Blog08 SPS TopSecurity

Top security threats to new and growing online businesses

Starting or growing a small business online can be difficult enough without having to worry about security threats on top of everything else. Unfortunately, if you want your burgeoning business to thrive, security is not something you can afford to neglect.

Many new and smaller businesses mistakenly believe they are relatively safe from cyber attacks, as they have less to offer cybercriminals compared to their larger counterparts. However, this is not the case, as small businesses account for 43% of all cyber breaches

Smaller businesses can actually be attractive targets to hackers because of:

  • Limited resources: small businesses may be unable to invest in robust security measures and dedicated security personnel.
  • Lack of security awareness: they may have less knowledge of cybersecurity best practices and the evolving threat landscape. 
  • Less comprehensive security infrastructure: they may lack the infrastructure needed to implement advanced security measures.

If you have a small business or plan to launch one, avoid becoming an easy target for cybercriminals by learning about the most common cyber attacks and how to combat them. And, as you’ll learn in this article, your website platform can play a more significant role than you may think. 

Top cyber security threats and how to combat them

Four of the main types of cyber security threats for businesses you should know about are:

  1. DDoS attacks
  2. Credential stuffing
  3. Data attacks
  4. Email phishing 

Let’s take a closer look at each and how you can prevent your small business from being impacted. 

DDoS attacks

Short for distributed denial-of-service, DDoS attacks involve flooding and overwhelming an online service, network, or server with Internet traffic to interrupt service for regular users. This can take your entire website offline for a period of time, impacting your business. 

These attacks are usually performed by botnets, a network of bots, interconnected computers, or Internet devices infected with malware. The attacker can control each bot remotely, and it can be difficult to distinguish DDoS traffic from normal traffic, as botnet traffic can look like regular traffic.

For total website protection against large or sophisticated attacks, you’ll need specialist technology, such as a content delivery network (CDN). CDNs are a widely used solution for preventing DDoS attacks. It’s a global network of servers that stores website resources, protecting the origin server from being flooded with illegitimate traffic.  

Protecting your domains and hosting

Beyond that, a good domain and hosting provider will have certain built-in protections to help protect servers on both the DNS and the hosting level. Helping to identify and filter attacks earlier. DNS-level protections should include:

  • DNSSEC: adds cryptographic signatures to DNS records for an extra layer of security.
  • DNS query-level protection: stops DNS servers from being overwhelmed by large volumes of DNS queries.

When you’re choosing a hosting provider, look out for server-level protections that help keep the service running and protect uptime like:

  1. Rate limiting
  2. Blackholing
  3. Intrusion detection and prevention system
  4. Web application firewall
  5. HTTP-sessions pattern analysis

Should the worst happen and your site is temporarily down due to a DDoS attack or any other reason, performing regular site backups will help get your website back up and running in no time. For added convenience, choose a hosting service that provides an automated service that will periodically do it all for you, so you don’t have to go through the hassle of doing it manually.

Credential stuffing

Credential stuffing is a type of brute force attack where fraudsters use usernames and passwords stolen from one website's breach to gain unauthorized access to other sites. On the user level, practicing good password hygiene is paramount to avoiding becoming a victim. Always use strong passwords, change them regularly, and never reuse them across different websites.

Beyond that, an ideal platform for your domain, hosting, or website will have two-factor authentication (2FA) available for implementation. Using 2FA provides an extra layer of protection whenever you access your account — for example, using your password and responding to a push notification on your phone. This way, if a fraudster does manage to figure out your password, they won’t be able to get past the second layer of protection.  

Even better is a platform that supports the use of passkeys. Passkeys are digital credentials used for passwordless authentication. They are created using encryption technology and are linked to your computer or phone. Because of this, they can’t be copied or stolen, so there’s no way for anyone but you to log in to an account using a passkey, unlike with a password. 

Data attacks

There has been a rising concern regarding data protection over the past few years, and with good reason. When sensitive data falls into the wrong hands, it can result in fraud, theft, and reputation damage. Ways to help protect data include antivirus and anti-malware software, solid password protection, and email security. However, a fundamental way to secure your site against data attacks is an SSL certificate, also known as a website security certificate. 

So, what is a website security certificate? It’s a digital certificate you can install on your server to encrypt the data transmitted between a user’s browser and your website. This means any data sent is protected from data attacks. This includes:

Data Interception (man-in-the-middle attacks): SSL encryption protects against eavesdropping by attackers attempting to intercept sensitive information, such as login credentials, payment details, or personal data.

Data Tampering: SSL certificates use cryptographic mechanisms to detect and prevent unauthorized modification or tampering of data while in transit. So attackers can’t change any data sent over a secure connection.

Phishing: SSL certificates help users identify legitimate websites, which is critical for small businesses as it reduces the risk of customers falling victim to phishing attacks when interacting with your site.

Since SSL certificates are a critical element of website security, make life easier (and cheaper) for yourself by choosing a hosting plan that comes with free SSLs as standard. They are out there.

Email phishing

Phishing is a security attack that’s been around for decades, increasing with the rise in popularity of the Internet. It’s a type of social engineering scam where the attacker (often posing as a legitimate company or institution) attempts to convince the victim to reveal sensitive information like their credentials or credit card details or download malware onto their device. 

There are countless types of phishing attacks, from vishing (voice phishing) to smishing (SMS phishing), but email phishing is still one of the most prominent. Knowing the signs of a phishing email, such as spelling errors, inconsistencies, and unusual requests, is vital. But it’s even better to cut off phishers at the source so such emails won’t be a blip on your radar. 

An email service with powerful anti-spam services is critical to this. It’s a crucial component of how email security works. You want to choose a professional email service with smart anti-spam software that protects your inbox from various threats, including phishing, and uses machine learning to get to know your preferences over time. 

You can also prevent phishers from even finding your contact information by getting free domain privacy (a service that comes for free if you register a domain with Spaceship). Usually, when you register a domain, your contact information is added to WHOIS, a directory of domain owners. 

Naturally, not everyone is comfortable with having their information available for everyone to find. Domain privacy will hide that information on the WHOIS register so nobody, particularly phishers, can find it and target you.

Choosing a platform that puts security first

Creating a robust security foundation for your small business website can be complex. However, you can make things easier by choosing a platform that offers the majority of the services we’ve discussed in one place. 

Spaceship comes with built-in DDoS protection, strong account security, free domain privacy, and free SSL certificates, while Spacemail has robust email security with anti-spam and phishing protection. Connecting every tool and service to your hosting is as simple as possible so you can give your full attention to growing your digital future, safe in the knowledge that your security has been taken care of. Check out our Security page to find out more. 

Profile picture of Cora Quigley

Cora Quigley

Cora is a digital copywriter for Spaceship.
More articles by Cora Quigley