Some things are obvious. You lock your car when you head into the office. You lock your business when you head home. You don’t give the general public unsupervised access to your files, accounts, or products.
Good policies? Absolutely.
When extending these to your company website though, it gets a bit more complicated. The nature of the crime is different, the ability to spot it is different, and the consequences can be far more severe.
The Nature of Cybercrime
If someone breaks into your warehouse, you’ll know it. There will be a damaged lock or door, and goods will be missing. There might even be malicious damage to property.
Cybercrime is different. There are instances when the criminal will be very obvious, but others when you won’t even know you’ve been breached for years to come… or ever.
You’ve probably heard of businesses turning on computers in the morning only to find that they have been infected by ransomware. These programs are set up to delete (or publicise) data at a certain time unless money is sent to an account provided. Often the amount demanded increases hour by hour. Many companies pay the demanded money immediately, as the potential loss to business finances and customer trust would be devastating.
There is another type of cybercrime, however, and it is on the increase at an even faster rate. This type of crime depends on secrecy – not only during the criminal act, but for as long as possible afterwards.
The object of these attacks is to gather as much customer information as possible, without having been detected. The data is then sold for various reasons. Some is used for corporate espionage and trading advantages, but far more often it is the identities of the customers that is the most valuable commodity.
By ‘identities,’ I mean not only the names, but the personal data that come along with them. If a criminal can get a genuine name, coupled with personal information such as passwords, identification numbers, birth date, banking information, and a whole host of other seemingly-mundane bits of data, then that criminal has something valuable to sell. The longer they can use those identities in secret, the more valuable the data become.
It is estimated that most stolen data is not used for two to five years after a breach has occurred. If the breach is undetected or unreported, your customers might be victimised without even knowing – for years. If it comes out later that the breach occurred through your company, the company you’ve spend years building and growing, the consequences can be devastating to you as well.
Small Fish versus Big Fish
Some small businesses fall into the error of thinking that they are too small to be a target. In reality, small companies tend to have more breaches in their online systems, and are less likely to detect breaches, so they are a rich mine for ill-intended hackers.
Likewise, it isn’t the wealthy or famous customer these identity thieves are after. The most valuable identities belong to people who are less active in finance, and who own fewer belongings. The data (identities) of children, for example, are far more valuable than the data (identities) of millionaires or billionaires. The criminal will have years to build and exploit illegal use of those less visible identities before detection.
Loss of Reputation and Revenue
Of course none of us wants to be the reason someone else is victimised, or to be the connecter between a criminal and a victim. It would feel bad, and trigger intense empathy. Leaving that aside though, and looking at things from a purely business-centric point of view, there are other consequences that damage the company and create a victim of it, too.
If a car becomes known for exploding on impact, people will stop buying it. If someone tampers with a certain medication and people become sick, or die from it, people stop trusting it. If an executive embezzles and customers lose their life savings, whole companies can buckle.
If we don’t trust a company, we will go elsewhere.
The loss of reputation and trust incurred in the aftermath of a cybercrime can cost you more than an empathy-driven sleepless night or two; it can mean the loss of your business entirely.
This is one of those things that many Internet users have seen, but relatively few understand. What is an SSL certificate, and why should your company have one?
What is an SSL Certificate?
An SSL (Secure Socket Layer) certificate is really just a small file that activates a secure link between your site, and each user. It works by encrypting the information that flows to and from your site, making it extremely difficult to understand the information passed between you, even if it is intercepted in some way.
There are three levels of SSL certificates, and the one you need depends on your business. Your provider or tech advisor can help you determine which one to get.
Why do you need an SSL Certificate?
Not only is this a very real kind of protection for you, your company and your customers, it also sends out a clear signal that you take security seriously. Some browsers warn users away from sites without a secure connection, or with improperly-configured SSL certificates. If you want to ensure the free flow of customers to your site, and to let them know it is a safe place to do business, then an SSL certificate is a must. They increase your customers’ confidence in you, and discourage would-be thieves from hacking your system. Not to mention the SEO penalty you will face if you don’t have an SSL certificate installed, which is obviously no good when it comes to SEO for your small business.
The User as a System Component
Most people accept that cybercrime is a problem. Diligent business owners will even take steps and spend money to ensure that their online presence and interactions are protected against criminals to the best of their ability and resources. There is, however, one aspect of site security that is often overlooked, and undertrained: the user.
It’s best to think of your employees as extensions of your online presence. The ability for a criminal to contact your employees can act as a way past your firewalls and even the best efforts at making your system secure can break down if your employees don’t know safe practices in using it.
To keep the hardware and software components from presenting a breach opportunity, make sure all software (applications and security software) is fully up to date. Turn systems off when they don’t need to be on, and maintain regular backups of all data. Monthly or quarterly is often recommended.
Most of the employee precautions are simple – if you take the time to train your personnel.
- Don’t open emails that appear to be spam
- Don’t download anything that you don’t recognise or expect
- Don’t sign in to anything directly through an email link
- Use a strong password
- Change your passwords every two to three months
The Team in White Hats
The community of cyber criminals is highly motivated, active and constantly adapting to get around new security measures. The global nature and reach of online connectivity means that jurisdiction over and suppression of these crimes is difficult in many cases, and currently impossible in others. It’s the wild west out there, and the best way to keep the guys in black hats away is to maintain your own team of good guys.
You may not be an expert in keeping your system secure, but the combination of diligence and preparation, with the expertise of your tech provider and online security products, can form the wall that keeps you and your customers from being victims.
A criminal who faces these defence measures may simply move on to easier targets – and your efforts will be successful.
So, is your business website secure?
Hopefully that explains the importance of website security.
Got a question? Comment below.