There is a common paradox among small business owners who run their own websites: They rarely prioritize investing in online security measures in order to reduce cost, but belatedly realize, once they are hacked, that they could have saved a lot more by making such investment in the first place.
That’s according to GoDaddy, the world’s largest domain name registrar and cloud platform dedicated to small, independent business ventures, which recently released the results of its Small Business Website Security Report.
The company commissioned research and analysis of over 65,000 infected website cleanup requests from small business customers from across the globe.
They also did a survey of 1,000 very small businesses (between one and five employees) from the United States on their experience and perspective on cybersecurity.
According to the report, small business owners, because of limited knowledge of online security along with minimal budgets, place protection of their business websites low on their list of priorities.
Of the 65,000 global website cleanup requests, half involved outdated software on the most commonly used platform and tools, including plug-ins on WordPress and other popular content management systems.
What these entrepreneurs don’t know is that by doing this, they are actually putting themselves in a position for future financial loss, says Tony Perez, GoDaddy general manager for security.
According to the report, of the 1,000 very small businesses surveyed, nearly half reported suffering financial loss due to hacking.
Virus and malware infections, the most common security threats, can cause more than just downtime; a red flag by Google or Norton can reduce site traffic, effectively making it “invisible” online. Worse, when a website is blacklisted because of such security breaches, it could be shut down altogether, adds Perez.
The report also notes that phishing attacks and SEO spam—wherein a hacker embeds malicious links in a websites keywords—are also common among small business websites.
And while one can clean up infected files, there are still the “back doors” to worry about—mechanisms installed by hackers which can allow them to reenter a site once it’s cleaned up.
“A small business in the Philippines, Hong Kong, or Singapore is using the same tools as what we are using in the US or Latin America. The attacks are exactly the same regardless of what market they are in,” says Perez.
The best weapon against an online attack, as recommended by GoDaddy, is a website security monitor service, which will allow business owners to keep an eye on red flags 24/7, deploy a website application firewall, and register with Google’s webmaster tools which alerts one when there is an issue with the website before negatively impacting how it shows in search results.
Unfortunately, according to the report, only half of the businesses surveyed use such service; almost 70 percent rely only on an effective password strategy.
“Cybersecurity is not about preventing a risk. That isn’t yet possible. It’s about reducing the risk. It’s understandable that very small business operators handle a lot and it’s hard to make website security a priority. But taking even modest steps can make a difference,” says Perez.
Adds Roger Chen, GoDaddy senior vice president for Asia-Pacific: “We are committed to helping small businesses and entrepreneurs create and grow their online presence. That’s why GoDaddy offers easy-to-use and affordable online tools to help make their websites more secure, and fit into their budget. In the Philippines, we also have a 24/7 customer care support available to work with website owners to help reduce the risk of cybersecurity impacts on their websites.”