Half of all the small businesses with five or fewer employees examined in a recent report by GoDaddy have suffered a financial loss due to website hacking, and for one in eight, that loss was more than $5,000.
Small business owners are being specifically targeted by hackers, and most don’t even realize how much danger they’re in, according to the report. When these invasions occur, it’s not enough to just clean up the compromised files and move on, since hackers regularly create backdoors and secretly re-enter in the future.
With limited knowledge of website security practices and minimal budgets to pay outside firms for support, small- and mid-size businesses are in a particularly vulnerable position when it comes to cyber attacks. One in five SMBs faced a ransomware threat in the last year. In addition to the money that’s spent recovering their websites from hackers and implanting stricter security protocols, business owners also suffer from reputation damage when their websites get hacked.
“The landscape of hackers has changed. Small businesses assume that in order to be attacked, they need to be a target. That’s not the case. Systems are now completely automated and are constantly crawling the internet, looking for victims. Think of it as a robber going through a mall parking lot looking for unlocked cars. He’s not targeting anyone. He’s playing a numbers game and knows that someone will eventually be vulnerable,” explains Tony Perez, general manager and vice president of GoDaddy’s security product group.
Looking at the results of GoDaddy’s research and analysis of more than 65,000 infected website cleanup requests, Perez was struck by how lax some business owners are in their security efforts, failing to grasp the full ramifications of having a compromised website.
“Only half of the businesses surveyed use a cyber security monitoring service,” Perez says. “When a small business’ online identity is compromised, it can be really difficult for them to recover the trust that they lose with their customers. For example, 60% of hacked small businesses go out of business within six months due to the overwhelming costs associated with cleaning up their systems.”
While website hacking is hardly new, there is a growing sense of urgency due to how frequently small businesses are experiencing malware and ransomware attacks. The typical advice from law enforcement is to pay the hackers, but getting a website back online is only half the battle. Getting flagged for having malware essentially shuts down the business’ website, which could lead to a sharp drop in sales. Not getting flagged, meanwhile, leads to even more vulnerability from bad actors.
GoDaddy found that in 90% of cases, an infected website was not flagged for malware, meaning the business owner could be continually targeted without his or her knowledge.
“Most small business operators have limited time and knowledge to properly secure their site. Additionally, budgets are usually extremely limited, so they are unable to hire the expert they need,” Perez says. “We found that many business owners are performing the minimum requirements to secure their website, such as only using an effective password strategy. While this is a good first step, leaving out-of-date applications on a website leads to compromises, regardless of how complex the password is.”
GoDaddy offers a number of products to help protect small business owners from hacking, but Perez says it really comes down to knowledge and awareness that these potential dangers are out there. Business owners aren’t interested in protecting themselves from dangers they don’t know exist, and because so much of the hacking world happens in the shadows, this isn’t a risk that’s on most people’s radars.
“Business owners need to gain a better understanding of how important it is for them to protect their websites. Online identity is such a large factor in the success of their business, so it’s really important to protect it just as much as any of their other business commodities like their bank accounts or customer files,” Perez says. “Backing up their website isn’t a luxury—it’s a necessity.”
Stephanie Miles is a senior editor at Street Fight.