Why hackers target small business websites

Table of contents

For business owners a website is their primary channel of communication with customers.

A study conducted by the Australian Cyber Security Centre found that 72% of Australian small businesses have a website. Yet less than 40% check for updates despite an increasing number of websites getting targeted by cyber criminals.

Ensuring your website is secure, up to date and backed up will reduce the risk of your website becoming compromised. This prevents a loss of customer trust and in a worst-case scenario loss of revenue.

Why would somebody hack my website?

The first question small business owners have is “Why would hackers target my website? Why are they interested in me?”

Usually the hacker is not targeting one individual website. They are searching thousands of websites across the internet looking for vunerable websites.

We’ve seen first-hand the implications an unsecured website can have on a business. The processes to recover from a hacked website is quite involved.

Some of the more common implications involve:

Theft of money (Ransomware)
The majority of small business owners are less likely to have website backups and are more likely to pay a ransom if their data is encrypted.

Impact on website rankings
Once a website becomes compromised it doesn’t take long for networks such as Google, Facebook and LinkedIn to blacklist your website. This can have a major impact on your small business as it can prevent your website from being visible in Google. It can also prevent your customers from interacting with you on social media.

Email spam
Most small businesses will host their email on the same server their website is on. Hackers will create hundreds of different email accounts to create a spamming network. Sometimes this can result in your own email address becoming blacklisted. This means your customers email provider may block your emails to them.

Access to 3rd party systems
Most websites are connected to email marketing, analytics software or a CRM. Hackers could gain access to a range of 3rd party systems.

Theft of personal information
Websites store personal information from contact and personal enquiry forms. Names, emails, addresses, phone numbers, health or financial data are highly sensitive. They can be used for a myriad of attacks such as fraud, identity-theft or blackmail. E-commerce websites collect banking and financial details making them an obvious target.

Cryptocurrency mining
The rise of cryptocurrency has made it popular for hackers to install mining software on websites. Your website then generates cryptocurrency for them without you knowing.

What you can do to stop your website being hacked

Make sure your website has an SSL Certificate installed

To protect your website and your customers you must have an SSL Certificate installed. This is something your website hosting provider should be able to offer. These days it is quite often free.

What is SSL?

SSL encrypts any information being transferred between a user’s web browser and the website server where your website sits. This means if someone is somehow able to intercept your communication somewhere in the middle, it is unreadable.

A customer can identify if you have an SSL certificate by looking at your website URL in the browser’s address bar.

If you can see a lock then you can be confident that the website has an SSL certificate installed. If the browser address bar reads “Not secure” then you know the website does not have an SSL certificate installed.

If your customer is warned that your website is not secure what impact do you think that will have? They might close your website and open a competitors link that is secure, affecting your bottom-line ?

If you’re looking for more information on SSL check out this post – What is SSL and does your website need it? The short answer is, Yes!

Make sure your website is kept up to date

A SSL certificate is a great way to ensure your website visitors information is protected. But you also need to ensure your information is secure.

  • Make sure your plugins, themes and security patches are updated periodically.
  • Ensure your website is being backed up regularly (at minimum once a month) and know the process for restoring your website from a backup.
  • Run your website through a security check and malware scanner to proactively check for potential website hacks.
  • Ensure your password is secure and changed regularly.
  • Remove old admin, manager account access (especially for ex-employees).

In the event your website does get hacked do you know who to contact to get the problem resolved. Where is your website hosted? Who manages your website? Is there an admin panel that offers a 1-click restore from a previous backup.

What should I do next?

Your website is the face of your business. Identifying the impacts a hacked website can have on your business is a great stategy.

Contact your web hosting provider or the web developer who built your website. Find out what security systems are in place to protect your website. What is the process in the event your website does get hacked?

Attempt the “non-techy” steps yourself and reduce the risk of your website getting hacked.


If you like this post you’re gonna love…

post-button-prev post-button-next