Cyber Crime and the small business: Denial of Service attacks
A recent report by the Federation of Small Businesses demonstrates the cost of cyber crime to small businesses. One revenue stream used by criminals is a very traditional nefarious activity, exported to the cyber world. They threaten to disrupt a website unless the victim pays a ‘fee’. Extortion in other words. What can the small business do to ensure they aren’t vulnerable to this sort of attack?
The first thing to say is that you should never pay. Report it to the police, through either the local force or Action Fraud.
Secondly, you need to be sure before anything like this happens that you are confident in your overall security, and know which bits of your revenue stream could be disrupted. In most cases the easy target for criminal is a website – denial of service attacks can take your website offline for extended periods (more on denial of service attacks in a future post). If your website is critical to your business then you need to take steps to make it tough to disrupt. Many hosting packages offer denial of service protection. It’s worth checking your terms of service and discussing the hosting options with your web hosting service. Additional denial of service protection can be bought from specialist provider, however it can be expensive.
If the worst does happen and you are subject to a denial of service attack there are some further pre-emptive measures you can take to mitigate the impact. You can engineer your website to make life harder for any potential criminal. Hosting large files, such as images, on third party providers like Google or Amazon cloud services distributes the bandwidth needed for your website to work.
Turning off functions like ‘search’ can help reduce the effectiveness of denial of service attacks and consider having a low graphics version of your site available to be used if required. Ensure you know who to call at your hosting provider if you do have any problems, and you have an idea of what steps they may be able to take to support you. It is much better to have this conversation before an attack happens. Finally you can consider buying insurance to cover lost revenue due to an attack.
Criminal attacks like this are unlikely to continue for extend periods or be of a significant scale. The perpetrators rely on target sites being fairly easy to disrupt. Preparing in advance will give you the confidence to stand up to extortion attempts.