7 Common Website Threats and How To Prevent Costly Downtime
Congratulations on your successful website business! You’ve spent countless hours writing, designing and promoting your website — and now your business is thriving. You have happy customers, a memorable brand and your website is generating revenue.
What would happen if you suddenly lost all your hard work? Poof! Gone! Well, that scenario is not as far-fetched as it may seem.
Cyberthreats are on the rise and website owners face a never ending series of internal and external threats to their online businesses. It’s important for all website operators to better understand the threats they face, the harm these threats can cause, and take preventative measures today to protect their hard work.
Threat #1: Ransomware
According to Kaspersky Lab, every 40 seconds a business gets attacked by ransomware. Ransomware is a type of rogue software that has been designed to prevent access to your website until “ransom” money is paid to the attacker. Kaspersky also claims that 42% of SMBs have experienced a ransomware incident in the past 12 months. Ransomware attacks are on the rise and if you are a victim, your entire website could be taken offline for a short time. In some cases, even if you pay the ransomware amount, your website will remain disabled.
The cost of website downtime on your business can be substantial. The Los Angeles Valley College (LAVC) recently paid $28,000 for a ransomware demand.
Just imagine the true cost to your business if your website were knocked offline for just a few days by ransomware:
- Cost of the ransom if you pay it ($500 – 1,000’s of dollars)
- Lost sales
- Staff productivity losses from being unable to perform their work
- Overtime/consulting costs to IT experts tasked with fixing the problem
- Future sales loses due to reputation damage
- Future sales loses due to reduced search engine rankings due to blacklisting
Threat #2: Malware
Malware is menacing software that is intended to damage or disable websites and computer systems. 30,000 websites get hacked every day according to the Sophos Security Threat Report. And 71% of data breaches occur in businesses with less than 100 employees claims Verizon Enterprise. Sucuri Security says that approximately 20,000 websites a week are blacklisted by Google for malware. If Google or other search engines detect malware on your website, your visitors might see a warning saying “This site may harm your computer” and your customers could be prevented from visiting or transacting on your website. This could result in revenue loss for your business. At the least, be blacklisted can damage your reputation.
Threat #3: Accidental File Deletion
Did you know that a website can be taken offline simply due to user error? People make mistakes all the time. Sometimes, a member of your staff will accidentally delete an important content file or database entry, causing a website to fail.
Threat #4: Phishing
Phishing attacks have risen significantly in Q1 2016, according to a report issued by the Anti-Phishing Working Group. Phishing is the illegal practice of sending fake emails on behalf of real companies in an attempt to trick people into revealing personal information such as identification numbers, passwords and credit card numbers. Radicati Group estimates that 20% of all emails are hacked each year. Company and website emails are not the only place phishing can create havoc — user clicking fake social media links are now a leading cause of phishing attacks.
Threat #5: Data Breaches
Data breaches can happen anytime your company applications or servers have been infiltrated by rogue agents. In many cases of data breaches, private customer data such as phone numbers, mailing addresses and social security details are stolen and end up in the hands of criminals. The largest discovered data breach in the history of the Internet was recently uncovered at Yahoo! during the second half of 2016. 1 billion user accounts were compromised.
Threat #6: Employee Sabotage
Disgruntled employees are increasingly e-sabotaging businesses around the globe — and the next victim could be you. With as little as an outdated username and password, an unhappy worker or former employee can take down your website and/or steal critical company data. According to a survey by Intermedia and Osterman Research, 89% of ex-employees still have access to their company applications for an extended period of time post-departure. If one of those applications was your web server, your entire website would be at risk for data theft or sabotage.
Threat #7: DDoS attacks
In October 2016, criminals launched major DDoS attacks against several large online companies such as PayPal, Netflix and the PlayStation Network. The bad guys flooded traffic to DNS hosting provider Dyn, which in turn, disrupted the popular websites. This type of website threat is known as a distributed denial-of-service (DDoS) attack — caused by bots flooding the bandwidth of a targeted website server, which can prevent legitimate traffic from viewing any website.
3 Simple Ways To Prevent Website Downtime
Step #1: Improved Training, Policies and Procedures
With cyberthreats on the rise, businesses may want to consider restructuring their corporate security policies, conduct awareness training and launching regular audit activities to ensure that staff and vendors are adhering to the company’s directives. Corporate policies must be in tune with how the business works. Creating a well-crafted email security, archiving and backup policy is one example of how to reduce risk within your organization. A company’s security compliance policies should cover electronic messages, websites, databases, equipment, facilities as well as the systems that support them. Your company policies won’t be effective unless employees are aware of them and fully understand them. This means that companies must engage in comprehensive awareness training. All users should understand regulations, risk areas and how to handle company data properly.
Step #2: Data Protection
The best way to prevent data emergencies is to prevent the bad guys from entering your website servers, databases and folders in the first place. Use a reputable antivirus software tool to create a threat barrier. You should also protect your infrastructure by incorporating ways to handle unexpected external intrusions such as a DDoS attack. Load balancing and failover solutions, which distribute traffic across several machines and bypasses downed servers, is one way to protect your website — and your business.
Step #3: Backup and Recovery of Your Data
Smart businesses perform regular website data backup to both internal, on premise mediums (servers, hard drives, tape drives) and external mediums (cloud backup and/or storage). A website backup is a snapshot of all your website’s important components, such as content files, code folders, website databases and add-ons, plugins, or themes. Websites should be backed up using end-to-end encryption, such as 256bit military-grade encryption as well as Secure Socket Layer (SSL) to protect your data in transit and at rest. Data recovery is a web-based process that allows customers to browse, select and restore website data that has backed up in the cloud. Often times, all of a website’s related data can be recovered back to a specific date in time.
Make no mistake — cyber criminals are targeting your website and want to inflect harm on your business so they can profit. It’s no longer a matter of if an attack on your website will happen — it’s only a matter of when.
Both online and offline threats to your website pose a broad range of risks to your business, including financial loss, data and identity theft, loss of proprietary intellectual property, damaged brand reputation, and erosion of customer confidence. The stakes are high. Protecting your website against these ever-growing threats is not easy — but Dropsuite’s suite of data backup and recovery products can help.
Dropsuite’s Website Backup (also known as Dropmysite) is the market-leading backup solution that businesses around the globe use to schedule automatic backups of their websites, monitor availability and site performance, and restore lost or corrupted data in a single click. With Dropsuite’s Website Backup, every day, a copy of your website content folders, as well as any database related to your website, gets stored remotely in the cloud using military grade encryption technology.
If disaster strikes, you can restore your backup in just 1 click to quickly bring your website back to life. Our software is easy to use. No IT knowledge is required.
In the same way you insure your home or automobile, we recommend that every business back up their website. It’s what smart businesses do to protect their livelihood and stay one step ahead of the competition.