye for hackers.

They will do whatever it takes to gain the money and exposure that they crave at the expense of your business and potentially your livelihood.

You may think that it’s unlikely your site will be targeted out of the millions of websites out there. But what are the chances that it could happen to you?

Well, according to the National Cyber Security Alliance, 1 in 5 businesses have fallen victim to cyber-crime.

Maybe we should stop and think about that for a second. That means there is a 20% chance of being hacked.

And a further 60% go out of business within 6 months after the initial attack, according to a report by PCWorld.

It is malicious and aggressive behaviour, making it even more important to be aware of the risks and follow best practices where possible.

—

Why Small Businesses are Increasingly Becoming a Target for Hackers

Not only are there plenty of small businesses to choose from, but they are easy-pickings for hackers, and they don’t always fight back like the bigger companies.

If you think about, there are fewer risks for hackers.

Not all small companies will have the type of monitoring, forensics, logs, system warnings and other defence systems that would alert and protect them (even though it’s possible to have cost-effective protection).

Targeting bigger companies might sound more lucrative, but there is still a chance for a huge payoff by penetrating your site as it could lead the attackers to target the bigger company at some point along the way.

Hackers don’t target your site because of specific characteristics like size, valuation, industry, etc. They only need to look for one thing, and that is a vulnerability.

—

Human-Error Can Lead to Cyber Attacks

Dozens of programmers working in co-working space — Simple yet innocent human errors can cause cyber attacks – Image via Alex Kotliarskyi

But let’s say that you have protected your site to the max from external threats. Did you know that there are internal cyber threats too?

Meaning from your employees, colleagues…and even yourself?

It is often the case that lack of awareness and care can lead to a major security breach, which is frustrating because it is avoidable.

We will explain more later, but it just shows that it doesn’t matter what you are doing – you are always at risk from some kind of online security threat, whether it’s from a 3rd party or from under your own roof.

—

Different Types of Hacker Attacks that Small Businesses are at Risk of

This list is by no means complete, but to keep it free from technical jargon and straight to the point, we will look at some of the most common hacker attacks that could threaten your business.

The Inside Attack

Sometimes, you don’t need to look very far to be the victim of a cyber attack.

Some of the most common types of a breach are when past employees have come back to haunt the ex-employers by accessing data discreetly.

Make sure you revoke login access to any employees upon termination.

Failure to do so can leave a disgruntled ex-employee to access your data and even spread malware.

Phishing for Emails

6 mailboxes outside a house — Your mail could put you and your company at risk from security breach – Image via Mathyas Kurmann

Another attack which may seem innocent is ‘phishing’, which is when you receive what seems like an innocent-looking link within your email, and you decide to click on it.

But once that link is clicked on, it’s too late. And don’t even think that closing the browser and computer will stop the hackers from having access to your system.

It used to be simple. If it sounds too good to be true, it normally is.

But spammers are getting smarter at making malicious emails and even official login pages look very legitimate.

I just discovered this on an external site. On the left we have a phishing portal, on the right the real deal! #phishing #ScamAlert #Apple pic.twitter.com/nkkjK5So2P

— Jason Murray (@_JasonMurray) February 1, 2017

Making sure that you and your employees are aware of the risk and responsibilities involved to protect your site.

Sometimes, the purest and most innocent action can lead to a severe hacker attack.

Lack of protection on smartphone

There is a good chance that your company phone (or your phone in general) will contain very sensitive information.

And if it falls into the wrong hands, it can get very nasty.

Limit the risk of having your phone exposed by using the likes of a strong PIN number, 2-Factor Authentication and even password-protect your apps.

For each of the apps that require login details, I lock the apps within a separate form of lock (on top of the screen lock).

You are bound to find some free or low-cost app locks to prevent anyone from accessing those apps like WhatsApp and Facebook on iOS and Android.

It’s a small price to pay for that extra level of security.

Weak Passwords

There’s a reason why using a weak password is also one of the top reasons why your site is vulnerable.

The fact that the most common passwords are the likes of “qwerty”, “password”, “12345” tells you that online security is not taken seriously and it’s an easy opportunity for the hackers.

123456
password
12345
abc123
admin
football
qwerty
welcome
letmein
login
121212
passw0rd
princess
ninja
forgotpassword
flowers1234
lovedogs
dragon
secret
sunshine
master
baseball
trustno1
monkey
1234567890
zaq1zaq1
1111111
solo
123456789
password1#280characters of bad passwords

— LastPass (@LastPass) November 8, 2017

Some people resort to using something a little bit more private, like the name of their pet combined with their year of birth.

But it only takes a look at your social media to realise when you birthday is and what the name of your dog is in the photograph.

Use password managers like LastPass to make your passwords ultra secure.

Repetitive passwords

You could have the most robust password in the world, but it is still not advisable to use them in more than one place.

Imagine if you have one key for all doors – for your house, office and car. And imagine if you lost that key.

The same principle applies if you use the same password everywhere.

If anyone has access to that password, that means you have given them a key to other doors to unlock, just because you have used the same password elsewhere.

So make them unique, and again, using LastPass can go a long way towards making it easier for you to do that.

Outdated software & tools

Old tools on a wall of a shed — Your tools can help and damage your company – Image via Ricky Kharawala

Always, always, always make sure that you update everything that you have.

System, WordPress core, plugins, themes, tools, apps…you can’t leave any of them out.

And that applies to all electronic devices from your computer to your smart TV, to your games console to your robotic floor cleaner.

Many updates are there to make your devices and account more secure and to fix any security loopholes.

So naturally, if you don’t update, you risk leaving the door wide open for the hackers to find and then to penetrate your account.

Using unsecured WiFi

You might be working remotely, or on the go, so you decided to take advantage of the free and open WiFi to send off a quick email.

But that’s when danger can lurk via the man-in-the-middle attack.

Cartoon illustration of 'man in the middle attack — Funny illustration of the ‘man in the middle’ attack – Image via Kaspersky

It doesn’t matter what you do or how long it will take – it is very easy for anyone to look at what you’re doing on your electronic devices via open WiFi.

The best thing is to use a VPN (virtual private network) like NordVPN whenever you are logged in to a WiFi that is not yours. This will help to anonymise your IP address and prevent any prying eyes from watching your online activity on open WiFi.

Even if it has a password, there is no guarantee of protection, particularly if that same password is open to everyone who can use it.

Use a business-grade malware protection program

Even if you don’t use your computer for extremely sensitive business operations, anyone who has access to your computer will leave you powerless and risk severe damage to your business.

For example, you could then lose access to your social media and email login details, or worse, lose complete control of your computer.

There are plenty of options out there, like Avast, McAfee, Norton and many others which can provide you protection.

Even the free version of many anti-virus software programs can do a relatively decent job and it is better than nothing.

But don’t forget to keep the software of your choice updated too. Otherwise, you are defeating the purpose of having it.

—

The challenge to protect yourself as a small business owner is daunting. But whether you like or not, you are at risk.

It is impossible to be 100% secure against cyber-attacks, just like it is impossible to guarantee that you will never be in a car accident or trip yourself up while walking.

But you can reduce the likelihood of it happening to you.

Most people forget that attacks tend to be automated and are mainly focused on looking for those vulnerabilities. In fact, fraud automation is on the rise and it has been created to increase the power and speed of their attacks.

What are the chances that those machines will eventually find a vulnerability in your site?

The answer could be more than the 20% originally stated…and you would not want to be part of the statistic.

About
Latest Posts

Ahmed Khalifa

Founder & Director at Khalifa Media

Ahmed helps small businesses to maximise the potential of their WordPress sites by growing their online visibility, increase audience engagement and encourage conversions.