Is your small business at risk from a cyber-attack?

SecureCategory
7 min read
Emma Wardill

From multinational hacking events to the 5G upgrade scam, new cyber security threats seem to be emerging at an alarming rate.

Small businesses can be particularly vulnerable to online security risks and the impacts can be devastating.

Not only can a cyber threat cost your business money and time, it can also risk exposing your customers too, particularly if you collect and store their personal data.

However, you don’t need to be an IT security expert to take steps to protect yourself and your business from bad actors online.

In light of recent hacking incidents, it’s a good time to check if there are any security steps you can take to help keep you and your customers safe.

How do I know if my business is at risk?

In 2021, India's cybercrime increased by over 5% from 2020 (this represents a 15% increase from 2019).

Fraud was the motive in nearly 61% (32,230) of India's cybercrime cases in 2021.

So, it’s safe to assume that a threat exists for all businesses, particularly businesses:

  • With eCommerce websites that handle customer credit card details and logins
  • That store any kind of personally identifiable customer data

Business email compromise is also a significant threat.

Man looking at stock returns on a laptop

With the rate of cybercrime growing and the significant financial risk attached, it makes sense to take steps to protect yourself — even if you don’t think it can happen to you.

What are the risks?

Understanding where the potential cyber threats come from is the first step in knowing how to protect yourself.

There are a number of ways malicious actors can execute a cyber-attack. Here are the most common.

Malware (malicious software) – unauthorised software like a virus that can give criminals access to your systems to steal important information like credit card details and passwords.

Malware can sneak in and allow a criminal to take control of your computer or to spy on it, often without you even knowing about it.

Scam messages (phishing) – these are emails, social media messages, texts or calls designed to trick you or your employee into handing over money or data.

Recent examples have included the 5G upgrade scam, where criminals pretend to be customer care representatives from telecom providers in order to gain access to individuals' private details.

Other phishing scams include criminals pretending to be from a bank and requesting personal or account details.

Ransomware – a form of malicious software that locks your computer or prevents access to files until you pay a ransom fee. Earlier this year, Costa Rica declared a national emergency after a ransomware attack breached the government.

So, what can I do to protect my business?

With multinationals and even governments coming under threat from hackers, the task of protecting your small business systems might seem daunting.

However, there are some basic steps you can take right now to make yourself and your small business safer online.

1. Keep your software up to date

Ensuring you perform scheduled software updates for programs, apps and operating systems right away can reduce the risk of a cybercriminal exploiting weaknesses to launch a hack attack.

Turning on automatic updates is the easiest way to ensure you don’t forget.

2. Change your password every three months

Regularly changing your passwords — and making sure your employees do it, too — is one way to ensure you can thwart cyber criminals who, for example, may have accessed your password in a data leak.

Here are some tips on how to create a strong password and remember it. For those with too many passwords to remember, use one of the password managers on this list.

3. Use multi-factor authentication (MFA)

MFA usually means using a combination of a password or pin plus an authenticator app or token or biometric information like a face scan.

Having multiple layers of security protecting your information makes it much harder for cyber criminals to penetrate your accounts.

You can read more here about multi-factor authentication for small business.

4. Schedule automatic backups

Making a digital copy of your website and databases is important in the event your data is lost or stolen. Having a backup of your business’s key data stored on an external hard drive or in the cloud can help your business to recover quicker in the event of a cyber-attack.

Editor’s note: Website Security is a one-stop website safety net that includes automatic daily backups, an SSL, malware scanning, as well as a firewall that turns away suspicious traffic before it even gets into your site.

GoDaddy Website Security Dashboard
Website Security from GoDaddy can help keep your website safe.

5. Get an SSL certificate

An SSL certificate is a form of digital certification that creates an encrypted link between your customer’s web browser and your web server.

SSLs create a digital safe space where sensitive information like passwords, banking details and usernames can be safely shared.

It’s a great first step in protecting your e-commerce website and giving customers confidence to shop with you. They even offer SEO benefits for your website to help it get found in search. Conversely, not having an SSL could get your website labeled “Not Secure” in Google results.

Find out more about SSL certificates and how to get one here.

6. Manage your access control

Making sure you carefully control who can access your business data is another good step to improve your cyber safety. Access control can limit access to items like files and folders, databases and mailboxes so only those employees that require access can get in.

Business critical systems should be locked down to only those trusted few who absolutely need access.

This includes your customer relationship management system, as this is a goldmine for hackers.

7. Get a firewall

A firewall checks all data requests from your server and reviews them before allowing them into your website.

Installing a firewall is particularly important if you have employees working remotely.

The firewall included with GoDaddy’s website security tool acts as a security door protecting your business website.

Read more about how to keep hackers away from your business systems and IT intranet with a network firewall.

8. Scan your website for attacks

Installing a security system that scans your website for malware can help find any malicious software before it causes damage. A malware scanner that checks your website regularly will ensure you are alerted if malware is found.

Find out more about how GoDaddy’s site security tool scans and removes malware here.

9. Secure your email accounts

Email accounts are a rich bounty of information for cyber criminals as they contain so much of our information — from contact numbers to travel plans and events.

Using a spam filter and checking your email account security are a great first step.

You can find instructions on how to set spam filters for Outlook here and Gmail here. If you use GoDaddy's Professional Email, you can check security settings by clicking Secure your account from the dashboard.

10. Talk to your employees about cyber safety

Ensure your employees know how to:

  • Take steps to protect themselves from potential threatsWoman talking to two people
  • Identify a dodgy email, invoice or social DM

There are plenty of online resources available to help you educate yourself and your staff.

Check out this PDF provided by the Indian Cybercrime Coordination Centre and this video showing 10 tips to safely shop online.

The information contained in this blog post is provided for informational purposes only and should not be construed as an endorsement or advice from GoDaddy on any subject matter.