When you are first setting up a website for your business, the things you worry about most are probably getting your company name and contact info right. After that, you might consider adding some useful content and optimizing your site for search engines. It may never even occur to you to worry about cybersecurity. Unfortunately, that is the case with too many companies, and the results have often proved disastrous.
There are two broad types of cyberattacks: 1) data security breaches, and 2) sabotage. The first is where customer data and/or financial information, intellectual property, or trade secrets are stolen; the second is where hackers enter a system and perform acts such as damaging the technological infrastructure, disabling systems, or posting embarrassing or malicious information on the company website. The main reasons why cybersecurity is crucial for your website are discussed in the sections below.
A 2015 Global Risks report found that nearly 90 percent of companies around the world realize that they have not taken sufficient steps to defend against a cyberattack. The global costs of such attacks are estimated to be a staggering US$400 billion every year. Moreover, in 2013 alone, approximately 3,000 U.S. companies suffered some type of cyberattack that compromised their systems. Target and Home Depot are among the higher profile companies that have lost customer and credit card data.
According to research, 37.5 percent of cybersecurity incidents involve financial losses; these costs can have real, long-term damaging consequences. The theft of organizational or client funds could put your company at risk of going out of business. This makes your website’s cybersecurity an immediate and imperative concern.
Public Relations Nightmare
In addition to immediate financial loss, your company could also suffer a PR nightmare, including public humiliation and the resultant financial costs that come with it. For instance, the loss of public trust could be devastating if your clients decide to switch to your competitors who have more secure infrastructures.
Moreover, a breach could lead to the revelation of embarrassing or scandalous information that could have financial repercussions itself. Because of the potential for embarrassment and further financial costs, many companies choose to hide from the public that a breach occurred. Unfortunately, this is a vicious cycle that results in additional problems. If you don’t fess up, how do you explain the original loss? And if you eventually admit to the breach and your initial cover-up attempt, that would probably damage your company even more.
To avoid a public relations nightmare, put cybersecurity at the top of your to-do list; and if you do get breached, be honest with your customers and make amends.
Loss of Revenue During Shutdown
If you suffer a breach, you may find you have to shut down your business (or at least your website) to make necessary repairs, reorganize files, and re-secure your site. This could take days or even weeks. Are you prepared for such a shutdown? Could your company survive the loss of income for such a period?
Even if such a shutdown would not cripple your organization, it would certainly waste time and divert resources away from where they are needed. Renewing your focus on “upfront” cybersecurity could save you from having to endure a situation like this after-the-fact.
In addition to the initial losses and the costs mentioned above, a cyberattack can result in huge legal costs that could threaten your organization’s very existence. You could be liable for regulatory fines, negligence claims, and breaches of contract resulting from the loss of funds or sensitive data. Even if you are found not to be at fault—possible, but not likely—you will still face the costs associated with mounting a vigorous defense; lawyer fees alone could cripple your business. Worst-case scenario: an extreme cyberattack runs you out of business completely, not to mention how much harder it would be to start a new business with that in your track record.
Fancier Websites, More Vulnerabilities
As web users’ sensibilities evolve and become more sophisticated, they expect websites to offer the most current information, the best entertainment, the fastest page loads, and the most cutting-edge technologies and beautiful designs. This results in vast, elaborate websites that provide hackers with multiple points of entry and attack. This is particularly true on mobile apps and mobile-friendly sites, since users may be less careful of their information while on-the-go. Public Wi-Fi is much less secure than home or office networks, though many users don’t give that a second thought. (Tip: Avoid doing mobile banking or other sensitive e-commerce activities while on insecure public Wi-Fi; save it for when you’re at home, or use your carrier’s secure data plan.)
Thus, the larger and more complex your site, the more vulnerable it is to a cyberattack. Don’t take risks with your company’s future. Be sure to make cybersecurity a priority.
As businesses increasingly conduct business abroad—especially in countries with less stringent regulations and weaker degrees of cybersecurity—it makes them more vulnerable to international attacks. There are dozens of known international hacker and “hacktivist” groups (most famously, Anonymous), not to mention thousands of independent cyber-criminals operating around the world.
Perhaps even more notable, many countries now also have dedicated cyberwar units in their militaries, though they are often much less publicized. Back in 2010, the Economist wrote, “after land, sea, air and space, warfare has entered the fifth domain: cyberspace. President Barack Obama has declared America’s digital infrastructure to be a ‘strategic national asset.’” So as threats multiply and become more sophisticated, your cybersecurity measures have to evolve as well.
What You Can Do to Prevent Cyberattacks
As is clear from the sections above, the risk of cyberattack is real and has serious consequences. It can lead to financial loss as well as terrible public relations problems that could lead to further losses. Moreover, a cyberattack could shut down your business (temporarily or permanently) and result in loss of income while you re-secure your site and system. It could also leave you liable for costly legal expenses. Remember that larger websites are more vulnerable to attacks, and organizations that do business internationally are vulnerable to international cybercriminals.
To prevent a breach, you can hire a qualified security assessor (QSA) to perform a cybersecurity audit on your website and information architecture. Additionally, have an auditor approved by the Payment Card Industry Security Standards Council (PCI SSC) perform an audit on your credit card data system.
Internally, you should schedule strategy meetings with your executive and security teams to brainstorm security measures and ensure cross-departmental cooperation and enforcement.
Sean Huang is a Business Analyst at Clutch responsible for research and analysis of web design agencies. He is a lifelong native of Maryland and earned his BS in Foreign Service from Georgetown University. In his free time, Sean enjoys playing pool, bartending, and exploring the outdoors.