Hacktivism is a newer type of activism on the Internet. Many online banks, large cooperations, and government services have had to defend themselves against online attacks. Attacks can be done in many ways, such as via DDoS, viruses, phishing, spoofing, malware etc. Most corporate websites are faced with taking the brunt of these attacks but still, hackers attack small businesses because they are an easier target.
Hackers don’t always try to break into the most well-defended websites. Hackers look for weaker defenses quite often. They deceive and trick others into providing confidential information. This, in turn, leads to financial losses or identity theft.
It is easier for a hacker or malware to infiltrate a smaller online business since they have fewer resources and finances to protect their data. This definitely also applies to DDoS attacks which simply involves bombarding a website with a flood of requests like simple page loads. The dedicated server ends up not able to handle all these requests. At best, it slows down the server to a crawl. At worst, stops the server from responding and loading websites at all.
Statistics Show Increased Hacks
Hackers (mostly from Eastern Europe) attack small businesses and have been attacking many smaller e-commerce sites for years. Even though it means less prestige, they persist. They can still steal vital information, stop a site from loading (and asking for money to stop), or simply causing a nightmare via malware and viruses. According to Verizon Business, over 80% of incidents reported via their study were hacking related and nearly 70% were via malware and has increased exponentially over the years. Hackers attack small businesses because as mentioned earlier, the defenses against cyber attacks are weaker. This is due to limited resources, finances, and technical knowledge to stop it.
Target selection by these hackers does not always follow any logical explanation. Nor what websites that have valuable information or money to steal should be on the lookout for. It is certainly a scary thought not knowing what your enemies out there are planning to do. Not knowing if you will be attacked next and being unable to predict a hacker’s behavior is a major concern.
What three main steps a small online business can take.
There are basic security “best practices”, software solutions and hardware solutions. The two latter solutions have their advantages and disadvantages.
Best Practices
It is vital to use strong passwords that are not easy to guess. This should involve numbers, letters, and unusual characters but also make sure these passwords are changed on a regular basis. Some online credit card processors, for example, will force password changes to ensure password security.
Hackers can intercept confidential emails. Emails therefor should not contain confidential information.
Arrange with your bank or credit union what would be considered unusual or odd transaction behavior. Is it possible to stop transactions automatically? Will they contact you? Or will they simply block the transaction? This can usually be the case in foreign transactions for example.
Verified by Visa. as another added level of protection offered by Visa which involves using a password for all online payments. More information regarding Verified by Visa in this article.
Software Solutions
These security measures are usually cheaper than the hardware alternatives but can in a few cases not be as efficient or able to provide the same protection as hardware.
A simple and low cost or even free firewall can help significantly in protecting your website from intrusions. A firewall adds another strong barrier to stop unwanted access to a server or website.
Various security software (for Linux/Unix OS’s) such as AIDE (Advanced Intrusion Detection Environment), ClamAV(virus scanner), (BFD) Brute Force Detection etc. can help secure your dedicated server hosting environment significantly and provide daily reports of any suspicious behavior to your server. Your tech support provided by your dedicated server provider should be able to interpret any warnings or points of interest or causes for concern and address them immediately. VIPRE anti-virus is a good solution for Windows OS dedicated servers. SiteLock is also a good solution for website scanning that works on both Linux and Windows OS.
Software should not be a defense towards DDoS attacks.
Hardware Solutions
Hardware is best for DDoS defense. DDoS hardware detects and thwarts DDoS attacks targeting your server after learning traffic patterns to and from the dedicated server. This is an unfortunate but common attack which simply floods the server with too many requests at one time and cannot handle the load.
Hardware firewalls are also able to free up server resources and block attacks more efficiently than software firewalls.
Remote servers are another good line of defense for server backups. These backups are protected by a strong password (that changes on a regular basis) and can at least in the event of a data breach have data retrieved. This would not work for personally identifiable data, such as credit card info, user logins, account information etc. Once that data has been breached the only safe course of action is resetting those accounts and informing clients of possible stolen identity.
A lot of software can work with hardware. For example, DDoS hardware can most definitely work alongside antivirus and software firewalls. Don’t use hardware and software firewalls. Leave either software or hardware to do the same thing, not both.
Poor Defended Sites Means Easy Access
Hackers attack small businesses, still. According to Verizon Business reports, over 50% of data theft was tied to hacktivist groups and came from outside sources as opposed to internal employees or business partners. Hackers most often attacked unprepared and poorly defended sites. This created an easy opportunity for successful attack.
One strategy to try and prevent potential attacks is to use “badges” or “seals” provided by security firms. Any website can clearly show these “seals” indicating security and defenses are in place. Best to have a hacker not try at all than to see if it’s possible. Firewalls can also play a vital role in this along with other security measures. Very weak security measures were increasingly the result of most all security breaches. This is actually quite easy to avoid.
Hackers attack small businesses on a daily basis. Malware and hacking have only increased on websites. Don’t make your small online business an easy target. Your goal is to make any attacks or data breach attempts as difficult as possible 24 hours a day, 7 days per week.