Thursday, December 19, 2024
HomeCyber AttackThe Threat Hacking Poses To Your Business's Reputation

The Threat Hacking Poses To Your Business’s Reputation

Published on

SIEM as a Service

Cyber-criminals are increasingly aggressive about targeting businesses of every size. Even if your own company is a small one, hacking can cause serious reputation damage if you don’t take steps to protect it.

The real cost of hacking was made clear in a 2015 BBC report. Using data assembled by antivirus software company McAfee and Google, the report showed that every day sees roughly 2,000 seriousc launched across the globe. The total cost to the global economy on an annual basis is somewhere on the order of ÂŁ300 billion.

Hacks and other cybersecurity threats are particularly serious for businesses that engage in e-commerce. ThreatMetrix, a technology security firm in California, tracked hacking attempts conducted against online retailers in 2015.

- Advertisement - SIEM as a Service

They found that in a single quarter (August to October), retailers had to contend with 45 million attempted hacks. The sheer scope of the problem is frightening. ThreatMetrix also asserts that the 2014 Christmas season subjected online retailers to 11.4 million fraudulent transactions.

When the world’s biggest companies have to deal with hacking, the subject often becomes internationally-significant news. Major hacks that wound up sparking headline attention include those carried out on JP Morgan Chase, eBay, Talk Talk, Ashley Madison, and many more.

The eBay hack, in particular, serves as a useful cautionary model for the risks facing any business that sells products online.

Hackers breached an eBay user database in 2014. This gave them access to full account details of some of the site’s 128 million active users, including the passwords necessary to access their eBay accounts. Once the story broke in the press, eBay had to scramble to deal with the negative hit to their reputation.

eBay took steps intended to mitigate the amount of damage. The most important one was a widespread password reset drive. The company took too long to implement this feature, though, resulting in even more damage to eBay’s consumer image.

As suggested above, cyber-crime is a problem for all online retailers, not just the global giants. Two-thirds of small and medium companies feel that their cybersecurity is lacking. This is an especially serious problem for firms that rely on online sales of their goods and services.

Beyond any specific threats arising from stolen data, hacking is a threat because it reduces the amount of trust your customers (both current and potential future ones) have in your brand. Public awareness that your site has been hacked may inspire customers not to trust you with their business. It becomes difficult or impossible to run an e-commerce site if your potential customers don’t feel comfortable giving you access to their payment information.

A business’s reputation hinges on trust according to Cormac Reynolds of VelSEOity.com, and that matters to online retailers just as much as those that operate face-to-face. Nielsen reports that fully 84 percent of all consumers will accept product and service recommendations they get from friends, relatives, and co-workers.

This matters in terms of online reputation because trust lost over hacking problems can snowball rapidly. If one customer decides to drop you because of hacking, sharing their experiences with others could further erode your customer base and make it harder to attract new business.

There are follow-up problems that can be caused by hacking that damage your reputation even more. A growing number of hackers are using their intrusions to install malware on a business’s computers.

If hackers infect your organization’s website, servers, or office computers with malware, all of your company’s information – and your customers’ information – could be at risk. Even worse, the malware within your system makes it dangerous for others to visit.

Google takes steps to slow the flow of malware, and these could have a disastrous effect on your online visibility. Sites that are known to be infected by malware will be blacklisted by Google. (Other search engines and even web browsers imposes malware blackouts, too.) Being blacklisted will render all the hard work you’ve done to optimize your search engine performance useless and make it much harder for potential customers to find you.

Basic Security Tips

Keeping your company’s online presence secure against unauthorized breaches is both good ethics and good business. Here are some clear, simple steps you can take to protect your organization, your customers, and your reputation:

Secure Your Server

You must have the ability to control the server running your website. You need to be able to conduct regular PCI scans at an absolute minimum. This process will detect potential vulnerabilities in your site and take steps to correct them. Steer clear of hosting services that don’t give you this basic level of control.

Purge Payment Data After Use

There isn’t any good reason to record your customers’ personal payment information after their transactions are complete. Keeping such data around and then letting cyber-criminals steal it is the worst-case nightmare scenario of cybersecurity. Use trusted payment services (e.g. PayPal, Braintree) to keep this risk to a minimum.As this post from Barclay Simpson showcases – you need a security system fit for the future.

Protect Passwords

Employee and user passwords make some of the most tempting targets for cyber-criminals, and the amount of damage they can do with them is considerable. Take all the steps you can to maintain password security. Consider moving all of your employees to a secure password management system like LastPass.

Train Your Team

Every member of your staff needs to have the right training to maximize cybersecurity. Your legal department needs to understand and police your obligations regarding customer data. Your IT department needs to be fully conversant in the latest threats and the best ways to oppose them. And everyone who uses your computers needs common-sense training in minimizing cyber-security risks.

Latest articles

Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware

Through the use of XLoader and impersonating SharePoint notifications, researchers were able to identify...

Malicious Supply Chain Attacking Moving From npm Community To VSCode Marketplace

Researchers have identified a rise in malicious activity on the VSCode Marketplace, highlighting the...

Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload

TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email...

BADBOX Botnet Hacked 74,000 Android Devices With Customizable Remote Codes

BADBOX is a cybercriminal operation infecting Android devices like TV boxes and smartphones with...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload

TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email...

RiseLoader Attack Windows By Employed A VMProtect To Drop Multiple Malware Families

RiseLoader, a new malware family discovered in October 2024, leverages a custom TCP-based binary...

Malicious ESLint Package Let Attackers Steal Data And Inject Remote Code

Cybercriminals exploited typosquatting to deploy a malicious npm package, `@typescript_eslinter/eslint`, targeting developers seeking the...