Is My Business Website at Risk of Being Hacked?

James Chiodo, Certified Information Privacy Professional CIPP/US

In short, the answer is yes. Businesses large and small provide benefits to hackers when security is breached. Whether they steal your company’s money, or they get a list of customer credit card information, hackers stand to gain a lot from these attacks, and so they are not likely to stop any time soon.

The fact is that many of these “hackers” aren’t even really hackers. It’s so easy to acquire software for hacking that needs little to know technical experience; there may be more armchair hackers than pros out there looking to scam your business.

How likely is it for your small business to become a victim? What will hackers do with your website? Could the security breach come back on you? How can you avoid a breach? Here is a small-business owner’s guide to the world of hackers. You need to understand the dangers to appreciate the importance of following through on safety precautions.

What are the chances of my small business website being hacked?

In the past year, we’ve seen hackers go after some major companies like Target and Home Depot. Does that mean small businesses are safe? To the contrary, according to one study, more than 85% of small businesses suffered some sort of security breach during the last calendar year. Some small businesses experience attacks on almost a month to month basis, and another study revealed that around 20% lose money as a result.

Approximately 3 out of 5 business that suffer from this sort of financial attack go under. The truth of the matter is that small business suffer because owners think, “It will never happen to me.” Whether it’s hubris or the exact opposite, thinking that they have nothing worth stealing, the results are the same – disaster.

The fact is that while small businesses may not provide multimillion dollar windfalls for hackers, they may have thousands or even tens or hundreds of thousands of dollars of business capital, and they have far less security for hackers to get around. It’s tough to hack a major corporation and get away with it. Most small businesses can neither protect themselves nor go after a hacker who stole from them. Why take the risk of going after one big fish when you can poach a different small one each month with barely any risk at all?

Plus, more and more small businesses are now equipped to take credit cards. That means a hacker can still score pretty big in the credit theft department by stealing data off your SMB’s card swiping device. As much as credit-card companies, banks, and web hosting services are trying to do in order to protect their clients, hackers always seem to be a step ahead.

What is done with my website when it is hacked?

There are many different things a hacker can use a security breach to do. They could use your website for spamming people with junk emails. They may also alter the website to defame your company or promote their own agenda. The website can be altered so that any visitors have malware (malicious software) automatically downloaded to their machine.

This malware may be how hackers make their money, stealing info off the computers of your viewers. They may use your website to forward traffic somewhere else to scam money from advertisers who pay by the view. The site may also be used to steal passwords that are saved on the device that people surf to your webpage on which is a process referred to as phishing.

In the worst-case scenarios, hackers go after bank accounts. Since most money is just a digital number stored on a computer somewhere, it takes a surprisingly small amount of information about you and your company to make a transfer. Imagine the disaster of waking up one day to $0 balance in the business account with absolutely no recourse for going after whoever did it.

What are the possible repercussions of my website being hacked?

As you can see, the things that hackers can do with your website, even if they don’t take any money from you, can still cause serious issues for your business. A business reputation can be ruined if it is revealed that their site is downloading harmful software to people who surf there innocently, or if it is resulting in stolen passwords or unwanted site redirects. For a small business, this sort of bad exposure can spell doom.

Unfortunately, a string of large retail companies being hacked has caused a public frenzy over the dangers of using a credit card at any store. That means that if your little business has a problem, it’s a much larger problem scale wise than what big corporations have to deal with. Target can handle losing a percent of customers over a hack scandal. Most small businesses cannot.

What are the best ways to prevent my website from being hacked?

First of all, knowledge is power. Educate yourself on how scammers are conning small businesses. Then educate your employees. Make sure they know not to visit seedy websites or click on questionable links in emails – at least not from a work device. Make sure everyone uses a strong password by enforcing rules for password creation. Keep your OS and software up-to-date on every device, since companies provide security updates for known hacks.

While it may save money to let all of your employees use their own devices instead of supply work computers, tablet, and phones, it also means that you don’t have complete control over what they do with the devices on their own time, which could easily lead to a breach. Another important thing on the checklist is to make sure that your site host auto updates, or that you regularly check to make sure that you are running the latest version. Many breaches are not the fault of the business owner or an IT staff, however negligence can lead to disaster.

Also, be careful about who you trust. Whether it be a shady delivery person, or a phone call asking for simple information. The next time you log into your online bank account, you may be in for a surprise if you don’t look at everyone with a skeptical eye. Your thief could even be right there under your nose. Employees have the best access for installing software that can steal bank account info or credit card data. Vet you employees well, and keep them happy so that they aren’t tempted to resort to foul play.

Finally, call in someone who really knows what they are doing to audit your systems and find weaknesses that hackers can exploit. It’s a lot cheaper than having an actual breach. Then be sure to follow up on the suggested adjustments to company protocol in a timely fashion.

In the end, there may be nothing that you can do to prevent a security breach, but don’t fall prey to hackers because of thinking that they would never notice your small business. Take the necessary precautions now so you can have some peace of mind.

New California & Nevada Privacy Laws Affect Website and Mobile App Owners ➞ Read More