We’ve all seen the headlines. “Yahoo confirms major breach — 500k accounts affected” … “JPMorgan Chase hacking affects 76 million households” … “Hackers selling 117 million LinkedIn passwords” … and the list goes on. Hackers are out there, scouring the web and looking for sensitive information they can use or sell for profit.
Even with these well-known companies being hacked, many site owners don’t take the steps to protect their own systems to thwart intruders. Many business owners may not consider the potential liabilities if a security breach does occur.
Every site is a target
There’s a common misconception that hackers only target sites with lots of traffic.
When it comes to WordPress sites, most hackers aren’t going to your login screen manually and trying different combinations of login credentials to get in. They are using automated software that can try out countless usernames with countless passwords on countless websites at a time.
And if your password isn’t all that secure or your security system doesn’t detect their intrusion attempt, they’ll work their way in.
Why would a hacker want to target a low-traffic site? Depending on their motivations, they could be using your server to send out spam, installing malware that infects your visitors, or scraping all the logins for use elsewhere.
Even if you have one visitor a day, hosting a site that installs malware on your visitors’ computer can be a big hit to your credibility.
Customer information comes with responsibility
Even if you only have a contact form on your website, protecting your customers’ information from getting into the wrong hands.
If you’re running an eCommerce site that processes credit card transactions and stores personal information about every customer, your obligation to secure the data is even higher.
Let’s consider the implications of what would happen if your site was hacked:
- If malware infected a visitor’s computer, you most likely lost the lead/sale — in other words, your business directly loses money
- A hacked site also may set you up for a lawsuit if a visitor needs to pay for malware-removal services as a result of visiting your site
- If customer information is stolen, you’ll need to notify the customers and tell them exactly what information was taken and how.
- Aside from the embarrassment, your company’s reputation will be tarnished as a result
- Many companies offer free credit monitoring services after they have been hacked – this can be very costly
- You will also need to pay a cybersecurity team to investigate the full scope of the breach and ensure the intruders are no longer in your systems
If your business is based out of California, you have a legal responsibility to notify your customers if their information is taken. I reached out to the Law Office of Sara B. Poster, who provided this insight:
“California has enacted a breach notification law that is set forth in Civil Code sections 1798.80-1798.84. In a nutshell, the law requires businesses to disclose data security breaches to California residents if an unauthorized person obtained, or is reasonably believed to have obtained, their unencrypted personal information. The notification must be provided as expeditiously as possible and without unreasonable delay.
Companies that do not properly secure personal information or provide the required notification risk being held liable in civil actions brought under these statutes. It is therefore important for businesses to consider encrypting all personal information, as well as implementing systems to effectively safeguard personal information.
Businesses should also have clearly-defined policies in compliance with the laws that outline how security breaches are to be handled.”
How to protect your site & your company
To thwart an attacker, regular security and maintenance on your website isn’t just recommended – it’s 100% necessary. As hackers find new ways into popular software like WordPress, your site needs regular patches and updates just like your computer.
If you’re running an eCommerce store on your site, the necessity for ongoing maintenance is even higher (yes, higher than 100%).
In addition, you may want to ask your insurance broker about Cyber Liability Insurance. Your regular liability insurance will probably not address web-related risks, according to Ed Rowin from Rowin Insurance.
This special kind of insurance can protect you from legal actions related to copyrights infringement or invasions of privacy.
We can help
Luminary provides consulting, development, and maintenance services for sorts of sites, including eCommerce sites on WooCommerce + WordPress. If you’d like for us to help build and maintain the safeguards for your site, drop us a line here.
None of this blog post constitutes legal advice. Questions about liability for your own website and company should be directed to a licensed attorney in your state.