Posted on Nov 12, 2018

6 Online Security Risks Your Small Business Needs to Be Aware of During the Holidays

According to recent reports, last year there were 1,579 publicly disclosed data breaches and nearly 2 million compromised records containing personal and other sensitive data, costing businesses an average of $3.62 million in damages.

Small businesses make up 99.9% of all businesses inside the United States, but many still don’t believe that they’re at risk for being hacked. This despite recent research showing that 47% of small businesses reported that they had one attack in 2017, and 44% said they had two to four attacks. What’s more, 60% of small businesses go out of business within six months after they’ve experienced a cyber-attack.  

Hackers and cybercriminals are very active during the holidays too, when many shoppers go online to buy gifts. Many customers who place orders on your e-commerce website or visit your new small business website to learn more about your products and services could be at risk— and so could your entire business—if you aren’t aware of the six online security risks below.  

1. Crypto-mining

Cybercriminals have learned how to infiltrate computer systems and web browsers that mine or use cryptocurrencies. Perhaps surprisingly, crypto-mining (also known as “coin mining”) isn’t even illegal. Many people are now choosing to run files or scripts on their computers to carry out coin mining in order to be more selective about the content they view, avoid watching ads, and the like. But cybercriminals secretly install crypto-miners on victims’ computers or Internet of Things (IoT) devices without their knowledge. And according to Symantec, coin-mining cyber attacks increased 34,000% in the last quarter of 2017; this will likely continue to increase in the last quarter (during the holiday season) of 2018 as well. Read more about crypto-mining and how it might affect your small business during the holidays in their most recent Internet Security Threat Report.

2. Malware and Ransomware

Malware is software that’s intended to disable or damage computers, computer systems, servers, and networks. Ransomware is a type of malicious software from crypto virology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. And according to Symantec, cybercriminals are getting cleverer with the type of malware and ransomware they use and how they deploy it. There was a 92% increase in new malware download variants and a 46% increase in new ransomware download variants in 2017.

As a small business owner, it’s important to know that most malware attacks are highly targeted. Yet thousands of businesses worldwide still experience them each year. More importantly, millions of their customers are targeted too, via unsecure and vulnerable business and marketing emails, apps, cloud-based systems and databases, websites, and other online content. It’s further important to note that nearly 77% of all malware and ransomware attacks are now file-less, which means that they don’t necessarily need to be downloaded by the victim in order to do harm.

You are far less at risk for experiencing malware-related attacks if your small business website has a reliable security scanner enabled. Read Three Common Cybersecurity Threats Small Businesses Should Be Worried About by SiteLock for even more details.

3. Lasting Data Breaches

According to a recent Verizon report, 58% of all cyber-attacks target small businesses. This is likely because larger organizations make online security a top priority; they seek out the resources they need to keep their databases and customer information secure. Small businesses don’t always make this a top priority. Additionally, 48% of the data breaches that occurred last year featured some form of hacking, where cybercriminals attempted to infiltrate databases and cloud-based systems containing sensitive data and information.

Cybercriminals hack small businesses’ databases because it’s easier to do and because it can take those businesses up to 191 days to even discover that they’ve been hacked. Thus, hackers are rewarded with more and longer-lasting results.

4. Employees and Customers Using Unsecure Networks and Company Apps

Hackers and cybercriminals love public networks (those usually found in coffee shops, libraries, or other public spaces) because they don’t have much or any type of substantial network security. And throughout the holidays, a lot of your employees might decide to work remotely more often, which means they’ll most likely be using public networks as they access your company’s website, cloud-based systems, etc. This will leave your company at risk unless you train employees how to safely access networks and your company’s information and systems, and/or install security software on their mobile devices.   

In addition, employees and customers alike will use their mobile devices to access your company’s apps and website to make purchases or download and access information. Symantec reported that nearly 24,000 malicious mobile apps are blocked every day and that mobile malware variants increased by 54% last year. So, make sure your mobile-ready website is secure and that your apps have substantial security, especially during the holidays.

5. Lost and Stolen Devices

A lot of cyber criminals get the data and information they want from a small business because they steal an employee’s device or because an employee’s device—even one not issued by a company—was accidentally left somewhere unmonitored. Cybercriminals can also gain company information from stolen or lost USB drives and smartphones. And they can steal information by hacking a device that’s left on and unmonitored when the owner steps away from it. Make sure your employees are well-versed in how they can keep their devices password-protected and constantly monitored, and how they can prevent their devices from being stolen or otherwise compromised.

6. Failing to Keep Your Website Backed Up and Up-to-Date

Routinely scheduled website backups are critical to warding off virtual disasters for small businesses, especially during the holidays. They help mitigate the risk that your website or e-commerce site can be compromised, hacked, or otherwise damaged. Nowadays it may not be a matter of if you will or will not get hacked, but when. Cybercriminals are getting more sophisticated with their methods and approaches every day.

Keeping your website and cloud-based systems and databases backed up will help you ward off threats, or at the very least let you know when an attack is happening so you can stop it as soon as possible. Read The Importance of Website Backups for about why you will want to rely on a web hosting service that offers backup solutions.

If you’re a small business owner, be sure to keep these six online security risks in mind as you conduct online business this holiday season. It will be much easier for you to protect your company against online security threats and keep your customers happy and confident in your online presence in the long-term.