Tech Talk / By Martha Knight

There is a niche market some of us service providers call SOHO, and a related one called SME. Small Office/Home Office, Small and Medium Enterprise.

Used to be SOHOs were very compact, often home-based, and consisted of just a few people. Some shifted into commercial office space or storefronts as they grew.

There was a tendency to look down on those businesses as less than substantial. But many SOHO and SME businesses do very well.

This market is an important one for VARs or Value Added Resellers. What the IT (Information Technology) department does in larger enterprises, SME outsources to service providing firms and to companies that market hardware, software and services, or solution providers.

Solutions and services include security or protection of communications against threats, and development, maintenance and protection of web presences and other online interaction.

These days almost every business, no matter how small, needs a website. There is a growing trend for the small business owner to set up and maintain his/her own site, or at least handle a lot of the effort.

And the current trend is for those small business websites to get hacked.

If small business owners think their little operations and relatively low traffic online presences are beneath the notice of cybercrooks and trolls, they are sadly mistaken. No site is too small to be exploited.  If a website is essential, website security is essential.

Small business are likely to set up a website and leave it alone, not adding content very often. The longer a site’s content management has been in use, the more likely it is to be using old code, containing known vulnerabilities. Outdated versions are spotted by the bad guys, easily enough.

Small businesses don’t allot much time to checking their websites. But hackers have automated their processes and are able to sniff for vulnerable sites all day and all night, week in and week out. The small site owner might check the traffic numbers and see an uptick. Oh, good! But those who watch these things for the industry have found that about seven percent of traffic to sites generally is attack traffic.

One scary stat is that if a site gets 100 unique visitors a day, it gets about two attacks every hour of every day. Obviously some of those unique visitors are attackers, and they attack repeatedly in that same day.

An typical attacker of your little site isn’t just looking for another site to compromise. It is looking for another site to utilize as an attack platform.

You probably have an ongoing awareness that there are crooks and phreaks and phishing schemes out there, because you see emails from them. These creeps want you to open their email attachments and click on their links. They invite you, an individual victim, to come to them.

But as maddeningly plentiful as the email nasties are, the modern, high-efficiency cybercriminal is more interested in hacking legitimate sites that will be visited by however many folks your site attracts.

Your site will be another place for the hacker to test a new exploit, or a place from which to end forth a botnet.

Your site will gather personally identifiable data from visitors. It may provide access to user passwords and profiles.

If the biggies, the household names among web presences, have been compromised and have suffered huge data losses, what makes us think we are too tough to be invaded? Some very big concerns have been blacklisted by Google. The social networking titans have been victimized, and had to confess that their defenses were breached and their members and users were betrayed.

Being hacked is bad for your online and business reputation, never doubt it. How did this happen to Microsoft, Apple, Facebook and Twitter? It did happen to them all, big time, last year, in “watering hole” attacks.

The thugs hacked into sites known to be visited by employees of those major companies.

More than half of small businesses maintain their own websites now. They want to save money, and take advantage of the tools and inexpensive services out there, saving fees in the process. But the wild west world of the worldwide web is a place where security is absolutely essential. You owe it to your business, to yourself and to your customers.

•    •    •

Speaking of security, do you remember when home security systems were being sold by people who would get referred to you by your friends or even slight acquaintances? The sales team would have someone send you a letter or postcard setting up the sales appointment.

Then the team would come by in the evening and show some of the components of the system, basically an exterior alarm bell and one or more control panels and a few hanks of bell wire.

The exterior alarm bell would alert the neighbors and maybe the entire community if an intruder gained entry—at least, the bell would sound as soon as someone pushed the intruder button at one of the panels. The bargain systems had just one such panel; thus it would be necessary to excuse oneself from the encounter with the intruder so as to go to that panel, typically in the master bedroom.

Now home security is much more convenient, and costs less too. There are companies like Simplisafe, AlarmShield, Oplink security and iSmartAlarm. Systems are wireless and battery supported. Some cost as little as $200. SimpliSafe boasts live monitoring and cellular backup, and recently added glass break sensors to its assortment of danger detection gear.

Alerts summon emergency and police agencies, and do not necessarily panic the neighbors. Absent residents or owners can be notified by cell phone.

Looks like a market with prospects for growth.