A programer shows a sample of a ransomware cyberattack on a laptop in Taipei, Taiwan, 13 May, 2017. (EPA/Ritchie B. Tongo)

If you’re running a small or medium-sized business your website is likely under attack — and it could lead to some very bad things.

A new report from security firm Sitelock has revealed that the typical small business website is attacked 44 times a day and software “bots” are visiting these sites globally an average of 152 million times a week.

The report, based on the company’s analysis of more than six million websites during the last quarter of 2017, found bots, malware, backdoors, and other malicious software on so many of these sites that the company estimated that more than 18.5 million websites are infected at any given moment.

WordPress is the most popular platform for hosting sites (like my own company) which means that it’s a very popular target for hackers too. If your WordPress site runs anywhere from one to nine plugins (a common piece of software that provides more functionality) then the Sitelock report found that you’re twice as vulnerable of being attacked as compared to non-WordPress sites and that just updating WordPress’s software isn’t enough — you have to make sure you’re updating the plugins too.

Why do we even care? It’s because if our website is hacked by malicious software then it’s possible that our internal systems connected to it could be vulnerable to ransomware and other attacks. Just as concerning, infected sites can launch unwanted ads or download malicious software and viruses to unsuspecting visitors who click on links — and that’s not going to go over very well with our prospects and customers who visit us online!
Unfortunately, most small business owners either aren’t aware of these issues or don’t spend enough on the right security software and training to minimize these problems.

“Small and medium-size businesses typically have fewer resources (e.g., money as well as knowledgeable people) to secure their IT infrastructure as well as maintain a good backup strategy,” Engin Kirda, professor of computer science at Northeastern University, told TechRepublic. “Hence, whenever a ransomware attack happens, they often end up having to pay the ransom to rescue their data.”