Did you know websites experience almost 60 attacks per day? Small businesses are often at the greatest risk. Without an allocated budget for protection and recovery, 60% of small to midsize businesses end up closing their doors within six months of a cyberattack. Small business owners shouldn’t assume that it won’t happen to them.
Be aware of the potential consequences of malware for your business and know how to adequately address them if you find yourself dealing with a malware attack.
What Problems Can Malware Cause?
A few of the particularly tough consequences of malware come from defacement, backdoor, redirect, and SEO spam attacks.
Defacements occur when attackers change the appearance of your site. They might add explicit images or offensive text to your homepage in order to erode trust in your brand. Defacement attacks require manual intervention from security experts. Although the matter is usually a quick fix, it can result in a loss of traffic or damage to your reputation that can cause lingering problems for your business.
Backdoors are often more difficult to spot than defacements, as they’re built to blend in with the website’s code. Backdoors allow cybercriminals regular access to your site — likely without your knowledge. These attacks may expose customer data, be used to alter the appearance of your website, etc. Ultimately, they can cause customers to lose trust in your business and impact your overall profits.
Redirects, while also hard to spot, will likely have more short-term consequences. This type of malware redirects visitors from your site and onto other malicious ones. These account for 17% of malware infections and can result in a brief decrease in traffic.
Finally, SEO spam attacks are particularly damaging for small business websites. This is when cybercriminals flood your site with hundreds (or even thousands) of malicious backlinks or unnecessary keywords. Popular search engines can ban sites for SEO spam, decreasing your rankings in the process. This can take months to recover. Having your website banned could cost your company valuable traffic and visitors until you get it back up and running.
Even issues that are quick fixes can have lasting effects on your small business, especially if you’re slow to nail down and address problems. Even without considering the damages to your business’s reputation, downtime from a cyberattack can cost small businesses as much as $427 per minute.
Getting a Malware Attack Under Control
The longer a threat actor has undetected access to your network, the worse the outcomes will be. With enough time, hackers can steal valuable company and customer data, exploit vulnerabilities, and move laterally in your network in order to gain access to other entryways.
The time it takes to identify and take control of an attack is called “dwell time.” The data breach that landed Marriott International in the headlines in 2018 had a dwell time of four years. With such a massive window of opportunity, it’s no surprise that hackers stole the data of as many as 500 million customers.
The best lesson small businesses can learn from such an event is the importance of minimizing dwell time. The following three steps can help you prevent malware attacks and reduce dwell time should an attack occur.
1. Lean on automation. Performing regular manual website security audits can be time-consuming — especially in a small business environment, where information technology workers have to wear multiple hats. To protect yourself from the effects of malware attacks, rely on automated tools such as website scanners. They can operate on their own and identify threats in real time.
2. Patch vulnerabilities. Update software — including all plug-ins and your core content management system files — on a regular basis. Software developers are constantly releasing patches and updates for a reason: to protect against vulnerabilities. They’ll also include reports about the vulnerabilities each patch addresses. By failing to update your software, you’re exposing yourself to cybercriminals who know how to pinpoint the weak spots in previous versions of software. Don’t put off updates; perform them as soon as possible.
3. Create a response plan. Creating a company wide response plan is a great way to ensure your employees are all on the same page, and it even provides a certain degree of cybersecurity training. The main benefits, however, come to light when the incident occurs. When there’s a documented process in place, your business will respond to a cyberattack with greater efficiency, reducing dwell time and minimizing the consequences of malware.
While malware can be damaging and costly to a small business, it doesn’t have to be. Practicing proper “cyber hygiene” can help you prepare for and even prevent a malware attack.
Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.