Web security is an investment small business owners cannot afford to overlook

By Patricia Mirasol

With digital tools at their fingertips, one in three employed Filipinos have started side hustles due to the pandemic, as per data from GoDaddy, a global domain registrar and web hosting company. It offered cyber hygiene tips for the three-fourths of small and medium businesses that its data also confirmed do not know how to protect themselves against cyberthreats.

“The moment [your business] goes online is the moment you need to invest in security,” said Norman Barrientos, GoDaddy’s director of marketing for Southeast Asia. Bad actors, he told the audience of a Dec. 9 event on the topic, do not discriminate in terms of what type of business you have.

“Invest in your business the same way you invest in yourself. Security is one way to do so,” Mr. Barrientos said.

In May 2020, 9,692 new business names were registered under internet retail — nearly 450% higher than the January to mid-March registrations. COVID-19 triggered the acceleration of e-commerce, and also of a rising cybercrime economy.

Business owners are cognizant of that fact, with GoDaddy’s 2021 website security survey finding that a majority of its customers believe phishing (90%) and malware (91%) pose the biggest threats to small businesses. The former is a social engineering scam that tricks individuals into sharing sensitive data. The latter is a malicious type of software designed to harm a device or network.

Among the results of an online business falling prey to hackers is loss of revenue and damage to reputation, said Jade Christian Tamboon, a trainer at GoDaddy.

“The holiday season is not the time to have a security breach,” Mr. Tamboon said at the Dec. 9 event. “Let’s prepare ourselves.”

For the 78% of business owners the aforementioned survey found to have also researched website protection solutions, Mr. Tamboon offered the following recommendations:

Password security – the longer the password, the better. Non-English words also work, since malware will always use words from major languages first when cracking codes. To protect the rest of an individual’s accounts in case one gets compromised, different passwords should be used for different accounts.
Two-factor authentication – an extra layer of protection, beyond a password, that ensures that only one individual can successfully log in a specific account. This additional verification step could be done through a fingerprint scan, or a one-time code sent to a registered mobile number.
SSL and encryption – a SSL (or secure socket layer) certification that authenticates a website’s identity, enables an encrypted connection, and establishes trust among customers because of visual cues, like a green padlock, that connote website security.
Firewall and backup services – a firewall helps block malware by filtering incoming and outgoing network traffic, whereas backup services get a site up and running again because all the important data has been saved.
Social media accounts – be circumspect about logging in on websites through social media accounts. Websites that have access to one’s social media accounts have access to one’s personal data and, by extension, one’s customers’ data.

“Update your passwords and software periodically,” Mr. Tamboon added. “It’s harder to open the door if the lock keeps on changing.”