5 Tips to Protect Your Business From Hackers Today the risk of data breach is greater than ever, for large and small businesses alike. But keeping your venture safe is easier than you think.

By Marc Gaffan Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Pixabay

Last year will go down as the year of the security breach.

Reports of attacks and breaches made headlines across the world as many companies learned firsthand the damage a high-profile breach can inflict on a brand. Of the several lessons learned, the biggest may be that security needs to be top-of-mind for any online business -- regardless of size.

In fact, small companies stand to lose the most because they typically lack the dedicated security staff and expertise of a business ranked in the top half of the Fortune 500. While breaches at smaller companies may not make the headlines -- if they're detected at all -- the sheer number of small e-commerce sites in operation is just too tempting for hackers to ignore.

A recent study found that not only do the number of bots (automated applications that crawl and scan websites) on the Internet outnumber human visitors, but smaller websites actually receive a disproportionately higher percentage of automated bot visitors -- up to 80 percent of all traffic on sites with fewer than 1,000 visitors a day. Malicious bots probe sites for vulnerabilities, effectively automating web hacking.

The rise of automation has broadened the scope of attacks, making small businesses just as vulnerable as Home Depot or Target. Today, all online businesses are at risk. You don't have to be a Fortune 500 company to protect your business and customers from malfeasance. The following are simple measures any business owner can take to thwart attacks and prevent breach.

Related: Is Your Company's Data Safe in the Cloud? (Infographic)

1. Mind the gaps

Vulnerabilities are just that: exploitable weaknesses that allow attackers to penetrate systems. Fortunately, many of these vulnerabilities are well known and easy to patch. Specifically, there are two vulnerabilities all e-commerce business owners should be aware of: SQL and Cross Site Scripting (XXS).

Many sites, based on how their e-commerce application was built, are vulnerable to SQL injection attacks. Criminals probe web applications with SQL queries to try to extract information from the e-commerce database.

Cross Site Scripting attacks can occur when applications take untrusted data from users and send it to web browsers without properly validating or "treating" that data to ensure it isn't malicious. XSS can be used to take over user accounts, change website content or redirect visitors to malicious websites without their knowledge.

Because attacks on these vulnerabilities are directed at web application, a web application firewall (WAF) very effective in preventing them.

2. Denial of service

Some criminals are taking a brute force approach and flooding websites with traffic to take them offline -- called a distributed denial of service (DDoS) attack. For e-commerce sites, a DDoS attack has a direct impact on revenue. A single DDoS can cost more than $400,000, with some sources reporting costs of up to $40,000 per hour. With attacks ranging from mere hours to several days, no business can afford the risk of a DDoS attack.

Often times these attacks are accompanied by a ransom note demanding funds to stop the DDoS attack; other times the attack is merely a smokescreen, giving hackers time to probe the site for vulnerabilities.

In either case, rather than fall prey to extortionists, e-commerce sites should enlist DDoS protection to detect and mitigate the attack before it impacts their bottom line. DDoS protection is often available from hosting providers, so small businesses can ask their website hoster for options.

3. Two-factor authentication

Stolen or compromised user credentials are a common cause of breaches. eBay reported that cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network. Criminals use social engineering, phishing, malware and other means to guess or capture usernames and passwords. In other cases, attackers target administrators, whom they discover on social networks, using spear phishing attacks to obtain sensitive data.

Related: Why Your Password is Hackerbait (Infographic)

Stopping this problem is as simple as implementing two-factor authentication. This second factor is usually a code generated via an app or received via text on a phone owned by the user. Two-factor authentication has been around for a while, but just as better smartphone cameras opened up a whole new market of photo editing and sharing applications, so too has the escalation in breaches increased the number of options for two-factor authentication.

Today, there are a number of great two-factor authentication solutions that are both easier to use and very effective at keeping hackers out. Many are free, including Google Authenticator, and are packaged as handy apps on smartphones. With the increasing risk of breach, it's more important than ever that any application dealing with customer data be protected by two-factor authentication.

4. Scan your site

Web scanners are an important tool for detecting the SQL injection vulnerabilities and XSS mentioned above, as well as a host of other vulnerabilities. Information from these scanners can be used to assess the security posture of an e-commerce website, providing insights for engineers on how to remediate vulnerabilities at the code level or tune a WAF to protect against the specific vulnerabilities.

However, in order to be effective, businesses need to use them regularly. It's important to subscribe to a service that scans on a periodic basis -- not every three years.

5. Keep your 'friends' close

According to research by the Ponemon institute, third party providers -- hosters, payment processors, call centers, shredders -- have a significant impact on breach likelihood and scope. You wouldn't trust your money to a bank without rigorous, proven security measures in place. Nor should you trust a software vendor without security practices in place.

When seeking new providers, make sure they're compliant with security best practices like the Payment Card Industry's Data Security Standard (PCI-DSS) and cloud-security certification SSAE16. Don't be intimidated to ask cloud software vendors how they're managing security and what certifications they have. If they have none, you should think twice about working with them.

Don't overlook this. No matter how good the product, if the software introduces risk to your business, it's not worth it.

Today the risk of data breach is greater than ever, for large and small businesses alike. But security does not have to be complicated. By using the right tools, partnering with the right vendors and implementing safeguards, online businesses can reduce risk and keep out of the headlines.

Related: Sometimes Hackers Just Want to Embarrass You

Marc Gaffan

Co-founder of Incapsula

Marc Gaffan is co-founder of Incapsula. He has extensive experience in leading product marketing and management activities at leading security companies. Prior to founding Incapsula, Gaffan was director of product marketing at RSA, EMC's security division, where he was responsible for strategy and go to market activities of a $500M IT Security product portfolio.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Devices

The Tracking Card That Helps Entrepreneurs Stay on Top of Their Belongings

It's your solution to knowing where your office swipe, keys, or wallet are.

Growing a Business

How to Build, Grow and Make Money With Ecommerce

To grow your online business, you need to develop a strategy and invest your time wisely. These actionable tips can attract customers and increase online revenue.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Thought Leaders

12 Big Ideas From Business Books Published in 2024

After considering more than 1000 books for our annual Non-Obvious Book Awards, a few big themes emerged. Read our trend recap and how these trends can help your business in 2025.