The Impacts of a Hacked Website
Today, with the proliferation of open-source technologies like WordPress, Joomla! and other Content Management Systems (CMS) people around the world are able to quickly establish a virtual presence with little to no cost. In the process however, a lot is being lost in terms of what it means to own a website.
We are failing each other, we are not setting ourselves up for success. We are learning the hard way, what large organizations already learned – being online is a responsibility and will eventually cost you something.
I recently shared a post talking to the motivations behind hacks. This post was important as it helped provide context and I encourage you to spend some time digesting the information. What it fails to do however, is what I want to focus on in this post.
What are the impacts of these hacks to your website? To your business?
The Effects of a Hacked Website
If you are a large organization, maybe you can quickly understand the impacts of a hack. Say you’re a Facebook? What would be the value for a hacker? I’d argue a couple of things come to mind quickly – you have what is known as Personal Identifiable Information (PII) – always a good thing, and you have the ability to abuse the largest network in the world and affect millions of users world wide. There are obviously a number of other motivations, but the point is the same. The objective[s] is clear and Facebook knows it, and so they invest heavily in its security. The impacts of such a breach could be devastating, think loss in ad revenue, loss in user adoption, etc… This is all common sense, right? It all just makes sense, but how does that translate to the rest of the online world? The 99% of us that don’t own Facebook like properties?
When I speak to website owners, there is often a common trend with the responses I get:
I don’t sell anything or store any information, my website is fine.
It’s just a basic little site, with static content.
This is not their fault, to a certain extent, they do have a point. When you think about it rationally, why would someone bother? Fortunately, in my last post I explained why they would. In those one though let’s talk about 4 potential impacts after a hack. Things you might be aware of, but honestly possibly things you haven’t given much thought to.
1. Be Mindful Of your Audience
Whether you write about puppies, or maybe have a website to provide your clients the assurances that you are real. Whatever the reason, something has driven you to publish something that you feel to be of some interest to someone, and you’re likely right.
In doing so, you have identified a potential audience, and as it is on the web, that audience will at some point find your website. Whether you are a local gym posting your gym hours, or maybe a local restaurant showing today’s specials. The subset of people that have found their way to your website expect and demand a safe experience, even if they’ve never uttered the words.
The easiest way to digest this point is to think of yourself. Think of the websites you might spend your days visiting. Now try to fathom your feelings if while visiting a website you lost your life savings. Try to think of what you would feel like if someone stole your identity.
Should we worry about giving your visitors a safe online experience?
2. Google Does Not Discriminate
Contrary to popular belief, Google does not discriminate. Even if you do not sell, you are likely trying to achieve something. If you’re not, then why are you online? Whether it’s establishing a voice, sharing an opinion, or having a presence. What you are almost always worried about is something known as Search Engine Optimization (SEO), more importantly how you rank on the Search Engine Result Pages (SERP).
Safe Browsing shows people more than 5 million warnings per day for all sorts of malicious sites and unwanted software, and discovers more than 50,000 malware sites and more than 90,000 phishing sites every month. – Google
What if I told you that you could lose all the hard work you put in to gain that SEO ranking in minutes? What if I told you that after a blacklist it could take you months to regain your position on these SERPs? What if I told you that a Google Blacklist has the potential to kill almost 95%, if not more, of the traffic to your website?
3. Something Known as Brand Reputation
Regardless of your business, you have a brand. Whether you realize it or not, and regardless of the size of your audience, trust is an important piece of the puzzle. Many take this for granted, but it’s critical to the success of many businesses.
It can take years to build, and minutes to lose. A hacked website is notorious for destroying trust. Whether its a data breach or a drive by download that infects the visitors desktop. The result of either action, or one of many more nefarious acts, will almost always lead to the same thing – a loss of trust in your brand.
Are you ok if your audience loses trust in your brand?
4. Hacks Cost You More Than Money
I think it’s human nature to think, “This is not meant for me” or “I’ll just deal with it when it happens.” I can tell you though, from years of doing this work and countless engagements with website owners, the cost of a hack is always more than you can ever imagine. The response I always get is the same, “If I only knew it would be this painful.”
As a species, we are risk adverse when it comes to gains, but risk seeking when it comes to loss… – Bruce Schneider
When I say cost, it’s important to note that it goes far beyond money, although that can be crippling as well.
No, instead I am talking about things you will likely never appreciate until you experience it. Things like the emotional toll of not knowing what just happened. Things like the hours you will spend arguing with hosting providers, developers, security professionals; if they would all just understand how important it is to get back online. Things like the fear that you missed something in the clean up process, which only becomes worse if you did and suffer repeated reinfections. Things like the new fear of being online at all, of technology as a whole. All this is exasperated by one simple thought, “Why didn’t I take precautions?”
As surreal as these sound, these are the real costs of a hack. The money is easy to account for, as a business you take that risk; the smaller a business, the more likely you are to take the risk, the larger you are, the more foolish it is to take the risk. It’s the non-monetary impact that catches everyone off guard.
Are you emotionally and mentally prepared for a hack? Is your business?
Accounting for Website Security Is Always a Challenge
When did running a business become so challenging? Trust me, I know the feeling. Everyday I ask myself the same thing. When will the expenses end? Purchase this tool, configure this feature, hire more people. It’s an endless cycle, yet a necessary one. As business owners it falls on our shoulders to make these decisions.
For me, there is nothing worse than getting caught with my pants down. This is exactly what I hear from our clients. No one ever told me I had to think about my websites security. No one ever told me this could impact my business.
I hope this post helps address those points. Leverage these insights to make a better decision. If you can honestly say that known of the four items mentioned above are of any value to your business, then I encourage you to continue with the status quo. If though, for whatever reason, they resonate, then maybe it’s a good time to start asking more engaging questions to your technical staff.
A question like, What do we do for the security of our website?
I’ll close the point with a note to Developers / Designers. Our clients depend on us as their trusted technologists, it’s on us to educate and communicate the realities of having an online presence. Let’s be sure to be doing our part by introducing realistic expectations during the initial engagement process: Yes, the website will require maintenance. Yes, security is something you will be responsible for. Yes, having a website is a responsibility.
– Your Trusted Security Team