“It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently” – Warren Buffet
Reputation is an important asset for any business, regardless of size. Reputation indicates trust in your business, the chance that your customers will act as brand advocates and help spread the word about your excellent services. Reputation is a key factor in growing your brand and therefore your business.
In the digital space, building brand awareness and reputation is usually about the business’s website and social media strategy. But the use of digital can just as quickly crush a business’s reputation as it can build it up. But what can go wrong, break that trust and ruin that reputation? Poor data security and poor online hygiene, that’s what.
Poor website security could mean:
- your website is hacked. If this happens it could be deleted and/or replaced with alternative content such as pornography, illegal drug sales, phishing content (to lure unsupsecting email users to hand over login credentials or security and billing information)
- your website is hacked and replaced with malware. If this happens, you’re likely to be blacklisted by Google and removed from their search results; plus visitors to your site might see a browser warning that your site could harm their computer
And even if you recover from the hack and rebuild your site
- can you be completely sure that there’s nothing lurking behind the scenes of your website software that could re-activate the infection or leave a backdoor open to hackers again?
- how long will it be before Google accepts that your site is free from malware? It could be weeks before Google stops giving malware warnings against your site, even if you’ve thoroughly cleaned it
- there’s a good chance that your site builds up a long list of bad backlinks. Backlinks to your site from other websites is usually good, particularly for SEO, but if the sites are linking to your site for the wrong reasons (e.g. the pornography or online drug sales) it will harm your website’s search engine ranking and totally mess up your analytics – are people hitting your site for the right reason?
- what will your customers be thinking about continuing to be a customer? Can they still trust you? If your website got hacked, what other insecurity exists within your organisation? Is their billing data secure in your customer database? Could their email addresses be leaked and used for spam campaigns or brute force attacks on well know internet services (Facebook, Twitter, Google, Gmail, Hotmail, Amazon, etc.)?
Managing the risk:
- make sure you use sensible passwords and turn on two-factor authentication where possible
- keep your web software up to date and immediately update if a security vulnerability has just been patched – make sure automatic security updates are turned on where practical to do so, or make sure you get email alerts so you know when your site needs updating
- take regular off-site back ups
- consider using a malware scanner, firewall and security software for your website. If you run a WordPress website you can use plugins like Wordfence and Sucuri to do just that – they’ll even email you when something odd has happened to your website and notify you of updates needed to your website, plus they can protect your site from hack attempts
Your social media
There are even security risks from using social media:
- computer malware and viruses can be spread by shared content on social media channels. Clicking on a link or downloading an attachment could infect your computer with malicious code
- you or your employees could be giving away information about your business just by posting to social media. For example, if you post that you’re enjoying an event, is that telling an opportunistic burglar that your office is empty right now? If you’re posting how great it is to be working with another business, are you opening yourself up to invoice fraud? Are you inadvertently giving away personal information that could be useful for social engineering or brute force attacks of your passwords?
- could you or your colleagues be cutting and pasting confidential business information into the wrong browser or app window and posting sensitive commercial data to social media by accident?
Managing the risk:
- make sure you have a social media policy in place which sets out what you use your social media channels for so that all your employees are clear on their responsibilities and expectations. A social media policy can also help manage your expectations on the personal use of social media by your employees during working hours. Any good HR advisor will be able to help you with this
- train your staff to understand the risks and what to look out for
Use of cloud based services
Cloud services and SaaS (software as a service) are great for providing digital infrastructure to your business whilst minimising cost, maintenance and managing scalability, but have you considered:
- how secure the cloud services are, that you’re using?
- are they accessed securely by your staff?
- are they compliant with data protection legislation and controls?
- are you sharing data with more employees or third parties than you need to?
Managing the risk:
- carry out due diligence on the services you use around encryption and password controls
- carry out regular due diligence on who you’re sharing cloud based data and systems with and make sure they adhere to your data security principles
- carry out regular data audits to make sure your business data is secure and you know exactly what data you have, where it is stored and whether or not you’re compliant with data protection law
- introduce password control policies, two-factor authentication and minimise the ways the data is accessible (e.g. via employee’s phones)
- carefully consider what services you use based on what kind of security they offer – Office 365’s OneDrive and Sharepoint tend to have better locked-down security access features by default than services like Dropbox for example
It’s not all doom and gloom
The benefits of using online services far outweighs the risks and by putting in place some sensible data security practices you can easily manage the risk and continue to grow your business’s reputation. Here’s my top 10 recommendations:
- Have a clear password policy across your business
- Implement two-factor login authentication (using a code sent to your mobile to complete login) wherever possible.
- Always make sure you’re running on the latest version of website software
- Install firewalls and security features where possible for your website
- Implement a company wide policy on the use of social media
- Carry out due diligence on the security of online (cloud based) services your using
- Carry out regular data security audits to identify threats to your data
- Carry out regular cyber-security training for your staff
- Look at taking out cyber-security insurance
- Make sure you’re compliant with data protection legislation (and that you’re up to date with the law, particularly when it’s changing)