Running a website: The security risks
For all its benefits, a website can also open your business up to criminals
A website is an essential tool for any business that seriously wants to succeed in today’s global economy. A website allows you to display your products and services to millions of customers 24 hours a day.
But a website isn’t necessarily a one-way street. It can also open the window to the heart of your company – the network, including the storage facilities that hold its data files, its most priceless asset. Lax security that enables hackers to break in can lead to embarrassment, a waste of time and money. And in extreme cases the collapse of the business.
And it’s not only high-profileg sites that attract attention. “You may not be the size of the Microsoft or the Pentagon, so you may think you are not on the hacker’s radar,” says Anna Focks from Watch Guard Technologies, which supplies security products for small businesses.
“But hackers are far more likely to succeed with an unprotected new arrival than with large organisations, which sometimes have resources equivalent to the yearly budget of a small country.”
What can go wrong?
A security breach can paralyse an entire network in a matter of minutes, as several high profile brands have discovered to their cost. The financial cost of putting matters right can be very high. In addition, the impact on customer confidence can result in a severely damaged business reputation, taking months or years to reverse.
“There are some quite scary scenarios,” says Mark Brindle, vice president of technology at FrontRunner, a supplier of telecoms infrastructure. “Your website may be taken over by someone with malicious intent. They may remove or obscure your content, and replace it with insults, pornography, racial slurs or allegedly political material.
“You might not know immediately that this has happened though, and imagine the damage to your online reputation such a security breach could cause.”
As well as spreading abusive graffiti, hackers can alter catalogue details and prices, or steal all the customer details, including their home addresses and sensitive information such as medical treatments. Apart from the embarrassment to your brand, this would be in direct contravention of the data protection regulations, and could lead to prosecution and fines.
Hackers often seek connection bandwidth, because this can be used to damage other businesses in so-called ‘distributed denial of service attacks’. These involve numerous computers bombarding an internet server with data, overloading it and causing it to stall or crash.
It’s not that long ago that a major attack on Yahoo!, CNN, eBay and other major sites was carried out by a teenage hacker employing dozens of other computers, many of which belonged to innocent small and home-based businesses.
In the worst case hackers can get hold of customers’ credit card details, in which case the bank that handles transactions could withdraw and the site owner could be liable for the debts. A fraudulent credit card charge leaves the holder only liable for £50 or so while an improper business to business transaction could bankrupt a company.
Credit card criminals are increasingly turning their attention to smaller e-commerce sites, using stolen credit cards to buy goods online, so you have to have the right level of security in place.
Lax security that enables hackers to break in can lead to embarrassment, a waste of time and money.