According to a survey conducted by insurance company Nationwide, nearly 60 percent of small businesses have been targeted in cyber attacks, but only 13 percent of them knew about it at first. It was only after they were shown information about the different types of cyber attacks, like ransomware and phishing that 58 percent recognized they were targeted.
As many smaller companies are launching ecommerce websites to sell their products and services online, cybercriminals now have a larger pool of targets to attack. Unlike large corporations with dedicated IT security teams, smaller companies are often less protected against security threats.
What Cyber attackers Are After
Many cybercriminals are attacking small companies to gain data that they can exploit for criminal purposes. Credit card information is highly sought after by hackers, but it’s not the only thing they’re interested in obtaining.
Personal information belonging to customers or employees, such as their names, addresses and Social Security numbers is often stolen by attackers once they gain access to a company’s systems. This information can be used to commit various forms of identity theft. Criminals can use it to impersonate someone and fraudulently obtain loans or credit cards under their name. There have even been a few cases where criminals have used stolen personal information to obtain identity documents under the victim’s name. The documents were then used to open bank accounts for the purposes of laundering proceeds of crime, fraudulently applying for government benefits or obtaining employment.
Some hackers who get their hands on sensitive information use it themselves or sell it to other criminals specializing in various forms of fraud. But many cybercriminals, especially those based outside of the US, simply sell the compromised information on various darknet marketplaces. These underground websites make it very easy for them to find buyers who can use the stolen personal information and receive immediate payment in anonymous cryptocurrencies like Bitcoin.
What Businesses Can Do to Stay Safe
Companies that sell their products on the Internet should take steps to make their website as secure as possible. One of the best ways to accomplish this is by ensuring that the software powering their online store is kept updated with all the latest security patches. This is extremely important, as new vulnerabilities and exploits are regularly discovered, even in the best software.
The good news is that systems like the popular Magento online store platform are maintained by a worldwide team of professionals and volunteers who quickly release updates or patches whenever a potential security concern is discovered.
All of the common website platforms, like WordPress and Drupal, as well as their shopping cart extensions, come with built-in security features which can be enhanced by adding some optional plugins. For example, there are several third-party WooCommerce extensions that can detect and block intrusion attempts, enable two-factor authentication for the store’s back end and automatically backup the store’s data.
In addition to securing their websites, companies should take measures to keep their PCs and mobile devices safe. Automatic security updates for operating system software and browsers should be enabled to protect local systems from new vulnerabilities. Cybersecurity experts also recommend that small businesses install firewall and antivirus software on their devices. These security tools can keep a company safe by blocking access to known phishing websites, preventing malware infections and stopping intrusion attempts by hackers.