A Note from BBC14 Sponsor, Sucuri
A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and spoke at length with them about the importance of website security. The most interesting conversation we had over the week was with a small business owner on vacation with his family. Like the bloggers attending the upcoming Beer Bloggers Conference in San Diego, this man loved beer. And so do we. And so the conversation began…
Our new friend asked us what we, website security tech guys sitting at the bar drinking Lagunitas IPA, were doing in Miami. We relayed that we run a firm focused on making websites safe. Our friend responded, “That’s just for big websites, right?” That’s when the conversation got really interesting.
Our new friend (he owned an auto body shop) knew about the data breaches at the big retailers like Target and then went on to tell us:
But I’m not worried, because I have a really simple website and just ask people to fill out a form so we can contact them later.
It was at this point, sipping on California beer in Miami, that we knew we had a new obligation in the world of internet security communications: Sucuri needed to translate the language of website security so that website owners everywhere understood it’s importance. We use our blog to break security news and to educate the community about the latest malware removal techniques we are pioneering, but have put together an additional security primer for the everyday blogger, website enthusiast and small business owner. This security primer is useful for everyone at the Beer Bloggers Conference – please don’t hesitate to reach out if you have any questions.
Question: Is my small website a target? Answer: Yes and always
- A big company, like Target, is a high-value target because a hacker network could make a large amount of money by bypassing their security. However, this is a high-risk strategy. Target is big enough that they have security analysts who work to keep that from happening.
- Alternatively, a hacker could automate an attack against 1,000 small websites with website operators and owners who know very little about security and while those 1,000 websites may not have much traffic on a per-website basis, they have lots of traffic when aggregated together. Once a network of websites is in place, the hacker can relatively easily begin to monetize his work.
- Almost every employee at Sucuri has their own, much smaller, website, and each of us also monitors and protects our site because we know that they’re prime targets for hackers and the reason for that is that most website owners aren’t also security experts.
Going back to our auto body shop friend, it isn’t hard to imagine a time when a hacker quickly phishes his form page to redirect information away from the site and harm potential customers, and the scary thing is that the website owner wouldn’t even know about it until someone alerted them to the problem. If that ever happens, and his site is blacklisted by Google, it will be amazing how quickly website security becomes the most important thing in his life.
But I don’t take credit cards. Why am I at risk?
It is true that the moment your website begins taking credit card payments, you might as well raise your hand and tell attackers, “My website is now a target.” However,
the real truth is that every website, big and small, is always a target
The crux of the problem is that attackers can make money in many different ways. They may be redirecting your traffic to auto loan or porn sites or they may poison your search engine results with pharmaceutical listings. They can add phishing pages to your site in an attempt to get your customers or visitors to give them personally identifiable information or credit card information and in all of these situations, they’re taking advantage of the work you’ve put in to drive traffic. If you’re not protecting yourself from attack then there are two factors, one economic and the other psychological, that you need to be aware of, because in many ways a website attack is much more devastating for a small business or website than for a large one.
- First, you need to be sure that your site can sustain a loss in traffic or a loss in credit card transactions for a month or two months or six months, while the malware is in effect. When you don’t have a lot of traffic to lose in the first place and your website is hacked, it could take a very long time for those people who were scared away to come back. So, while Neiman Marcus can certainly sustain a data breach, you may be at a greater risk, relatively.
- The second reason it’s more devastating is psychological. Unlike a big corporation, a lot of small business owners and bloggers feel a personal connection with their customers and readers. When you get hacked, you put them at risk and it feels terrible because you feel personally responsible for whatever pain or hassle you cause to these customers and readers.
How can you protect yourself?
The best way to protect your website is by layering different levels of protection that can be broken down into four logical steps.
- Awareness of the problem
- Understand the symptoms of attacks
- Take steps to fix the root problem (malware) of attacks
- Protect your website with a firewall
It’s by design that each step above flows into the next. As you move down the rabbit hole of security, what becomes clear is that attacks are always evolving and that it would be a full-time job to keep up with it (in fact, it’s our full time job). As you can see, the first step is awareness. Be aware that there are people out there who would take advantage of your website. Second, learn a little bit about the symptoms of attack. Have customers recently complained that they’ve been redirected off of your site when clicking links? Have readers complained that they’ve seen a strange form when clicking a link? If so, then take steps to root out problems, such as running your site through our SiteCheck security scan. Better yet, just remove all doubt and protect your website by shielding it with our CloudProxy Firewall.
Every website we protect is one more website towards our goal of making the web a safer place and that’s something we can all be in favor of.
Have questions about your website and security? We look forward to talking with you. Give us a shout out: Austin Marshburn, Director, Sucuri Marketing: Austin@sucuri.net | 617.758.9114