It’s no secret that small to midsize businesses usually have similarly small budgets. As a result, expenses that don’t outwardly contribute to sales growth — like cybersecurity — often fall by the wayside. But small business cyberattack examples abound, defying the misconception that SMBs are safe from cyberthreats.

Misconceptions About Cybersecurity Threats for Small Businesses

Many SMB owners mistakenly believe that they aren’t appealing targets for cyber criminals if they don’t sell products online. While e-commerce sites present an opportunity for hackers to steal payment information from customers, that doesn’t mean your site is out of the running. For example, an SEO spam attack involves injecting unrelated keywords into a website’s text or code, causing its rank for actual keywords to plummet. These types of attacks hamstring SMBs by reducing traffic and confusing visitors who do manage to find them online.

Another common misconception is that a website hosting provider will defend against cybersecurity threats to small businesses. It may be true that a host provides a secure server, but it’s your responsibility to bolster website security. Still confused? This video can help illustrate the different security measures — and why you need to defend your site.

SMB cybersecurity is far more important than most companies realize. The “2018 HISCOX Small Business Cyber Risk Report” found that almost half of small businesses in the United States experienced cyberattacks within the last year. It costs a substantial amount of money to return to normal operations after a cyberattack, and the resulting loss in customers is even more difficult to calculate.

What’s more, once you’ve been attacked, you’ll likely experience another attack. Certain types of cyberattacks — like DDoS attacks, for example — are for sale “as a service” on the dark web, meaning anyone can conduct them, and according to one study, two-thirds of DDoS victims are hit repeatedly.

Up Your SMB Cybersecurity

Most small businesses don’t have the budget to survive an expensive cyberattack: 60% have to close up shop within six months of an attack. It’s not too late to prioritize your website’s security. The following steps can help mitigate cybersecurity threats for small businesses right away.

1. Choose strong passwords and unique usernames. Whatever you do, do not reuse login credentials that you use to sign in elsewhere. With the number of annual security breaches constantly increasing, it’s likely that some of your old usernames and passwords are already on the dark web.

2. Use an inside-out malware scanner that scans daily. Without a cybersecurity team on hand 24/7, a hacker who successfully breaches your defenses could go unnoticed for quite a while. The longer a breach goes on, the more sensitive information a cybercriminal can steal. Install a website malware scanner to catch and automatically remove malware from your site files.

3. Implement a web application firewall. A firewall will block malicious traffic and attacks, allowing your business to remain up and running for customers — even when it’s being targeted by malicious bots. In addition, firewalls can be customized to prevent credential stuffing attacks, where criminals try to log in using combinations of your old user credentials found on the dark web. A WAF customized to prevent this will keep cybercriminals from breaking into your small business website using your employees’ old credentials.

4. Remove unused plug-ins. Plug-ins are applications used to create and manage the content on your CMS website. Because these plug-ins can contain vulnerabilities, the more you install, the greater your risk for attack. Use as few plug-ins as possible to run your site and keep them updated to the latest versions.

Resist the urge to talk yourself out of upping your cybersecurity game. Cyberthreats to small businesses are just as prevalent. Whether you run an e-commerce site or not, your data is at risk if you’re online. The good news is that there are steps you can take now to ensure the safety of your company.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.