If you’re the owner of a small business, you may think that you’re pretty safe from cyber security threats; hackers go after the big guys, right? In fact, in 2015, 74% of SME’s suffered a security breach, according to the HM Government 2015 Information Security Breaches Survey. SME’s tend to be less prepared for attack than large companies – here is how you can protect your business.
We’re going to take a look at how and why hackers set about targeting SMEs. We’re also going to examine what the specific issues are with a CMS like WordPress and how a company like Blue Llama can help you achieve a website that is both powerful and secure.
Why do hackers target SMEs?
If you’re an SME owner in the Channel Islands you may not realise the issue with cyber security, but in truth there’s a huge cyber threat to SMEs globally. There are several reasons why hacker interest in SMEs is so high, and continues to rise.
Stealing Your Valuable Data
If you think about it, you can understand just how valuable the information held by SMEs can be. This information can include customer email lists, staff databases and potentially, individual client information including passport and credit card details (although we’d never recommend that ourselves!). All of this information is valuable to hackers. Once they gain access to the data, they will sell it to third parties or target bank accounts and make illegal purchases.
The Channel Islands are viewed by many as tax havens, and with mounting discontent in relation to tax avoidance, the websites of Jersey and Guernsey financial service companies are at risk. The Panama Papers leak is suspected to have occurred through un-patched WordPress and Drupal websites, in turn providing the access details to the company’s email server. This stuff is not rocket science and it is likely that local companies have the same vulnerabilities as Mossack Fonseca.
Inserting Malware into your Site
Hackers can insert code into your site that will attempt to capture the personal data of visitors. These pages may not even be visible to someone casually browsing your website, but are hidden and only made available through links in phishing emails purporting to be from companies like HSBC, Apple or Facebook.
When a recipient clicks on the link they open a page hosted on your website that looks like an official request for their password to be reset or payment to be taken, but the password or card details are entered they are captured by the hackers for criminal use.
Defacing a website can be an easy method to get across a political message or anger towards a group or company. Again Jersey and Guernsey Financial Service companies may well be in the firing line for such attacks owing to their perceived status as tax vehicles for the wealthy. If a client visits your website and sees a message left by a hacker then you can imagine the damage that can do.
Your website allows you to send emails from a company email address. Code can be manipulated and inserted into your CMS to send out mass spam emails. Hackers can send thousands of emails to your clients for their own commercial, or more likely, phishing purposes. Such emails can request personal data, with hackers hoping that your clients will consider it a normal request based on your commercial relationships. Such attacks can destroy customer confidence in your company and get all the email addresses for your domain blacklisted making it difficult for you to send outgoing email.
If a hacker gains access to the website of an SME they can insert code that is difficult for the SME to remove, and compromises their entire operation. They can then blackmail you into paying them to return your site to it’s normal state. This happened in January to local business in Jersey, but the company decided not report anything to the Police as they saw it as a weakness and felt their clients would not respond favourably.
A similar attack happened to Blackburn based car hire firm MNH Platinum, in 2015. The systems of the business were held to ransom by hackers and the business ended up parting with £3,000 to get its computer files decrypted by the hackers. This may not seem like a huge amount of money from a criminal point of view, but it is a cost that your business should not have to pay.
The Scariest Part? …All of this hacking is automated!
The vulnerabilities that can lead to these types of attacks are well-known to hackers and publicised through hacker forums. The hackers write bots (automated 24/7 scripts) to sweep the Internet and locate websites with a particular weakness. Once a insecure site is found, more code is run to exploit the vulnerability and insert the malicious code required to commit the required crime. Any and all businesses are at risk, especially those without the resources to store data securely and monitor suspicious activity.
Bots don’t search for specific businesses; they search for weaknesses. Realise this and you can begin to see how vulnerable your business may be.
The Importance of Educating Yourself about Your Site’s Security
If there are weaknesses in your site, the chances of it being identified and exploited at some point, are uncomfortably high. With 74% of SMEs in the UK having been attacked, your business is either one of them, or is likely to be targeted soon. If you are an SME managing your own CMS, you need to ensure you educate yourself in how to update the software underpinning your website, so that your business data is as secure as possible.
The Benefits of Professional Website Security
One of the best ways to ensure that your business remains secure is to employ the help of cyber security experts. Blue Llama is a web design company with years of experience in creating secure websites for SMEs. We offer a maintenance and support contract to all our clients where we take responsibility for updating the WordPress software and any plug-ins that underpin your website. Our web servers are security hardened and all the necessary software patches are applied as soon as they are released. In addition our servers have the latest firewall security, virus scanning and intrusion detection. All new sites have the additional security of the Cloudflare web application firewall.
Employing a professional company to help maintain the security of your systems means that you have more time to concentrate on the day to day running of your business. You can step away from the responsibility of cyber security whilst remaining secure in the knowledge that your site security is adequately maintained.
Contact Phil at Blue Llama for more information on keeping your website safe.