With many businesses approaching their busiest trading period of the year, a website outage is the last thing they need. However, it is a very real possibility, with a new survey from web hosting company GoDaddy finding that one in five (22%) Australian small businesses surveyed have already experienced a security breach on their website.

The global study of more than 8,000 small businesses in 20 countries found that of 22% who have had a website security breach, 75% reported having experienced website downtime – with 40% experiencing an outage that lasted longer than three days. Other common impacts included reputational damage (35%) and financial loss (32%).

“A cyber security incident can have numerous negative impacts on small businesses,” says Tamara Oppen, managing director of GoDaddy Australia.
“Knowing the risks and, more importantly, how to protect your business is crucial, especially as we approach critical retail shopping periods like Black Friday and Christmas. Small businesses need to consider the security of their online presence, just as they do the security of their offline presence.”

 

A question of resources

Meanwhile, the study found only 15% of Australian small businesses feel they know how to deal with a cyber attack, and two-thirds (66%) haven’t added cyber security protections to their website. Of those who don’t have protections, 40% said a failure to do so is based on a lack of accessible and straightforward information online. Meanwhile, 45% reported that they don’t feel they have the skills or backup to deal with a cyber-attack on their website.

Ms Oppen adds that attacks target businesses small and big equally. Because attackers often use automatic scanning, websites and other digital channels with fewer protections are often at higher risk.

“Because small businesses often lack the resources of bigger companies, they can be disproportionately affected by a cyber attack,” Ms Oppen explains. 

 

Threats – well known and not

Meanwhile, “when it comes to Australia’s small businesses, cyber security awareness is mixed”, Ms Oppen says.

The research found that while at least 70% of businesses knew more common terms like malware, phishing, and ransomware, there was less awareness of other types of attacks. For example, only 45% of businesses are aware of an SQL injection, which uses malicious code to access information, for example, sensitive company or customer data.

Also, only 43% thought DDoS and man-in-the-middle attacks pose a threat. DDoS or ‘Distributed Denial of Service’ is an attack whereby cybercriminals flood a network with false requests in an attempt to overload the system and halt its use. And a man-in-the-middle attack involves a hacker impersonating someone they’re not to trick a party into sharing information with them.

 

How to protect your website

“It can feel like a daunting topic, but there are simple ways small businesses can add safeguards to help protect their online business and the customers using it,” says Ms Oppen.

She recommends that businesses use available technology to protect their online presence – this includes tools like SSL certificates for websites, firewalls, site backups, malware scanning, and continuous monitoring services.

“Basic housekeeping, like security training, strong password management, and regularly updating systems, are important steps that are easy to action,” Ms. Oppen says.

“With some simple safeguards in place, small businesses can harness the power of technology to help protect their online presence against a cyber attack,” she concludes.