When you think of a website being hacked, you probably imagine consequences like identity theft, financial losses, or theft of proprietary information.
It’s true that these are all valid threats, but there is one more threat that is equally important--and is commonly overlooked. If an attack on your business affects your clients, you could be at risk of reputational damage that’s harder to repair than a broken egg.
Although a recent survey by DC-based ratings and reviews firm Clutch found that 54% of website managers believe they have not been subject to an attack, I would caution that many attacks succeed because they go unnoticed.
We’re continually monitoring methods hackers might use attack your clients through your business, identifying countermeasures, and developing ways to limit reputational damage should an attack succeed.
How Hackers Might Target Your Clients
We all want to protect our own websites. But what most don’t realize is that hackers could actually do minimal damage to your website while phishing for information that can be used in an attack against your clients.
As an example, let’s say you have a website for your construction company and have integrated Google suite for your small team of employees. You have a small business and fewer than 20 employees; why would a hacker care about your company?
Now imagine that your construction company has a contract with the Department of Defense for a new building. Hackers might not be interested in attacking your small business--but they might be very interested in having access to the Department of Defense’s security plans and financial information.
Your Email Could be Used in a Phishing Scheme
But how can hackers get to your clients in the first place? One common method is to gain access to your company’s email and use fraudulent emails in a phishing scheme, getting your client to give up sensitive information.
Hackers could spend weeks or even months observing emails among you and your clients before choosing a moment to strike. Worst of all, you might never realize they are there.
Let’s go back to our example of the construction company. Hackers could notice that your construction company corresponds with the same individual in the Department of Defense’s finance office when payments for construction services are due. They might see an out of office notification or an email mentioning that the Department of Defense’s employee has a vacation planned.
With another employee temporarily covering the position, hackers might exploit their lack of familiarity by sending an invoice from an email appearing to come from your construction office. Within hours, the money could be siphoned into hackers’ pockets.
Among companies surveyed by Clutch who reported experiencing security liabilities, email phishing attacks were the most common, affecting nearly one-third of websites (30%).
The Key to Limiting Reputational Damage
Although this scenario is frightening, by demonstrating that you take security seriously and have a strategy in place, you can help mitigate some of the reputational damage.
If one of these attacks occurs, it could take some time for clients to connect the problem to your website. Before this type of disaster ever strikes, you’ll want to have a plan in place.
The best plan is to be proactive about your security procedures. Having a robust security strategy can help you to earn your client’s trust back more quickly should hackers strike.
Some elements of a strong security plan include:
- Vetting plugins carefully
- Updating all software and applications regularly
- Implementing two-factor authentication when possible
- Holding regular training sessions to educate your employees about security
- Having a rapid response plan in place
- Performing (and documenting) regular cybersecurity audits
No business is completely hack-proof, but having security procedures built into your budget and company culture can go a long way in limiting reputational damage in the event that one of your clients is targeted.