Why a website hack is more than just a technical issue
When considering the security levels of a website, it’s important to consider the impact of a website hack on the business, brand image and reputation. As you will see, this can be more damaging and far-reaching.
Let’s start with the obvious – a website hack is frustrating, time consuming and costly in terms of the time to resolve the fix on the website and repel the intruders, reinstate the site before the intrusion and apply further security procedures and measures to prevent it happening again.
We’ll also dispel a myth – it’s not possible to make a website completely hacker proof. Anyone who tells you so is both naive and ill-informed. What is possible is to ensure that processes are applied to a website to make it as secure as possible, while offsetting that against the effect on usability and admin functions.
We all want websites to hold our details, remember us when we visit regularly and enable things like fast checkouts, access to booking details or (for the website owner) a standard admin area where it is possible to amend the content or add news. It’s only right and natural. However, the cost of that increased functionality and convenience is that a website built with these functions will be inherently more vulnerable to that of a site without these functions – and that makes it more of a target to would-be hackers.
There’s no denying that there are some technological challenges that need to be faced when creating a website to make is as secure as possible, but we’ll explain why they are worth the effort.
The longer lasting impact
Each year, businesses and brands spend millions – billions, even – on marketing their products and services. The primary destination for most business marketing is to drive its customers to a website for more information or to make the purchase.
This means the larger, more impactful aspect of the hack is how it will affect the business in terms of both the negative user experience and the business or brand’s reputation in the long term.
I’m talking about things like:
- If the website is hacked (or has been), the impression made on the customer is that they can’t trust the site (and therefore the business) because it may compromise their own personal details, such as their credit card information. A compromised website could also deliver a virus to the user’s computer and both data on those devices be compromised and, as seen in recent Wannacry attacks, the contents of the device locked unless the user pays a fine to release it.
A business or brand that has a website where this has happened will be seen as insecure and untrustworthy; it’s bad for customers, bad for investors.
- Damage to future business – for every minute a site is offline due to a hack or security breach, future sales are affected. That has a knock-on effect on investment in new products, prices on the high street, the brand’s reputation and therefore confidence in the market.
All of this affects the website and brand where the infection occurs.
- The other way that a hack can affect a business or brand website is sheer loss of sales while it’s being fixed and made safe. There are a lot of websites where the daily sales run into the millions – whether directly on the page or indirectly from enquiries and general brand promotion/awareness.
It can take a long time to gain the reputation and trust back from a userbase when a hack has occurred. Not just because of the technical problems and risk of data loss, but through the negative press and experience the brand receives. Here are a couple of examples:
The big brand
At one end of the scale, let’s take a famous phone manufacturer (the one with a bit of fruit as a logo). Just imagine if that website got hacked. While difficult to comprehend, it’s still very possible. They (the bit of fruit people) spend billions in marketing around the world. If the website got hacked, hundreds of millions of user details would be compromised.
The trickle-down effect could be that when they then decide to launch a new device, you’d think twice about buying it because it may have taken you quite some time to sort out the impact of your own data loss after the hack. Multiply that across hundreds of millions of users. That means the manufacturer may not get the sales they expected, which means they may not generate enough income to launch the exciting new product that are developing. It may even get cancelled.
The other, more typical example
Imagine a local business website. Let’s say it’s a website for a local kitchen design and fitting company. That website will be one of the main lead generation tools for that local business. Although a lot of businesses won’t be able to track exactly how much income they derive from the website, nevertheless the loss of it and the negative effect of a hack will affect that business greatly. A good, local reputation is hard to get and maintain, but can be lost in an instant if the next possible big customer arrives at the website only to see it defaced. They’ll move on and not return. Additionally, Google and the other search engines will also flag up the website as being compromised and it can take a very long time and effort to get that removed from the search listing page.
While it is impossible to make a website 100% secure, it’s important to make sure due consideration is given when deciding on the security level of the website when building it – as I have demonstrated, the negative impact of a hacked website is not limited to just reinstalling the site from the backup.