Published September 11, 2019
Unfortunately, many small businesses are not properly protected from cyberattacks. Many small to medium-sized business (SMB) owners manage their own websites, lack the resources to invest in a cybersecurity plan, and don't think a security breach will happen to them. The truth is no website is too small to hack. Even the smallest websites get targeted by cybercriminals looking to steal resources like bandwidth, traffic, or visitor data. In fact, a 2018 survey by the small business association SCORE revealed that 43 percent of cyberattacks target small businesses.
International cybercriminals who target U.S. business owners are motivated by many factors. Some want to gain political or economic advantage over the United States, while others want to influence the way American citizens think, behave, or make decisions.
In the age of big data, it's becoming even easier for foreign cybercriminals to intercept our private information. As we continue to introduce more digital devices into our personal lives and businesses, there are a growing number of opportunities for international hackers to target American companies and individuals.
According to SiteLock research, the average website is the target of 62 cyberattacks per day. Depending on their motive, cybercriminals can stealthily launch attacks to damage a website's infrastructure or take a more conspicuous approach to fuel a political agenda.
This stealthy approach commonly involves using malware to insert a backdoor file into a website. Recent SiteLock data indicates that in 2018, 50 percent of malware-infected websites had a backdoor file. Backdoors are malicious codes that are inserted into your website and grant cybercriminals remote access to your site. If the backdoor goes undetected, this type of access can continue for a long time. This means that hackers can repeatedly gain entry to your site and re-infect it many times.
Cybercriminals can also opt for a more conspicuous approach, like launching a defacement attack on your website. In 2018, approximately 15 percent of malware-infected websites were defaced. A defacement attack is when cybercriminals replace your website content with their own images. Defacements function as a kind of graffiti on your website and can be humorous, shocking, or political in nature. Regardless of the approach cybercriminals take, they can seriously damage your website.
Although small businesses are often targeted by international cybercriminals, you can take basic actions to protect your small business website:
Implement a web application firewall (WAF).
A WAF is a proactive solution for monitoring your website traffic. Using a WAF lets you set customized rules to block outside traffic from foreign countries to ensure your website traffic is safe from international cybercriminals. This helps prevent backdoor files and malicious traffic.
Secure your Wi-Fi connection.
Always use a VPN whenever you or other employees access email and company information using an unsecured Wi-Fi network. A VPN is a secure connection that encrypts your data and transmits it through remote servers, making it much more difficult for international cybercriminals to intercept your company data.
Monitor your website at all times.
Scan your website daily for malware, vulnerabilities, and other suspicious threats. Choose a website security scanner that can automatically remove malware and patch vulnerabilities when detected. This helps to remove any suspicious files such as a backdoor or defacement.
Be cautious of all links and emails.
Phishing emails may look innocuous but are intended to trick you into handing over sensitive information. It's important to be aware of red flags that indicate a possible phishing email, and to be cautious with emails from unknown senders. Avoid clicking on email links or attachments from unknown senders.
Foreign cyberthreats are a major security concern for small business website owners. Implementing basic cybersecurity practices can go a long way in helping to protect your business website from international cybercriminals.