5 Tips to Protect Your Business From Hackers

Today the risk of data breach is greater than ever, for large and small businesses alike. But keeping your venture safe is easier than you think.

learn more about Marc Gaffan

By Marc Gaffan

Pixabay

Opinions expressed by Entrepreneur contributors are their own.

Last year will go down as the year of the security breach.

Reports of attacks and breaches made headlines across the world as many companies learned firsthand the damage a high-profile breach can inflict on a brand. Of the several lessons learned, the biggest may be that security needs to be top-of-mind for any online business -- regardless of size.

In fact, small companies stand to lose the most because they typically lack the dedicated security staff and expertise of a business ranked in the top half of the Fortune 500. While breaches at smaller companies may not make the headlines -- if they're detected at all -- the sheer number of small e-commerce sites in operation is just too tempting for hackers to ignore.

A recent study found that not only do the number of bots (automated applications that crawl and scan websites) on the Internet outnumber human visitors, but smaller websites actually receive a disproportionately higher percentage of automated bot visitors -- up to 80 percent of all traffic on sites with fewer than 1,000 visitors a day. Malicious bots probe sites for vulnerabilities, effectively automating web hacking.

The rise of automation has broadened the scope of attacks, making small businesses just as vulnerable as Home Depot or Target. Today, all online businesses are at risk. You don't have to be a Fortune 500 company to protect your business and customers from malfeasance. The following are simple measures any business owner can take to thwart attacks and prevent breach.

Related: Is Your Company's Data Safe in the Cloud? (Infographic)

1. Mind the gaps

Vulnerabilities are just that: exploitable weaknesses that allow attackers to penetrate systems. Fortunately, many of these vulnerabilities are well known and easy to patch. Specifically, there are two vulnerabilities all e-commerce business owners should be aware of: SQL and Cross Site Scripting (XXS).

Many sites, based on how their e-commerce application was built, are vulnerable to SQL injection attacks. Criminals probe web applications with SQL queries to try to extract information from the e-commerce database.

Cross Site Scripting attacks can occur when applications take untrusted data from users and send it to web browsers without properly validating or "treating" that data to ensure it isn't malicious. XSS can be used to take over user accounts, change website content or redirect visitors to malicious websites without their knowledge.

Because attacks on these vulnerabilities are directed at web application, a web application firewall (WAF) very effective in preventing them.

2. Denial of service

Some criminals are taking a brute force approach and flooding websites with traffic to take them offline -- called a distributed denial of service (DDoS) attack. For e-commerce sites, a DDoS attack has a direct impact on revenue. A single DDoS can cost more than $400,000, with some sources reporting costs of up to $40,000 per hour. With attacks ranging from mere hours to several days, no business can afford the risk of a DDoS attack.

Often times these attacks are accompanied by a ransom note demanding funds to stop the DDoS attack; other times the attack is merely a smokescreen, giving hackers time to probe the site for vulnerabilities.

In either case, rather than fall prey to extortionists, e-commerce sites should enlist DDoS protection to detect and mitigate the attack before it impacts their bottom line. DDoS protection is often available from hosting providers, so small businesses can ask their website hoster for options.

3. Two-factor authentication

Stolen or compromised user credentials are a common cause of breaches. eBay reported that cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network. Criminals use social engineering, phishing, malware and other means to guess or capture usernames and passwords. In other cases, attackers target administrators, whom they discover on social networks, using spear phishing attacks to obtain sensitive data.

Related: Why Your Password is Hackerbait (Infographic)

Stopping this problem is as simple as implementing two-factor authentication. This second factor is usually a code generated via an app or received via text on a phone owned by the user. Two-factor authentication has been around for a while, but just as better smartphone cameras opened up a whole new market of photo editing and sharing applications, so too has the escalation in breaches increased the number of options for two-factor authentication.

Today, there are a number of great two-factor authentication solutions that are both easier to use and very effective at keeping hackers out. Many are free, including Google Authenticator, and are packaged as handy apps on smartphones. With the increasing risk of breach, it's more important than ever that any application dealing with customer data be protected by two-factor authentication.

4. Scan your site

Web scanners are an important tool for detecting the SQL injection vulnerabilities and XSS mentioned above, as well as a host of other vulnerabilities. Information from these scanners can be used to assess the security posture of an e-commerce website, providing insights for engineers on how to remediate vulnerabilities at the code level or tune a WAF to protect against the specific vulnerabilities.

However, in order to be effective, businesses need to use them regularly. It's important to subscribe to a service that scans on a periodic basis -- not every three years.

5. Keep your 'friends' close

According to research by the Ponemon institute, third party providers -- hosters, payment processors, call centers, shredders -- have a significant impact on breach likelihood and scope. You wouldn't trust your money to a bank without rigorous, proven security measures in place. Nor should you trust a software vendor without security practices in place.

When seeking new providers, make sure they're compliant with security best practices like the Payment Card Industry's Data Security Standard (PCI-DSS) and cloud-security certification SSAE16. Don't be intimidated to ask cloud software vendors how they're managing security and what certifications they have. If they have none, you should think twice about working with them.

Don't overlook this. No matter how good the product, if the software introduces risk to your business, it's not worth it.

Today the risk of data breach is greater than ever, for large and small businesses alike. But security does not have to be complicated. By using the right tools, partnering with the right vendors and implementing safeguards, online businesses can reduce risk and keep out of the headlines.

Related: Sometimes Hackers Just Want to Embarrass You

Marc Gaffan

Co-founder of Incapsula

Marc Gaffan is co-founder of Incapsula. He has extensive experience in leading product marketing and management activities at leading security companies. Prior to founding Incapsula, Gaffan was director of product marketing at RSA, EMC's security division, where he was responsible for strategy and go to market activities of a $500M IT Security product portfolio.

Related Topics

Editor's Pick

Everyone Wants to Get Close to Their Favorite Artist. Here's the Technology Making It a Reality — But Better.
The Highest-Paid, Highest-Profile People in Every Field Know This Communication Strategy
After Early Rejection From Publishers, This Author Self-Published Her Book and Sold More Than 500,000 Copies. Here's How She Did It.
Having Trouble Speaking Up in Meetings? Try This Strategy.
He Names Brands for Amazon, Meta and Forever 21, and Says This Is the Big Blank Space in the Naming Game
Business News

I Live on a Cruise Ship for Half of the Year. Look Inside My 336-Square-Foot Cabin with Wraparound Balcony.

I live on a cruise ship with my husband, who works on it, for six months out of the year. Life at "home" can be tight. Here's what it's really like living on a cruise ship.

Business News

These Are the Most and Least Affordable Places to Retire in The U.S.

The Northeast and West Coast are the least affordable, while areas in the Mountain State region tend to be ideal for retirees on a budget.

Business News

Amtrak Introduces 'Night Owl' Prices With Some Routes As Low As $5

The new discounts apply to some rides between Washington D.C. and New York City.

Business News

The 'Airbnbust' Proves the Wild West Days of Online Vacation Rentals Are Over

Airbnb recently reported that 2022 was its first profitable year ever. But the deluge of new listings foreshadowed an inevitable correction.

Business Ideas

55 Small Business Ideas To Start Right Now

To start one of these home-based businesses, you don't need a lot of funding -- just energy, passion and the drive to succeed.

Business Solutions

Master Coding for Less Than $2 a Course with This Jam-Packed Bundle

Make coding understandable with this beginner-friendly coding bundle, now just $19.99.