How Secure Is Your Website?

Website security has been a prominent theme of news stories over the past two weeks and has prompted a number of discussions in the Cargo studio.

TalkTalk, Vodafone, Marks & Spencer, and British Gas had breaches that left customer data either exposed accidentally or accessed illegally.

While they are unfortunate, it is not entirely surprising that these incidents took place. As technology becomes more complex and changes at a more rapid pace, it is difficult to keep up to date with the latest security measures, often leaving websites more vulnerable than ever before. It is easy to think nothing of cyber security until it affects your website and the damage has already been done.

What happened?

While customer data was exposed in these incidents, the nature of the how the data was exposed is not the same. TalkTalk and Vodafone were the victims of intentional cybercrime, while it was internal glitches that exposed customer data on the Marks & Spencer and British Gaswebsites.

Hacking is becoming a more accessible channel for criminals. At one time, hacking was for the experienced coders only; the easy access and sharing of information on the Internet has made it easier to be a hacker. In the TalkTalk case, individuals as young as 15 have been charged in connection with the sustained attack on the website.

Neither situation is ideal but according to the Online Trust Alliance up to 90% of data breaches in the first half of 2014 could have been prevented if businesses had implemented more thorough cyber security policies and practices. Hacking cannot be 100% prevented but taking the proper precautions will prevent possible headaches in the future.

How does it affect your business?

With cyber security, it is often a case of better safe than sorry with companies relying on luck to not be caught out. It is easy to feel immune to the website breaches that hit the news as they affect large companies who are obvious targets. What is not often reported on is the damage that occurs to a business after data infractions.

Cyber security violations weaken client trust, company perception, and cause a loss of revenue. For the amount of time it takes to rebuild the client trust and company reputation, it would have been easier to take a strategic position on keeping your website secure. After news of the TalkTalk hack had been announced, the company’s share prices dropped by 10% on the London stock exchange. It is often easier for larger companies to absorb loss of revenue, whereas for small businesses it can be debilitating.

What can you do about it?

While the technical aspects of cyber security are important, the social side of cyber security is often an afterthought. There are several actions your company can take doing today to strengthen the security of your website, both technically and socially. Here are some actions to take that don’t require technical expertise:

• Keep security in mind when writing your website terms and conditions. This helps to build customer trust if they know their data is stored securely both in a technical sense as well in adherence with data protection laws. Letting the user know what their data will and will not be used for is also important.
• Update and use strong passwords. Try to use individual accounts where possible and use passwords unique to each account. Don’t give out account details unless it’s necessary.
• Use different passwords for all services – if cybercriminals gain access to one account and the details are the same as another account, they may be able to access other accounts with those details.
• Restrict staff access to accounts on an as-needed basis. The fewer people with access to the accounts, the less likely login information will be compromised.
• Educate your staff on web security and set up appropriate policies for staff use of computers and social media.
• Beware of links in emails, particularly ones that look suspect. The same rule in real life applies to the digital realm, if it looks suspicious it probably is.
• Don’t publish or give out confidential information, either over the phone, by email or face to face.

Next Steps

Cyber security is an often important but overlooked aspect of websites and businesses but is as important as any physical security measures a business might take.

Cargo wants to help you take a proactive stance with the technical aspects of your website security.

If you are ready to take the next step in keeping your website secure, we would be happy to discuss this with you.