Small businesses are the backbone of America and account for 99.7% of all businesses. In the US, small businesses are defined as businesses with fewer than 500 employees. Because of their size, small businesses often fall into a dangerous mentality of believing they are too small to be the target of cyber attacks and assume they do not need a cyber security plan since hackers appear to be targeting only the “big guys.” However, because more and more businesses are going online to increase their customer base, website security should no longer be ignored.
The reality is hackers don’t discriminate. Because 60% of small businesses go out of business within six months of a cyber attack, all online businesses should implement basic security measures, especially if they are handling client data. With no cyber security plan in place, it becomes an issue of “when,” not “if” a small business will be attacked. Even if a cyber attack doesn’t result in closure, if client data is comprised, a company’s reputation is tarnished. Therefore, in celebration of National Small Business Week, Cloudbric has compiled three security measures that should be a part of every small business’s cyber security plan: WAF (Web Application Firewall), DDoS protection, and SSL.
A WAF Blocks Malicious Traffic
All online businesses interact with web applications especially when an official company website acts as the main driving force for bringing in new customers. Because a WAF monitors the traffic coming in and out of a website, it ensures that only legitimate traffic is allowed while blocking malicious traffic. In this manner, a WAF prevents website defacement and prevents hackers from sniffing a company’s website for possible vulnerabilities to exploit. This is extremely important when considering the different built-ons like integrated shopping carts a company may have added to their website; a WAF protects against the vulnerabilities that developers may not have noticed or fixed. Because methods like IP blacklisting only provide partial protection against known threats, WAF services serve as a more comprehensive way of protecting websites from unknown or modified cyber attacks.
DDoS Protection Minimizes Downtime
Downtime is serious business, or in this case – loss of business. For every minute a website is down, a company loses money. In fact, research shows that downtime can cost small businesses up to $427 per minute. Besides the costs incurred with immediately mitigating DDoS attacks, small businesses often overlook the indirect costs associated with DDoS attacks. For example, there is also loss of productivity and brand repair to consider. Furthermore, even informed small businesses may take the wrong cyber security steps to prevent DDoS attacks because DDoS attacks don’t always target one vector (e.g. protocol and application layer). Methods like purchasing higher bandwidths, installing a strong router, implementing ISP-based protection or IP blacklisting only provide partial protection. The only realistic solution is investing in DDoS mitigation services, best coupled with a WAF.
SSL Instills Trust Among Visitors
When dealing with online transactions, as many online businesses do, it’s crucial that small businesses deploy SSL. As a global standard security technology, SSL guarantees a secure connection between a web browser and a web server. It reduces the risk of having sensitive information stolen by encrypting the communication rather than sending over sensitive information over in plain text, which could be intercepted by hackers. A company’s payment gateway shouldn’t be the only thing that is encrypted. An entire website that is secured with a SSL certificate instills trust among visitors. Because website visitors are concerned about their data being intercepted or misused online, SSL provides the trust and credibility they need.
With a cyber security plan intact, small businesses can save themselves from future repercussions that don’t always revolve around financial loss but other losses like customer trust and brand reputation, which cannot always be recovered with money. With only 31 percent of small businesses taking active measures to guard themselves against security breaches, the majority of small businesses are not equipped to deal with cyber attacks. Luckily, small businesses have the advantage of being small enough to educate their employees easily about the dangers of cyber attacks and the steps needed to implement the best cyber security practices in the workplace. Prevention and awareness are some of the strongest measures that small businesses can take. For more on a small businesses guide to cyber security check out these tips, which take into account other services like VPN (Virtual Private Network) and backups services.