Small Businesses a Sweet Spot for Hackers

Small Businesses are of more interest to hackers than you might imagine. There are 750,000 sites active on the web at any given moment, and a vast number of these belong to small businesses. Many of which don’t have effective web security services in place. This makes them a low-cost, quick option with a high potential for lucrative returns.

Many small-businesses run their website using free hosting through sites like, and don’t employ any additional web security measures other than those provided by the host. In fact, an out of date WordPress site turned out to be the source of the high-profile Panama Papers leak.

It’s a common belief among small business owners that they’re too small to be noticed by hackers. Cybercriminals however, use advanced and automated tools to search and find vulnerable websites. Once they find one, exploiting it gives them access to data and information provided on that websites, or allows them to edit background code and install malware through software updates or download links. The result is a security risk to effectively anyone who might access their site. Owners and staff of the compromised business, their customers and other businesses too.

When it comes to attacks on small businesses, hackers typically steal the credit card information and personal details of customers who make purchases with small enterprises. A customer or employee’s identifiable data usually includes names, addresses and birthdays, all information which can enable identity theft, resulting in unwanted costs and complications for everyone involved. According to data from the U.S. National Cyber Security Alliance, about sixty percent of small businesses who suffer a hack are forced to close within six months.  Most attacks are still arriving via email, but there has been a recent increase in attacks on small and medium enterprises using mobile devices and social media channels.

The trend towards cybercriminals targeting small businesses is likely to continue in the eyes of some hackers they have become more attractive targets than larger enterprises, small business can no longer ignore the target painted on its back.

Paying a company for a once-off website virus removal might seem cheaper at first glance, but the truth is there is no substitute for the security which regularly maintained web site security can provide.

Website security for small businesses should ideally take a multi-layered approach, using desktop security products such as antivirus, antispam and firewalls, as well as cloud-based and software for network intrusion detection. Firewall services that are cloud-based protect your companies administrative access and data around the clock, and offer threat detection and management. Proper maintenance also includes regular scans that are scheduled outside of uptime monitoring, and will search for vulnerabilities so that they can be fixed ahead of time, prevent exploitation by hackers. These are all things which might seem too technical or expensive for local cafes and community not-for-profits, but many service providers are now offering tailored subscription services and packages to suit different budgets.

Join the conversation with fellow UBC students and contribute your article here.