Category: Cybersecurity News Page 1 of 10

Tips to Stop Cybersecurity Threats for Small Businesses

It’s no secret that small to midsize businesses usually have similarly small budgets. As a result, expenses that don’t outwardly contribute to sales growth — like cybersecurity — often fall by the wayside. But small business cyberattack examples abound, defying the misconception that SMBs are safe from cyberthreats.

Misconceptions About Cybersecurity Threats for Small Businesses

Many SMB owners mistakenly believe that they aren’t appealing targets for cyber criminals if they don’t sell products online. While e-commerce sites present an opportunity for hackers to steal payment information from customers, that doesn’t mean your site is out of the running. For example, an SEO spam attack involves injecting unrelated keywords into a website’s text or code, causing its rank for actual keywords to plummet. These types of attacks hamstring SMBs by reducing traffic and confusing visitors who do manage to find them online.

Another common misconception is that a website hosting provider will defend against cybersecurity threats to small businesses. It may be true that a host provides a secure server, but it’s your responsibility to bolster website security. Still confused? This video can help illustrate the different security measures — and why you need to defend your site.

SMB cybersecurity is far more important than most companies realize. The “2018 HISCOX Small Business Cyber Risk Report” found that almost half of small businesses in the United States experienced cyberattacks within the last year. It costs a substantial amount of money to return to normal operations after a cyberattack, and the resulting loss in customers is even more difficult to calculate.

What’s more, once you’ve been attacked, you’ll likely experience another attack. Certain types of cyberattacks — like DDoS attacks, for example — are for sale “as a service” on the dark web, meaning anyone can conduct them, and according to one study, two-thirds of DDoS victims are hit repeatedly.

Up Your SMB Cybersecurity

Most small businesses don’t have the budget to survive an expensive cyberattack: 60% have to close up shop within six months of an attack. It’s not too late to prioritize your website’s security. The following steps can help mitigate cybersecurity threats for small businesses right away.

1. Choose strong passwords and unique usernames. Whatever you do, do not reuse login credentials that you use to sign in elsewhere. With the number of annual security breaches constantly increasing, it’s likely that some of your old usernames and passwords are already on the dark web.

2. Use an inside-out malware scanner that scans daily. Without a cybersecurity team on hand 24/7, a hacker who successfully breaches your defenses could go unnoticed for quite a while. The longer a breach goes on, the more sensitive information a cybercriminal can steal. Install a website malware scanner to catch and automatically remove malware from your site files.

3. Implement a web application firewall. A firewall will block malicious traffic and attacks, allowing your business to remain up and running for customers — even when it’s being targeted by malicious bots. In addition, firewalls can be customized to prevent credential stuffing attacks, where criminals try to log in using combinations of your old user credentials found on the dark web. A WAF customized to prevent this will keep cybercriminals from breaking into your small business website using your employees’ old credentials.

4. Remove unused plug-ins. Plug-ins are applications used to create and manage the content on your CMS website. Because these plug-ins can contain vulnerabilities, the more you install, the greater your risk for attack. Use as few plug-ins as possible to run your site and keep them updated to the latest versions.

Resist the urge to talk yourself out of upping your cybersecurity game. Cyberthreats to small businesses are just as prevalent. Whether you run an e-commerce site or not, your data is at risk if you’re online. The good news is that there are steps you can take now to ensure the safety of your company.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.

Currently Tracking: WordPress Plugin Vulnerabilities Causing Malicious Redirects

SiteLock research and remediation teams have become aware of several vulnerable WordPress plugins that are affecting our customers. The symptoms most commonly associated with these vulnerabilities are malicious redirects. Essentially, visitors are being sent to another website than the one they are attempting to access. We are still gathering information on these vulnerabilities, and how they are being used. As soon as we have completed our review, we will release more information.

The affected WordPress plugins are:

Read More

SiteLock 2019 Website Security Report: Protecting Websites in the Age of Stealth Attacks

Among the cryptojacking-buzz, Facebook’s data breach saga, and nation-state attacks on companies like Nissan, you likely noticed a trend of high-profile cybercrime in 2018.

However, after studying website attacks that plagued 2018, a new trend arises. Cybercriminals swept the web with secrecy, focusing on stealthy attacks to compromise websites rather than taking a more conspicuous approach.

Read More

When a Good Thing Goes Bad – How Vulnerabilities Were Intentionally Built into pipdig

Don’t just pay attention to the man behind the curtain, tear the curtain down and burn it. That’s been the general sentiment among the InfoSec community on Twitter this past week in the wake of the discovery of multiple vulnerabilities intentionally built into the popular pipdig Power Pack (P3) plugin. I could easily write 3,000 words digging into the code, but that’s been covered incredibly well already by other researchers. Instead, I’m going to focus more on the effects of this situation, and on how we as a security-minded community can make a difference going forward.

Read More

CMS security update

Magento Releases Immediate Security Update Addressing an Unauthenticated SQLi Vulnerability

The popular e-commerce CMS platform, Magento, announced multiple security updates to their commerce and open source versions on March 26, 2018. More than 250,000 active Magento installations are affected by this security flaw, including versions 2.1 prior to 2.1.17, 2.2 prior to 2.2.8, and 2.3 prior to 2.3.1.

Read More

Microsoft Seizes Website

Microsoft takes control of websites from Iranian hackers. Is there an abuse of power in trying to help?

If cybercriminals were creating illegitimate websites to impersonate your brand and steal victims’ information—would you shut down those sites if you could?

That’s exactly what Microsoft did when it took control of 99 websites that Iranian hackers used to try to steal sensitive information from targeted victims, namely United States employees in the public and private sectors. According to Microsoft, the hackers “specifically directed” their attacks on government agencies in Washington.

Read More

4th of July

The Beginner’s Guide to California’s Cybersecurity Laws

California has a history of creating legislation that creates a ripple effect that affects consumers in other states. While the laws only affect California, they often push companies into adopting the rules broadly – for example, California’s strict auto emissions standards have been adopted in 16 other states since 2004. “What California does definitely impacts the national conversation,” says state Senator Scott Wiener. As the home of some of the biggest names in technology, it’s no surprise that California’s legislators are especially concerned about cybersecurity. In 2018 alone, California has passed several laws that they hope will inspire other states – and ultimately, Congress – to passing cybersecurity laws that better address the issues of our time. However, these laws have also attracted criticism from tech companies, cybersecurity experts, and the Federal Government. These laws may come to affect you, which is why we’ve created this guide.

Read More

CMS security update

Joomla! Releases Version 3.8.13 with Security Updates

Last week, Joomla! released version 3.8.13 which included five security updates for the 3.x series of Joomla!. All five of the vulnerabilities addressed are part of the Joomla! application core. Although all of the vulnerabilities are considered low priority, Joomla! is encouraging users to update their applications as soon as possible to avoid possible compromise as a result of them being exploited. The vulnerabilities below were addressed:

Read More

SiteLock Website Security Video

Reserve Your Seat for Our Free Webinar! Website Security Lessons From 3 Major Cyber Stories

SiteLock is hosting a free webinar and you’re invited! Join us LIVE on October 3, 2018 at 10 AM CST as we cover the lessons we’ve learned from a year of cybercrime. Learn from our SiteLock Web Security Research Analysts, Jessica Ortega, Ramuel Gall, and Topher Tebow, as they highlight three of our most popular cybersecurity topics from the past year.

Read More

CMS security update

Joomla! Fixes Security Flaws in 3.8.12

Joomla! recently released version 3.8.12 which includes patches addressing three security vulnerabilities and several bug fixes.  This is a security release that impacts all versions of the 3.x series of Joomla! applications and users are encouraged to update as soon as possible to avoid potential compromise.

Read More

Page 1 of 10

Powered by WordPress & Theme by Anders Norén