If you are running a business website then you should be prepared for an online threat, the case when your Website is hacked and the customer data is exposed. You may be also thinking whether you will be held liable in these cases or not. This is an era when data breaches happen quite often and these have serious implications.
If you think that you are running a small business and the chances of your website getting hacked is minimal then this is not the truth. Many surveys by information security research firms found that more than 50% of small businesses had experienced a data breach and many of them reported multiple invasions.
How Does A Website Get Hacked?
Before going into more deeper, let’s discuss how websites get hacked. The websites get hacked in one of the below four ways:
1. Access Control
Access control is related to how we log into our environments that can be either the admin panel of our platform or the servers and hosts. Hackers generally use brute force attack which is a trial and error method to obtain username and password to log into your site’s hosting panel or server. Brute Force attacks use automated software to create large number of consecutive guesses to log into the server.
2. Poorly Managed Environments
This can happen if you purchase a website hosting account with a company that has hundreds of sites installed and the site owners don’t employ any website management principles i.e. they don’t go for regular updates and backups of the sites and softwares installed on the server.
3. Software Vulnerabilities
Hackers can also exploit the software vulnerabilities which are software bugs or holes in the website. Bugs arise in the code as it is created by humans and there are always chances of committing a mistake.
4. Third-Party Integrations
Third party software integrations are very common in today’s website environment. Some of the popular such software are Content Management Systems (CMS) such as WordPress, Drupal and Joomla. If there is an exploitation of the third party integrations and services then it is beyond the control of website owner’s ability. Advertising networks also present problems. The hackers can abuse the ad networks businesses use on their sites.
How To Prevent Your Site From Being Hacked?
Below are four steps you can take to prevent your website from being hacked. Of course, there is no guarantee that your site will never be hacked but at least these steps will reduce the risk.
1. Include 2-Step Authentication
Two-step Authentication is a security process in which the user provides two means and steps of identification. For example many websitesand service providers require a user name, password and mobile OTP or security code in order to login into the account. Google provides this 2-step authentication which is very useful for users to secure their accounts. If your website is WordPress based then you can install the free Google Authenticator plugin for two-factor authentication.
2. Use Firewall And Anti-Virus
This will help your website to prevent attacks against any software vulnerability. There are many famous security companies offering reliable website firewalls and anti-virus solutions which you can use. For example, you can use Norton, Kaspersky or F-Secure to protect your website. If you are running Windows OS then Windows Defender is the best firewall to use. If your website is done on Word Press you should install the popular WordFence plugin.
3. Backup Your Website’s Content
Some of the content management systems like have inbuilt backup capabilities. If your CMS doesn’t offer backup feature then the your hosting service provider can help you in this regard. Most of the website hosting companies offer website backup services. There are also several good free, and paid backup software and plugins available.
4. Register With Search Engine Webmaster Tools
Major search engines such as Google and Bing have webmaster tools that can help you by telling the health of your website with possible vulnerabilities. Check out the Google Search Console or the Bing Webmaster Tools.
Some Important Technical Suggestions To Do To Safeguard Your Website
Turn On Your System Logs
System logs tell you about the access and usage of your IT system. Logs will allow your IT staff to look for any one time or continuous security attack attempts, which if detected on time can prevent the breach before it happens. Even if you don’t regularly monitor your logs, they will let you understand how breaches occurred and to find out what data has been compromised.
Encrypt All Of Your Sensitive Data
Data encryption is a one time, relatively inexpensive and worth to do job in case you suspect a data breach in future. If after a breach you say “The data was encrypted and no sensitive data was compromised”, it will be a great relief for all.
Perform A Vulnerability Scan On Your Website
Review all of your websites and secure them against web application attacks. This job can be done by taking help from a web application security firm. You can also run a free online security check such as the Sucuri Site Check or the Mozilla Observatory for starters.
Install Virus And Malware Prevention In Your Organization
Malware is a problem for home as well as business computers. A malware infected computer can be the gateway through which hackers can gain access. You can use the free cWatch website malware removal tool to remove any malware.
Take A Cyber Insurance
Although cyber insurance is not well understood and least used means of protection remember when your IT environment will be breached regardless of your digital security efforts, this will save your day. Hence you should cover your bets with cyber insurance.
What Is Your Liability If Your Customer Data Is Breached?
There is no clear answer to this question. Some say that the company holding the information is liable while others say that the customer has the responsibility. Experts says that if hackers accessed information through your company’s online website then it is most likely that you would be held responsible. Although everyone including businesses and consumers – has the responsibility to protect the sensitive information.
Small businesses running an e-commerce site should comply with the Payment Card Industry Data Security Standard (PCI DSS). It is a regulation that can create problem if you are compromised and you are the reason for credit card data being stolen. Customers expect and demand a safe online experience when they come to your website. Customers trust your website, your brand hence you should take care should not break their trust.
Now we are seeing the rise in the cybercrime from hackers. They want the sensitive information to sell to identity thieves or use themselves.
What about the legal consequence to businesses that are victim to these hacking attacks? Whether they have a responsibility to protect the information and if yes then what is the extent of that responsibility?
The answer is it depends. If it is not clearly liability but there is responsibility. Most of this liability has applied to the large corporations but if you run a small business most of the same laws would apply.
What To Do If Your Website Is Hacked?
If your website gets hacked then you need to follow the proper procedure to prevent further security breaches and minimize your liability.
1. Don’t Panic And Hire Legal Representative
You should hire a legal representative as soon as possible as they can advise you on the best thing to do, – and don’t panic!
2. Review Your System Logs
Try to understand the type of breach by reviewing your system logs to check what data has been compromised. You should know what you have to deal with in order to fix it fast.
3. Repair Your Systems
Don’t release information about a breach before you thoroughly check and know what type of breach it is if any of your customers are affected. Otherwise your customers will panic. Make sure that you fix your system as fast as possible and check it for other issues and weaknesses.
4. Inform The Appropriate Financial And Legal Entities
Also you should notify all the appropriate financial and legal organizations of the breach as soon as possible. Some business sectors have strict protocols regarding the reporting of security breaches hence if you found to be covering up the information then it can worsen the situation.
5. Inform Your Users And/Or Customers
As soon as you have checked initial things, inform your users of the breach. This is required by law in most countries.
6. Call Your Insurance Company
Finally, contact your insurance company to find out if you are covered for any of the expenses relating to the breach. If not, perhaps it’s time to renew your policy?
Conclusion
Technology is improving and penetrating deep into our society at enormous speed and a great number of businesses are now working online. Cyberattacks can become a greater problem in coming future; not only the volume of cyberattacks will increase but the sophistication of the techniques used will also increase. If your website is hacked using correct and proper procedures you can protect your business and customers.
[Recommended reading: How To Protect Your Personal Information When Using Social Media?]
Note from Editor: Nothing in this article shall be considered legal advice. Social Media Revolver and/or the author are not liable for any damages that may occur to you as a result of your misuse.
[Image credits – Main Photo by cottonbro from Pexels; other images, videos, infographics or screen prints are from their respective websites and/or social platforms]
Alex Jones is a WordPress Developer associated with Wordprax Ltd and provides PSD to WordPress theme conversion services along with her team of developers. She is also a passionate writer and loves to write articles and blog posts on WordPress, Technology, Trends etc.