As a small business, it's easy to believe you fly under the radar from cybercriminals. Unfortunately, that's not the case as no company or website is too small to be hacked.

SiteLock data from Q2 2018 indicates that websites are targeted by an average of 58 attacks every day and more than 70 percent of cyberattacks target small to medium-sized businesses (SMBs), according to the National Cyber Security Alliance.

As the threat landscape continues to evolve at a rapid pace, you must be proactive when it comes to protecting your online presence. After all, your website is the face of your brand and often a primary revenue channel. Website malware remains a significant challenge for small businesses, because it is a primary vector for cybercriminals to steal data, such as customer information, supplier information, or intellectual property.

It's also an outlet for hackers to launch cryptomining activity, or redirect website visitors to external, malicious sites. Even worse, website malware can affect your website's performance and search engine visibility, which directly impacts your bottom line.

In order to ensure minimal downtime or negative impact to your business, it's important to stay ahead of the game and be prepared. Below are the top two biggest malware threats small businesses could face in 2019. 

1. Backdoors

According to the SiteLock Website Security Insider Q2 2018, the amount of "tried and true" website malware--backdoors and defacements--has held steady since Q1 2018. This isn't particularly surprising since cybercriminals use tactics that are proven to work, continuously updating and automating them to increase their efficiency and effectiveness. Although the volume of malware held steady, the attacks became sneakier.

For example, backdoors are increasingly used to upload cryptominers for launching cryptojacking attacks. These attacks break into your website or web server network, install cryptomining software and steal computing processing power from visitors. Cryptojacking is completely symptomless to the website owner, which is why this stealthy attack is becoming a favorite weapon of cybercriminals. According to the Trend Micro 2018 Midyear Security Roundup, there was a 141 percent increase in cryptomining detections during the first six months of 2018.

2. SEO Spam

SEO spam is another serious threat. This malicious software is installed on web servers to modify or create web pages that serve the spammer's purposes. For example, spammers might want to improve SEO rankings for certain sites or damage a competitor's SEO rankings. They can post thousands of bad links in website forums or comment sections connecting to an external website. Large numbers of links to that page increases its search ranking. A spam attack kit that plants SEO spam techniques on your site can invoke spam penalties from search engines, damage your search engine results and affect your revenue. To make matters worse, SEO spam kits are delivered by bots--automated software applications that usually aim to gain control over a computer.

It may surprise you to learn that there are more bots in website traffic than actual humans. In fact, according to SiteLock data, a stunning 60 percent of all website traffic comes from internet bots, many of which are malicious. Bots can slow website performance, creating frustration or abandonment by customers. They can also scrape and distribute your unique content or steal competitive information, such as pricing, to undercut your business. In addition, bots can be used to load backdoor files to launch future attacks designed to help them gain a foothold in your network.

How to Protect Yourself

Cybercriminals have continually exploited technology advances for nefarious purposes--and this practice will continue. As attacks become faster, more automated and elusive, proactive protection is critical to protect your business. Luckily, there are some simple ways to defend your website against hackers.

  1. Find and remove buried malicious content by using a file-based inside-out malware scanner, which accesses your website code and scans every directory for malicious, suspicious, and changed content. The most efficient and effective malware scanners will also automatically remove malware upon detection
  2. Fight back against automated bots by implementing a web application firewall (WAF). Settings can be easily customized to blacklist known malicious bots, suspicious bots, and attackers from known hostile countries. Within minutes, a WAF will protect your site against evolving and automated attacks.

If you haven't proactively taken steps to protect your website, now is the time. If you have, review defenses to ensure that you have maximum protection against these threats. Don't let website malware take you by surprise this year.

Published on: Jan 14, 2019
The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.