Cybersecurity firm Symantec claims that cyberthieves have been increasingly targeting small businesses over the last four years, Fox Business News reported.
Cyber hackers view small businesses as a soft, easy mark versus big blue chip companies which have ramped up their cyber firewalls, said Sian John, a chief strategist at Symantec.
Small business cybersecurity is now a top priority of the House Committee on Small Business, which conducted hearings on the dangers of cyber-attacks on small businesses last week, Fox Business News reported.
“The owners, employees and customers of America’s 28 million small businesses need to have confidence that their data is secure,” said House Small Business Committee Chairman Steve Chabot (R-OH) in a statement.
“I think it is fair to say that confidence has been shaken in recent years with the cyber-attacks on the IRS, the State Department, OPM [Office of Personnel Management], and even the White House. Between foreign hackers from countries like China and Russia and domestic identity thieves, the federal government has a target on its back that seems to get larger by the day.”
Small businesses, especially ones using an open source platform, are particularly susceptible to hacks and breaches.
(Editor’s Note: In computing, an open platform describes a software system which is based on open standards, such as published and fully documented external application programming interfaces (API) that allow using the software to function in other ways than the original programmer intended, without requiring modification of the source code. Using these interfaces, a third party could integrate with the platform to add functionality.)
CIO.com recently offered 10 steps to protect their sites as well as any sensitive (customer) data:
- Educate employees. “The first step in protecting your data from cyber attacks is educating your employees to make sure they’re up to date on the latest methods being used by cybercriminals,” Norman Guadagno, chief evangelist, Carbonite, told CIO. “One of the best ways to do this is by creating real life scenarios to test employees’ ability to detect a phishing email or suspicious links. This will help you gain insight into common mistakes and identify areas for improvement.”
- Make sure your hosting company has your back. “Use only trusted providers for your site’s hosting,” says Troy Gill, manager, Security Research, AppRiver, which specializes in email and Web security. “For example, do they use encryption?”
- Use a secure ecommerce platform. “Use a hosted shopping cart,” says Christopher Flemming, principal, Onlinestorehelp.com.
- Deploy SSL encryption. “Ensure all transactions occurring on your website are secure with SSL/HTTPS,” says Dodi Glenn, vice president, cybersecurity, PC Pitstop.
- Make sure your ecommerce site is PCI DSS compliant.
- Utilize Web Application Firewalls (WAFs).
- Have employees regularly change their passwords. Require “admins to change their password often,” says John Arroyo, CEO, Arroyo Labs, a digital agency.
- Use multi-factor authentication. “Multi-factor authentication adds an extra layer of security to your WordPress ecommerce site, toughening it up against brute force botnet attacks and similar threats,” says Brett Dunst, vice president, Brand and Community, DreamHost.
- Keep up-to-date on security patches, especially for open source platforms (such as WordPress and Magento).
- Make sure to back up your site regularly. “Back up your data in two places,” says Matti Kon, founder & CEO, InfoTech, a software development company and systems integrator.