65% of all Australian businesses have experienced cybercrime in the last two years, with 60% of businesses that have been hit going out of business within 6 months. In this article, INGRID MOYLE, explores the impact of hacking on small business.
Australian organisations experience cybercrime at double the global rate, with 65% experiencing cybercrime in the past two years, compared with a global average of 32%. The risk isn’t just to your business, but to your clients whose personal details may have been compromised as part of your business being hacked.
If your business is subject to the Privacy Act, then you are covered by new mandatory data breach notification and remedy requirements to your clients if you are hacked, or face penalties of up to $1.8 million. Being hacked is now more common than being burgled, with more severe consequences on your business. That’s why cyber insurance is one of the hottest insurance products on the small business market.
The Hidden Weak Point – Your Website One of the weakest security points in your business is your website. Many small business websites are built on the WordPress software platform. Just like all software, your WordPress website needs regular updating to patch security holes. According to Wordfence, 22% of all hacks come from unpatched or out of date plugins on WordPress sites. Don’t become a statistic. There are a few things that you can do to reduce your risk of being hacked.
Maintain Your Website There are four different components of a WordPress website that must be regularly updated. Most updates do not happen automatically, so you need to manually install them. Be sure to check after each update to ensure that it hasn’t created problems with your website such as broken a form or changed the design.
Remember Paid Plugins During your web design process, many web designers will install at least one paid theme or plugin onto your site. Most of these paid plugins are sold on a subscription licence basis, meaning that they expire after 12 months. If the license has expired, then no updates will be forthcoming, leaving security holes in your website.
Keep a list of paid plugins on your site, and the dates when they need to be renewed. Ensure that all renewal notices come to your business and not to the original developer so that you can action any updates.
Username Security Hackers use brute force through automated bots to try and hack your site. If your username is admin, manager, or the name of your website, or the company name, you have performed the digital equivalent of leaving a key under the doormat. Set up a new, more secure username and transfer content to the new username before deleting the unsecured name.
Install Security Install additional security on your website to reduce your hacking risk. Wordfence is the industry standard and has paid and free options. We recommend the paid version for a higher level of security. Wordfence is also our first port of call to remedy sites that have been hacked. Their service is fast and effective. Other WordPress security options on the market include iThemes Security and Sucuri.
You Are Only As Good As Your Backups If your site has been hacked, you need to be able to access a clean backup to restore it. Your web host generally only keeps backups for less than 24 hours, which is useless in most cases of hacking. Invest in a solid cloud-based backup, and keep at least 3 months of backups in case of disaster.
Hacking is a major risk to your business and to your clients. Some simple steps will reduce your risk of being hacked and will go a long way to minimising problems for your business.
How to Reduce Your Risk of Being Hacked;
Update your WordPress site, themes and plugins weekly.
Keep subscriptions for any paid themes and plugins current.
Change your username and avoid using admin, manager, company name or website name.
Install security on your site – Wordfence, iThemes Security or Sucuri.
Take regular site backups and know how to restore your website.