Five tech capabilities to shape your SME website security strategy

Isn’t it great? Your website seems to be a well-oiled machine: it has top-ranking content, no broken forms or shopping carts, quick-loading pages, and it helps your organisation achieve critical business goals. Website security crosses your mind every once in a while, such as when another business’ outage or breach makes headlines, but your organisation is small enough that hackers won’t take aim… right? Wrong! Sadly, good-intentioned small-to-medium-sized business (SMB) leaders are misinformed or apathetic about website security, and their companies suffer from business-draining cyber security attacks. Website security is critical, regardless of your business’s size.

Danger ahead: widespread web security negligence

SMB business leaders are busy, and once a website is up and running, it’s a quick thing to mark off as ‘done’ and move on to other tasks. Website security is not usually a top concern — until it’s too late. Alarmingly, nearly half (48%) of SMB leaders think that their organisation is too small or unimportant for hackers to notice. The harsh reality is that any website or cloud-based system is a target. In Sectigo’s State of Website Security and Threat Report, January 2021, we learned that 50% of SMBs experienced a website breach, and 40% are attacked every month.

The consequences of a website attack are severe. Organisations under fire are at risk of losing revenue, customers, productivity, search engine rankings, intellectual property, and reputation. 60% of SMB website attacks resulted in site outages, and more than a third incurred revenue loss.

Despite the risk, the study found that only 30% of SMBs believe they are vulnerable to online threats, including those businesses that have recently experienced a breach. It’s clear that SMBs are overconfident and do not consider their websites to be vulnerable, despite how vital their online presence is to their success.

This is a perception battle with reality, at epic proportions. It’s not a question of ‘if’ your site will be probed for vulnerabilities. It’s a question of ‘when.’

GDPR infringement: What can tech leaders do to reduce breaches?

A study by DLA Piper has found that regulators within the EU have imposed fines for GDPR infringement adding up to €114 million. Read here

Evolve beyond the “It won’t happen to me” mindset

When website security is not prioritised, your business is exposed to significant losses. The good news is that by focusing on five simple, automated technologies, website administrators and owners can achieve big-business web security and peace of mind by using SMB tools.

1. Keep your tech updated: When selecting a tech stack for your website, it is critical that it is proactively updated and patched to reveal and prevent vulnerabilities from being abused by cyber criminals. Automated CMS patching, such as auto-updates to WordPress or Magento, for example, prevents hackers from getting in between updates. It is critical to keep the core site version as well as any extensions up to date for the most recent revision in real time. Pay special attention to parts of the web that need user feedback, such as registration forms, as these are popular targets for attacks.

2. Proactively detect malware and vulnerabilities: There’s a big difference between being alerted when something already went wrong and having the knowledge to stop an incident before it begins. Search engines infamously blacklist websites that show signs of vulnerabilities, and it’s challenging at best to earn back their trust. This is just one example demonstrating why SMBs must be proactive in detecting and averting malware and vulnerabilities. Using an automated vulnerability scanner that will continuously scan for vulnerabilities on your website is an essential security measure these days. It is surprisingly common for website owners to have malicious code working silently in the background without owners knowledge or causing any visible malfunction.

3. Tool up to remove discovered threats: You uncovered a vulnerability in your MySQL database, website files, or another core component of your website. Now what? Don’t get caught with the knowledge of a threat only to have no way to counter the attack. Prepare for remediation; removing the threat. Your website admins rely on remediation software that can immediately remove active vulnerabilities without disruption. Make sure you choose a tool that prioritises business continuity in the event of needing to remove a discovered threat.

4. Perform backups: If your website succumbs to a cyber attack, your backups are your insurance policy and the key to your recovery plan. Gain the peace of mind that if your website is suddenly unavailable, you will quickly be able to restore it to the correct version, with all of its data intact. Version control software is widely available, and many hosting services have plans that periodically perform database backups and snapshots. Effective backup and restore tools are critical to any connected business to reconstruct lost information quickly.

5. Automate TLS/SSL certificates: “Identity” is a critically important concept for websites. Your website visitors need to be confident that they are on your secure website and haven’t landed in the unknown. Digital certificates (visible as a padlock in many browsers) help visitors know that the personal information they enter is only being shared with your authentic and verified site. Given that more than 72% of respondents in our study said that they collect or store sensitive data through their website, providing clear assurance is critical for earning customer trust. The rise of security automation has made it considerably easier to issue, renew, and maintain TLS/SSL certificates, meaning that small businesses can enjoy the benefits of identity security with minimal management.

World Backup Day 2021: what businesses need to know post-pandemic

With World Backup Day taking place today, we hear from industry experts about how businesses can best back up their data post-pandemic. Read here

Don’t fall victim to the next breach or outage

Cyber attacks are rising in number much faster than SMB leaders are preparing for them. It’s critical to protect your organisation from the catastrophe that follows by keeping your tech updated, proactively detecting malware and vulnerabilities, tooling up to remove threats, performing backups, and automating TLS/SSL Certificates. While cyber attacks may never end, there are many resources and technologies available to continue so you can be prepared for anything. The internet is ever-evolving, so your organisation’s website security should as well.

Written by Tim Callan, chief compliance office at Sectigo

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at