Cyber-criminals are increasingly aggressive about targeting businesses of every size. Even if your own company is a small one, hacking can cause serious reputation damage if you don’t take steps to protect it.
The real cost of hacking was made clear in a 2015 BBC report. Using data assembled by antivirus software company McAfee and Google, the report showed that every day sees roughly 2,000 seriousc launched across the globe. The total cost to the global economy on an annual basis is somewhere on the order of £300 billion.
Hacks and other cybersecurity threats are particularly serious for businesses that engage in e-commerce. ThreatMetrix, a technology security firm in California, tracked hacking attempts conducted against online retailers in 2015.
They found that in a single quarter (August to October), retailers had to contend with 45 million attempted hacks. The sheer scope of the problem is frightening. ThreatMetrix also asserts that the 2014 Christmas season subjected online retailers to 11.4 million fraudulent transactions.
When the world’s biggest companies have to deal with hacking, the subject often becomes internationally-significant news. Major hacks that wound up sparking headline attention include those carried out on JP Morgan Chase, eBay, Talk Talk, Ashley Madison, and many more.
The eBay hack, in particular, serves as a useful cautionary model for the risks facing any business that sells products online.
Hackers breached an eBay user database in 2014. This gave them access to full account details of some of the site’s 128 million active users, including the passwords necessary to access their eBay accounts. Once the story broke in the press, eBay had to scramble to deal with the negative hit to their reputation.
eBay took steps intended to mitigate the amount of damage. The most important one was a widespread password reset drive. The company took too long to implement this feature, though, resulting in even more damage to eBay’s consumer image.
As suggested above, cyber-crime is a problem for all online retailers, not just the global giants. Two-thirds of small and medium companies feel that their cybersecurity is lacking. This is an especially serious problem for firms that rely on online sales of their goods and services.
Beyond any specific threats arising from stolen data, hacking is a threat because it reduces the amount of trust your customers (both current and potential future ones) have in your brand. Public awareness that your site has been hacked may inspire customers not to trust you with their business. It becomes difficult or impossible to run an e-commerce site if your potential customers don’t feel comfortable giving you access to their payment information.
A business’s reputation hinges on trust according to Cormac Reynolds of VelSEOity.com, and that matters to online retailers just as much as those that operate face-to-face. Nielsen reports that fully 84 percent of all consumers will accept product and service recommendations they get from friends, relatives, and co-workers.
This matters in terms of online reputation because trust lost over hacking problems can snowball rapidly. If one customer decides to drop you because of hacking, sharing their experiences with others could further erode your customer base and make it harder to attract new business.
There are follow-up problems that can be caused by hacking that damage your reputation even more. A growing number of hackers are using their intrusions to install malware on a business’s computers.
If hackers infect your organization’s website, servers, or office computers with malware, all of your company’s information – and your customers’ information – could be at risk. Even worse, the malware within your system makes it dangerous for others to visit.
Google takes steps to slow the flow of malware, and these could have a disastrous effect on your online visibility. Sites that are known to be infected by malware will be blacklisted by Google. (Other search engines and even web browsers imposes malware blackouts, too.) Being blacklisted will render all the hard work you’ve done to optimize your search engine performance useless and make it much harder for potential customers to find you.
Keeping your company’s online presence secure against unauthorized breaches is both good ethics and good business. Here are some clear, simple steps you can take to protect your organization, your customers, and your reputation:
You must have the ability to control the server running your website. You need to be able to conduct regular PCI scans at an absolute minimum. This process will detect potential vulnerabilities in your site and take steps to correct them. Steer clear of hosting services that don’t give you this basic level of control.
There isn’t any good reason to record your customers’ personal payment information after their transactions are complete. Keeping such data around and then letting cyber-criminals steal it is the worst-case nightmare scenario of cybersecurity. Use trusted payment services (e.g. PayPal, Braintree) to keep this risk to a minimum.As this post from Barclay Simpson showcases – you need a security system fit for the future.
Employee and user passwords make some of the most tempting targets for cyber-criminals, and the amount of damage they can do with them is considerable. Take all the steps you can to maintain password security. Consider moving all of your employees to a secure password management system like LastPass.
Every member of your staff needs to have the right training to maximize cybersecurity. Your legal department needs to understand and police your obligations regarding customer data. Your IT department needs to be fully conversant in the latest threats and the best ways to oppose them. And everyone who uses your computers needs common-sense training in minimizing cyber-security risks.
A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors…
SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers…
The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious…
Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022…
CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building…
A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly…