13 February 2020

Online security – not just a data protection issue

While the majority of attacks on websites are by hackers looking to steal valuable personal data, there are a number of other reasons why it’s of crucial importance to maintain strong security on any website or web facing application. This is true even for websites that don’t hold any personal data.

1. Hacked websites can attack visitors

Once a website has been compromised by hackers, they can add malicious software that will run in the browser of every visitor to the site. The damage this software could do is extensive and includes (but is not limited to):

  • Redirecting traffic to other malicious websites
  • Infecting visitor’s computers with malware, including key loggers than can steal passwords, banking details, credit card numbers or other sensitive information
  • Hijacking visitor’s computer resources to mine cryptocurrency or send spam emails

2. Damage to reputation

Sometimes hackers aren’t looking to steal data or resources, they’re just looking to cause mischief or make a political statement by defacing the website of a well-known brand. While there is no loss of data, or threat to visitors, the damage to the website owner’s reputation and the trust placed in them by their members can be very serious. Particularly if the defacement is offensive or antithetical to the values of the company. Reputation and trust take a long time to build but can be destroyed in an instant.

3. Search engine ranking

Google (other search engines are available) periodically checks every website that it indexes for potential security issues and evidence that the site has been hacked. If it finds any issues it will penalise that website by removing it from its search results and adding it to a blacklist. This means that the website will not be found in Google searches, and any browsers that support this blacklist initiative (all the most popular ones) will show a big red warning screen to all visitors that try to access the website. Getting a site removed from the blacklist can be tricky, and requires proving to Google that you’ve fixed the issue and removed all traces of the attack. Blacklisted websites typically lose 95% of their visitors.

How do Concert ensure websites are secure?

All the websites and applications we build are built with security first and foremost. We follow the principles of security by design, the UK Government National Cyber Security Centre’s principles of secure development and deployment, as well as targeting the OWASP top ten web application security risks. This gives us a solid foundation to build secure web applications. To confirm all our applications are built to the required security standards, we insist our sites are independently penetration tested by third-party security experts. This ensures that we have successfully secured the applications, kept our clients’ data and their members’ data safe, and protected their reputations too.