A majority of small business owners are not concerned about the security of their websites, but should be. According to a recent survey by Newtek Business Service, The Small Business Authority, 86 percent of independent business owners feel their current website is secure. Also among the 2700 respondents, 41 percent consider their websites the prime revenue driver of their business.
However, data suggests small business owners need to be more vigilant in protecting their data. Earlier this year, Symantec in its Internet Security Threat Report indicated that 2012 saw a 42 percent rise in cyber-attacks compared to 2011. Small business represented 31 percent of the attacks – a 72 percent increase from the year before.
In explaining the rise in attacks, Symantec said that small businesses are not only attractive targets themselves; they serve as a way to reach larger companies via ‘watering hole’ techniques. Watering hole attacks occur when a cybe-rcriminal infects a highly visited site with malware in order to infect the computers of people who visit the site. In this way, small business can serve as the springboard for hackers to infiltrate larger organizations.
To protect your website, Dark Reading recently offered “4 Steps For More Secure Small Business Websites.” Among the recommendations: use strong passwords to protect administrative access; once you properly configure your website regularly patch and update it; check with the registrars of your domain about the security precautions they provide; and consider using a third party provider to configure, update and backup your web server.
More data security tips
With the risks of cyber security even greater than before since company – and customer – data is being accessed via mobile devices, you need to review your small business cyber-security strategy. Your plan should include the following six steps:
Train staff: Whether or not you have a formal Bring Your Own Device (BYOD) strategy, the fact is many employees are accessing company data on their own devices in and out of the office. Review your cyber-security policy with your team to make sure they understand what they need to do to ensure data is protected. Among your policies, instruct your team about the use of public Wi-Fi networks — proprietary company data should never be accessed over public Wi-Fi. Other guidelines should include how often to reset password, install security apps and encrypt data. Also make sure employees understand the risk posed by email attachments, websites that require providing sensitive information and downloading software from the Internet.
Update antivirus software: Keep your security software up to date and make sure to update your operating system with the latest security updates. After you’ve updated your system, always run a security scan.
Install firewalls: Firewalls, which can be standalone hardware typically found in routers, or software installed on each computer, prevent outside intruders from accessing the data on your network. If employees work at home or at another site, make sure their computers have firewalls installed.
Backup data:– Regularly backup all your small business data, including word processing documents, databases, financial information and more at least once a week. You can choose to store copies of your data securely in the cloud or in secure offsite locations.
Control computer access: Prevent access to your small business computers by creating user accounts for employees and setting strong passwords. Also employees should only have access to data that is relevant to their jobs within the organization.
Secure wireless network: If your small business has a wireless network make sure it is secure and encrypted. Password protect the router.
Are you confident that your website is secure?