With the upcoming cybersecurity requirements by the NFA and nearly every regulatory body overseeing financial service industry participants, it’s important to not only comply with cybersecurity regulations but to use this as an opportunity protect your business’ website.
Many businesses believe their website isn’t important enough to require website security for the following reasons:
- My company is too small
- My website doesn’t store sensitive client information
- My website is not that important to their business
Hackers don’t discriminate by business size, may or may not target your client information directly, and will damage your brand reputation. Here are reasons why hackers hack websites:
1. Vandalism and activism
By switching out your home page with messages supporting questionable organizations such as hacker or terrorist groups, hackers are able to spread their message on your website.
2. To host illegal or objectionable content
Media such as photos, video, or audio are stored on your website providing hackers with free illegal storage.
3. Improve search engine rankings
Hackers hide links and keywords hidden inside HTML that can only be seen in the code or website scan to boost visibility and rankings of other websites in search engines.
4. Send mass spam emails
Most websites have the ability to send email. Hackers leverage servers to send mass emails for fraudulent or illicit offers.
5. Steal customer information
The type of attack most people think of when they hear hacking. This is the theft of customer data from a website ranging from names and email addresses to more sensitive data.
6. Run scams
When a website is hacked to sell fake goods such as video game codes, software, pharmaceuticals, etc. by replacing webpages on your website and sending purchasers to your website to enter credit card info.
7. Attack other websites
Code is stored on your web server and used to attack on other websites ranging from spam to denial of service (DDOS) attacks.
8. Spread malware and viruses
Your website is infected with malware or viruses that are passed on to website visitors. This can range from spying programs to adware.
Hackers often employ botnets, an army of servers that search the internet for websites and servers with specific weaknesses it can exploit. Unless an attack is personal or specific, the majority of attacks are performed by robots to carry out a hackers wishes. These botnets attack websites of all sizes and don’t discriminate.
Once a website is hacked it can be very difficult to restore it to its original state. Websites without backup can be hacked without repair. While a denial of service attack can make it hard to even get your website to load as it is constantly flooded with traffic, and websites that have been hacked or are sending out malicious traffic can be blocked and even banned from Google.
How to Prevent Having Your Website from Getting Hacked
While there is no way to completely protect a website from being hacked, protections can be implemented at very reasonable costs. Also make sure your web developer has properly secured, configured and maintains the web server it is hosted on, and that the website itself has the proper security applications installed. This includes keeping the Content Management System such as WordPress current with the latest updates.
My company, Gate 39 Media, specializes in working with financial services firms and we recently released a Website Cybersecurity Checklist for firms of all sizes which you can download and use as a check list of tips on securing your website.
By following the tips above and taking the precautions in our checklist, you’ll likely be in compliance with the cybersecurity requirements for your website and have the comfort that your website is protected.
Shane Stiles is President of Gate 39 Media, a financial services marketing firm providing online marketing and application development for financial services across futures, equities, alternative investments and insurance.
Follow Shane on Twitter at https://twitter.com/shanestiles