Updated: 25-03-21

Small Business Website Security - The First Steps To Take

Agnes Talalaev
from patchstack

Small business website security can be hard to manage since security is something business has to invest in. Hiring a security expert for a small business can be too much and therefore a lot of small businesses are not focusing on security firsthand.

Usually, security becomes a problem after an incident has happened. 

“We got a ransomware mail which was hidden in a bill from Telekom Austria,”  says Mr. Brandstatter. – BBC News

This is a reactive form of security and can often be more expensive than a proactive approach to security. But how should a small business ensure that its business website is secure?

In this article, we will go over one specific incident of small business security and give tips and actionable suggestions on how to keep your small business website secure.

They got hacked four times in a row

A really good example comes from Austria and it’s about a hotel, that was hacked four times in a row. A beautiful hotel in Austria Alps was hacked four times between December 2016 and January 2017 where hackers got access to the hotel’s electronic door locks.

In addition to unusable door locks, the hotels hard drive was compromised and the hotel had to pay a ransom of two bitcoins, which, at the moment, is a really big amount of money.

Small business website security

“We got a ransomware mail which was hidden in a bill from Telekom Austria,”  

says Mr. Brandstatter. – BBC News

In addition to unusable door locks, the hotel's hard drive was compromised and the hotel had to pay a ransom of two bitcoins.

What did we learn from their story?

Small businesses get hacked because they are usually the ones low in security and therefore are a primary target for hackers.

Awareness in the cyber world is still one of the biggest problems as business executives and employees are unaware of the risks that the cyber world holds.

Awareness in the cyber world is still one of the biggest problems as business executives and employees are unaware of the risks that the cyber world holds.

“Actually, as a small business you do not really think that anybody’s interested in you for hacking, so we had no plan what to do,”


Mr. Brandstatter. via. BBC News

Small business website security

No organization wants its data to be compromised, as the result is not only a reputation loss but also penalties or fines. Proper security awareness and protection will reduce the risk to the organization’s data and information systems.

As a small and medium-sized business you may be wondering why would anyone hack you, we have to say that it’s not you the hacker is targeting in most cases, but first, let’s clear out the most common ways small businesses get hacked.

How many small businesses get hacked?

As mentioned, in most cases hackers do not target specific businesses in particular. They get data and use the data to their advantage. We will give an example of how WordPress sites get hacked.

Hackers are targeting known vulnerabilities in WordPress plugins and are using automated tools to try and get access to thousands of sites at once. For example, this website hacking statistics article shows that 98% of WordPress vulnerabilities are related to plugins.

Vulnerabilities are used to get access to your site, infect it with malware or insert SEO spam to gain financial profit using your site.

dangers of shared hosting

Statistics show that cybercriminals started to shift their focus already back in 2017. In the 2019 report, it was stated that hackers are starting to target more and more small businesses, which has resulted in a 424% increase in authentic and new breaches from 2017.

Another example comes from Manifest which surveyed 383 small business owners who use a mobile app and/or website to connect with customers. They wanted to know how they protect themselves from cyber-attacks and how has it worked out.

They found that 64% of small businesses are going to invest more in cybersecurity in 2020 than before. The reason can be that they experience their sites getting hacked and attacked more frequently.

The latest data from Forbes shows that about 50 000 websites get hacked every day. And what’s more, these 50 000 sites are usually legitimate small business sites, that are unwittingly distributing malware. 

What are the main small-business security holes?

Let’s look over the most common ways companies and small businesses get hacked to know how to protect your business.

Phishing scams

It is a known fact that human is one of the weakest links when it comes to cybersecurity. One popular technique in phishing is to trick you into entering your username and password (such as website admin panel password) to a fake login form.

Paypal fake notice example from Phishing.org
Paypal fake notice example from Phishing.org

How to detect a phishing scam?

When you start typing your credentials look at the URL at the browser bar. Make sure the URL is written correctly. Better yet, if the email contains a link to a site you often sign in to, don’t use the links sent to you in the emails. Open a new tab and sign in by writing the URL yourself.

This will ensure that you are most definitely log in to the right site, not a replica made to get your username and password.

Third-party code – plugins and themes in websites

The plugins and themes that you use on your websites, for example, WordPress sites, are build by developers around the world. When a plugin is listed in the WordPress repository, it is checked by the WordPress security team.

After that when a plugin receives updates, there is no one who checks it for vulnerabilities rather than hackers and web security teams.

We do constant monitoring for these kinds of vulnerabilities since it is usually the most common way websites get hacked. After checking for vulnerabilities we send a virtual patch to our web application firewall. All the sites that have our firewall installed will be safe from the vulnerability when hackers try to use it to access sites.

Website Hacking Statistics

This is why you should invest in website protection, so that your website, which is the face of your company could be safe and would not be a gateway to getting more of your data.

You can learn about how to protect your website by clicking on the online chat on the bottom right side of this page and we will help you to understand how to keep your company safe from these kinds of attacks.

Password security

Passwords are a topic that is usually present in every cyber-security how-to article. It is simply so important to use strong passwords and set up brute-force protection.

We have written an in-depth article on how to manage passwords, which will help you understand each angle you need to stay protected. You can read more about passwords here.

3 most important key takeaways from the article:

  1. It’s important that all your passwords are unique.  To remember your password start using a password management tool – see the free ones here.
  2. Protect your websites from plugin and theme vulnerabilities to keep away malware and costly cleanups. You can start your 7-day free trial here.
  3. Always keep your software updated and always be a little too suspicious and critical about emails that come from the bank or your file drive or email services. Double-check and ask help from those who are more tech-savvy.

Small business website security is crucial

A lot of hacks happen because the staff is not aware of the risks. We encourage you to educate more in terms of cybersecurity. Not only about your website (what to do and what not do to, how to update and patch the vulnerabilities) but also everything that is happening all over the web.

Hackers like everyone else innovate and sometimes it is very hard for you to understand what is legitimate and what not.

Cybersecurity is often misunderstood as a technical problem, but almost every breach is directly or indirectly caused by bad cyber hygiene or just the lack of security awareness.

Of course, there is a happy ending to the incident mentioned above, the hotel installed firewalls and new antivirus software trained its staff, and changed the locks into manual (which isn’t actually necessary if you have proper security measures in place).

Take your first step towards protecting your company. It’s an ongoing process that should always stay in the back of your mind. You can start a 7-day trial here for free, by protecting the online face of the business – your website.

Share This Article
Related Articles
NO Credit card required

Protect your WordPress sites against plugin, theme and core vulnerabilities

crossmenu