Over the past few years, super brands including LinkedIn, AOL and Ebay have all been victims of huge data breaches, while others like Google and Microsoft have suffered domain hackings. Clearly, the threat from online attackers is present - and growing. This poses the question: if these massive brands cannot protect themselves from hacks, do smaller companies even stand a chance? And how do these hacks impact the reputation and image of businesses?
The business of hacking
Big data has been one of the most important technical evolutions of the past decade, but has also opened up so many more organisations up to much bigger hacks. It’s no longer enough to have a strong password, or multiple security questions in place - hackers have gradually become more advanced than ever. Data breaches and hacks have become big business for cyber criminals in recent years, with it being reported last year that cyber attacks cost British industry £34bn each year. McAfee has also reported that there are around 2,000 cyber attacks in the world every single day – no small feat.
Reputational risks
The most obvious and discussed damage of cyber crime is economic, but there is another thing it can have a hugely detrimental impact on – a business’ reputation. If your site is hacked and it becomes public knowledge, consumers could lose trust in it – particularly if it’s a site which might hold their personal details, such as a retailer or online bank. In 2015, fraud prevention company, Semafone, conducted a survey of 2000 people, in which 86% of them revealed that they were unlikely to do business with an organisation that had suffered a data breach involving card details.
A blacklisting blow
One of the key reputational risks associated with breaches can occur if your site is blacklisted from Google due to hacking. Hackers are increasingly tapping into sites and installing malicious code and malware in order to take control of a website, which often results in Google blacklisting it – and with this your site is propelled down the SERPs (search engine results pages). Bad for SEO and all those valuable links you’ve built back to the site over the years, not to mention the fact that Google will tell anyone that lands on your site to stay away as it could be compromised. You can deal with a blacklisting with some help from Google, but it might be best to consult the experts to ensure your site doesn’t run into any further issues.
Responding appropriately
Another risk – and sometimes opportunity - is how you deal publicly with the attack. How you communicate in the hours and days following a hack is crucial. It’s a legal requirement that businesses must notify customers of data breaches involving personal information, so there’s no hiding. You want to start building up customer confidence from the outset, so make sure you keep communication open and transparent, and update customers regularly. And it’s worth considering that there will often be a variety of people you’ll need to interact with, and possibly adapt your response in accordance - organisational stakeholders, external stakeholders, customers, vendors, and regulators, might be just some of these people. And during high-pressure times, with little time to spare, the stakes are high – every word is crucial.
Proper preparation
It’s safe to say that most business, large or small, can assume that it’s very possible that they could be victim of a breach at some point, so a bit of forward planning won’t hurt. You’d be wise to have a rehearsed response to a data breach ready, that can be modified depending on the situation. Often, how a breach is dealt with in the hours and days following it can have more damage on a company than the breach itself. It’s easy to get lost in resolving the actual breach, and whilst you will have experts on hand dealing with the behind-the-scenes issues and securing data after the breach, you need to consider having a specific person or team on hand to respond to any queries. Communicate calmly, efficiently and with transparency. This will become increasingly important in a world where customers are less loyal to brands, and have more choice than ever around who supplys their services and who they buy products from.
Building a brand up following an attack
Not all is lost following a cyber attack, particularly if the correct communication is deployed, as discussed above. It’s also important to recognise that brands can also begin gaining trust again in the weeks and months following an attack, by trying to win public confidence back. Whether that’s by introducing new security measures and letting customers know how this will mean their data is now better protected, or even undertaking trust building activities completely separate from the attack, such as working on new marketing and communication campaigns designed to strengthen customer relationships.
How to prevent an attack
While it’s worth preparing a strategy to follow an attack, there are also a number of deterrent tactics you can put in place to stop - or at least deter – hackers.
Consider the dangers of linking up social accounts
Whilst simple, phishing remains one of the most common forms of hacking. Here, fraudsters send an email directly to you posing as a company and asking for you to update information such as passwords, or credit card details. This is also a commonly used technique to attack social media accounts, so if you’re a business or brand with a big social following you might be targeted.
Marketers will know better than anyone that the process of linking social accounts is tempting, as it makes content posting much more streamlined – but hackers know that this also means they can easily access all of your accounts at once, meaning they’re able to control your entire brand messaging very quickly. It’s therefore important to keep them separate and ensure different passwords and security answers are used on each.
Multi-factor authentication is your friend
Multi-factor authentication (MFA) is a method which only grants users access to a system after they effectively present several separate pieces of evidence to an authentication mechanism. It was created as a result of the initial issues associated with a simple identification and password system, and the fact that the database behind this could easily be seized by an attacker, and passwords guessed easily.
MFA eradicated this issue by requiring more authentication than just a password, in different categories – the most common of which are usually described as something you are, something you have, and something you know. Using this method to secure your databases and systems is much more effective and is gradually becoming even more secure, as more and more elements are introduced.
Be careful who you share information with
It sounds obvious, but it’s important to remember that attacks don’t always come from outside of an organisation – as software company SAGE’s latest breach which came from an employee proves. It’s much easier for an internal personal to access the data needed to hack your systems, so always be careful who in an organisation passwords are shared with – and ensure the smallest number of people possible have access to them.
An ever-present threat
Ultimately, the threat of hacking isn’t going to go away – if anything, it will only get worse as hackers become more advanced and more products and services move online. However, those businesses that take steps to protect their systems; educate their employees on the threats of cybercrime and how to avoid them; and know how to react in an appropriate manner following a hack, will be most safeguarded.
By Daniel Foster, technical director at 34SP.com
Want to keep up with the latest ideas in digital marketing? Free conference and exhibition Integrated Live is the place to be.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
comments powered by Disqus