‘Small business website security paradox’ threatens SMEs online – report

MANILA, Philippines – A new cybersecurity report commissioned by web hosting firm GoDaddy reported that small and medium enterprises (SMEs) are just as vulnerable as big companies when it comes to website security attacks and their consequent effects on business. 

The study, titled Small Business Website Security Report, showed that online hackers prey on SME owners’ limited knowledge of online security and minimal budgets for the protection of their websites, making them easy targets of cyber attacks. 

“We refer to this as the small business website security paradox – small business owners lack the knowledge and their perceived notion of funds needed to more fully secure their website. But once the website gets hacked, it can lead to significant financial loss due to its effect on business reputation,” said Tony Perez, General Manager for Security of GoDaddy.

Included in the same report is a survey of 1,000 very small businesses, half of which confirmed that they have indeed suffered financial loss due to online hacking. One in 8 businesses says that the loss amounted to greater than US $5,000, and 3 out of 10 businesses who have fallen victim to a cyber breach said they had to inform their customers and clients.

The report identified hacking, malware infections, and phishing as the most common cyber attacks on small businesses’ websites, with SMEs composing 58% of malware attack victims.

Hackers also use “ransomware” that allows them to breach websites and hold electronic data hostage in exchange for hefty payments from small businesses.

Search engine optimization (SEO) spamming allows hackers to go into a website’s keywords and add malicious links without the knowledge of the website’s owner.

Backdoors, downtime effects

Even after compromising websites, hackers create “backdoors” that allow their re-entry into online platforms. Hackers can sometimes have access even after a file cleanup, potentially giving them total control of the website.

GoDaddy warned that the effects of these cyber attacks can go beyond downtime because companies like Google and Norton flag compromised websites as dangerous, negatively affecting online traffic and eventually making the websites invisible to internet users.

Despite these threats, the report concluded that website security is still not the top priority for small businesses – with half of the 65,000 global websites’ cleanup requests still using outdated software such as plug-ins on WordPress and other popular content management systems (CMS). Similarly, only half of the businesses surveyed use a monitoring service to stay on top of their site’s security, with most relying on an effective password strategy.

Perez reminded SMEs that while no cybersecurity measure is hacker-proof, website protection is still a worthwhile investment for small businesses.

Perez recommended included investing in a website security monitor service to keep an eye on any red flags or warning signs, deploying a website application firewall, and registering with Google’s webmaster tools that alert website owners when there is an issue with the website before negatively impacting how it shows in search results.

“Cybersecurity is not about preventing a risk. That isn’t yet possible. It’s about reducing the risk. It’s understandable that very small business operators handle a lot and it’s hard to make website security a priority. But taking modest steps can make a difference,” Perez added. – Rappler.com