When you think of a website being hacked, you probably imagine consequences like identity theft, financial losses, or theft of proprietary information.
It’s true that these are all valid threats, but there is one more threat that is equally important–and is commonly overlooked. If an attack on your business affects your clients, you could be at risk of reputational damage that’s harder to repair than a broken egg.
Although a recent survey by DC-based ratings and reviews firm Clutch found that 54% of website managers believe they have not been subject to an attack, I would caution that many attacks succeed because they go unnoticed.
We’re continually monitoring methods hackers might use to attack your clients through your business, identifying countermeasures, and developing solid website security plan to limit reputational damage.
We all want to protect our own websites. But what most don’t realize is that hackers could actually do minimal damage to your website while phishing for information that can be used in an attack against your clients.
As an example, let’s say you have a website for your construction company and have integrated Google suite for your small team of employees. You have a small business and fewer than 20 employees; why would a hacker care about your company?
Now imagine that your construction company has a contract with the Department of Defense for a new building. Hackers might not be interested in attacking your small business–but they might be very interested in having access to the Department of Defense’s security plans and financial information.
But how can hackers get to your clients in the first place? One common method is to gain access to your company’s email and use fraudulent emails in a phishing scheme, getting your client to give up sensitive information.
Hackers could spend weeks or even months observing emails among you and your clients before choosing a moment to strike. Worst of all, you might never realize they are there.
Let’s go back to our example of the construction company. Hackers could notice that your construction company corresponds with the same individual in the Department of Defense’s finance office when payments for construction services are due. They might see an out of office notification or an email mentioning that the Department of Defense’s employee has a vacation planned.
With another employee temporarily covering the position, hackers might exploit their lack of familiarity by sending an invoice from an email appearing to come from your construction office. Within hours, the money could be siphoned into hackers’ pockets.
Among companies surveyed by Clutch who reported experiencing security liabilities, email phishing attacks were the most common, affecting nearly one-third of websites (30%).
Although this scenario is frightening, by demonstrating that you take the website security plan seriously and have a strategy in place, you can help mitigate some of the reputational damage.
If one of these attacks occurs, it could take some time for clients to connect the problem to your website. Before this type of disaster ever strikes, you’ll want to have a website security plan in place.
The best plan is to be proactive about your security procedures. Having a robust website security plan can help you to earn your client’s trust back more quickly should hackers strike.
Some elements of a strong website security plan include:
Vetting plugins carefully
Updating all software and applications regularly
Implementing two-factor authentication when possible
Holding regular training sessions to educate your employees about security
Having a rapid response plan in place
Performing (and documenting) regular cybersecurity audits
No business is completely hack-proof, but having website security plans and procedures built into your budget and company culture can go a long way in limiting reputational damage in the event that one of your clients is targeted.
At DOOR3, we create an actionable and comprehensive website security plan aimed at improving the website’s overall compliance or security.
When is a spreadsheet more than a spreadsheet? When coding with Google Apps Script turns it into a dynamic dashboard. In my last blog post, I talked about how we...
Project managers are the unsung heroes of the development process. There’s so much more to shepherding a project to launch than just keeping the trains on schedule. Each role, from...