By Michael Fowler, President of Partners and Channels, Sectigo
When cybercriminals attack, they aren’t just targeting large corporations. In fact, according to the most recent Verizon Data Breach Investigations Report (DBIR), 43% of cyberattacks target small businesses—a stat that might surprise many business owners. That same report indicated that just 14% of small businesses are adequately prepared to protect themselves from those attacks, shining a light on the growing need for cybersecurity within these organizations.
While small business data breaches may not dominate the headlines the way a major financial institution being hacked likely would, the average total cost of a data breach is now $3.92 million—a number that rises to $8.19 million when limited to US breaches. And while large corporations may be able to weather that damage comfortably, it’s an amount likely to sink many smaller companies.
As the volume of attacks targeting small businesses continues to rise, these businesses must not only understand the array of website security tools needed to protect and back up their sites, but also learn to use those tools more effectively. Small businesses seeking to protect themselves against today’s most dangerous threats should ensure that they have the following five key cybersecurity capabilities.
The Five Essential Cybersecurity Capabilities
- TLS/SSL Certificates. “Identity” is a critically important concept—especially online. Customers arriving at a small business website need to have confidence that they are in the right place. Web certificates (visible as a padlock in browsers) serve to indicate to customers that the site they are visiting is secure and that information they enter—personal, financial, or otherwise—is being shared with an authentic/verified business rather than a fraudulent site.
In the past, some small businesses have resisted SSL certificates because of the hassle to maintain them—after all, we’ve seen what can happen when certificates lapse. Fortunately, that is no longer the case. The rise of automation has made it considerably easier to issue, renew, and maintain web certificates, meaning that small businesses can enjoy the benefits of identity security with minimal management.
- Malware and Vulnerability Detection. “Detection” means more than just alerting you when something has already gone wrong. Small business owners must be vigilant for potential website vulnerabilities and address them before they can impact their businesses. Search engines will blacklist a website with known vulnerabilities, making it critical for website owners to be proactive about detecting potential issues.
It’s also important to be aware of potential vulnerabilities with your site’s various components. For instance, your website’s content management system (CMS) or e-commerce platform may have known vulnerabilities that require steps to address. There are simple security products available today that can help monitor your website and alert you to these potential issues.
- Remediation. Once a threat has been detected, the next step is remediation—removing the threat from the system. When exploring website security technology, identifying a product with the right remediation capabilities for your site is important. Look for something capable of removing active infections from your website files, MySQL database, and other important components of your website.
It’s also important that remediation is completed without disrupting functionality. You don’t want your website being taken down for maintenance every time a potential threat is detected. Fortunately, today’s remediation products are generally mindful of this essential continuity.
- Patching. Once a threat has been detected and successfully eradicated, it’s time to make sure that you eliminate the vulnerability that allowed the malware into your system. Installing technology that proactively patches known vulnerabilities before they can be exploited by cybercriminals minimizes the amount of time attackers can potentially exploit vulnerabilities. Having web security tools in place that can automatically scan for new patches and ensure that they are installed quickly can go a long way toward protecting your website from outside threats.
For example, businesses running a WordPress, Drupal, or Joomla site gain real-time threat protection by arming their website, blog, or online shop with automated CMS patching, preventing the bad guys from sneaking in between updates—and stopping zero-day attacks in their tracks.
- Back up and Restore. It’s important to know that even if a threat slips through the cracks and does real damage to your website, the site can be easily restored. Version control software that enables businesses to back up and restore their website with just the click of a button is now widely available to those who recognize the importance of this technology. Many tools will even automatically create backups at certain intervals, making life as simple as possible for business owners.
It’s difficult to overstate the value of effective backup and restore tools. They ensure that even in a worst-case scenario where an attack cripples your entire website, you remain just one click away from restoring what was lost. That peace of mind enables small business owners to focus on the hundreds of other things they need to worry about, secure in the knowledge that their website is in good hands.
CAPTION: Five simple, automated cybersecurity technologies enable website owners to achieve big-business web security and peace of mind, using small-business resources.
Strong Website Protections Help Small Businesses and Their Customers
As breaches become both more numerous and more costly, small businesses must avoid putting themselves in a vulnerable position. Fortunately, as the threat landscape evolves, TLS/SSL and hosting providers are evolving as well. It is now easier than ever to protect online assets from malware and data breaches with new suites of products capable of everything from automatic certificate renewal to patching and remediation.
As simplified website security tools become more widely available, small businesses are increasingly able to enjoy a level of protection on par with much larger companies. The rise of automation has put powerful detection, protection, and recovery tools in the hands of the most resource-constrained and vulnerable organizations. And while no one tool can protect against every possible threat, SMBs with effective web certificate, threat detection, remediation, patching, and backup and restore capabilities will find themselves well-positioned to face whatever threats the future may hold.
As President of Partners and Channels, Michael Fowler is responsible for developing and maintaining channel partnerships with leaders in key growth markets. Michael has more than 15 years of experience in web security and works closely with Sectigo product management, engineering, marketing and support to develop product refinement and go-to-market strategies.