Most websites, whether owned by an individual, an organisation or a business, are never security tested. Many see it as an irrelevant or unjustified expense, citing the fact that it’s mainly static content, there’s no sensitive information held on the site, it doesn’t accept financial transactions, etc., so there’s no point in potentially expensive web site security testing, as the business or organisation can’t be affected by insecurities.
Well, to put it simply, this is not true!
Whilst your website might not contain sensitive information, might not accept any financial or personal transactions, and may be purely static content, you are still putting your clients and website visitors at risk.
Cyber criminals, of which there are many, are not necessarily interested in gaining access to your business and its information – although you are always a likely target – but they ARE after your customers. They want access to their computers and their details and they can use the vulnerabilities in your website to get that access.
More and more often, we are seeing ordinary websites used to load malicious software onto the computers of unsuspecting victims.
Cyber criminals are scanning the internet, looking for any websites which are insecure and are loading them with malicious software (called ‘malware’). This in turn is then passed on to the computers of every visitor to your site in what is known as a “drive by attack”, exposing them to all kinds of issues such as identity theft, bank account skimming and credit card fraud.
So whilst your organisation may not be affected directly by your website security problems, there is a huge amount of damage that can be inflicted on your customers and passing visitors, for which you are at least partly to blame.
This has now reached a point in the US where victims of such incidents are taking the website owners to court for compensation. And whilst this may not be likely to happen in the UK or elsewhere, there is certainly the potential for it, particularly where an incident can be traced back to a specific website.
If every person who merely looked at your premises was in danger of some injury, you would rightly take steps to prevent it. So why wouldn’t you take such a course of action in the virtual world of the internet, where such damage can be just as serious?
Websites need to be more than just pretty, functional and great for marketing. They need to be secure to protect your business interests, your clients and your website visitors.