In an unprecedented way law firms are now targets of fraud, theft of confidential information and cyber vandalism. Your law firm website is your number one online marketing asset. Its job is to attract visitors, provide useful engaging content, and ultimately turn those visitors into clients. As your website is often the first chance you will have to impress and convince a would-be client to do business with your firm, its functionality and security is paramount.
Having your website hacked can have a devastating impact on your law firm, jeopardising your good reputation and crushing your marketing efforts. A hacked website can result in:
- compromised user safety, which negatively impacts search engine rankings and causes visitors to lose trust in your law firm;
- sabotaging marketing campaigns by redirecting visitors to other websites;
- being labelled ‘insecure’ by Google, thereby discouraging visitors to share information or make online enquiries;
- enabling hackers to access information posing significant data breach threats;
- business interruption, loss of income and remediation costs.
The above list really only scratches the surface of the gravity of being hacked, which we will discuss in more depth in a future article. In the meantime, let’s take a step back to investigate why a hacker would attack your website in the first place.
First, some statistics
WebARX recently published an article Website Hacking Statistics of 2020, quoting some alarming statistics gathered from a range of sources.
- “Cybercrime is the greatest threat to every company in the world.” (IBM’s chairman, president and CEO).
- On average, an attack on the web occurs every 39 secondswith non-secure usernames and passwords providing attackers even more chance of success – many of these attacks may be logged and circumvented by firewall. (Security Magazine)
- An average of 30,000 new websites are hacked each day. (Forbes)
- Research conducted this year shows that 79% of Australian legal professionals are concerned about cyber security but only 21% are confident that their firm could handle a cyber attack. (GlobalX)
Why do law firm websites get hacked?
Don’t take it personally
Despite feeling an understandable sense of personal violation from having your website hacked, the motive of the perpetrator is generally not personal. Most websites are hacked indiscriminately, meaning that the hacker does not care who the site belongs to or the nature of its content. And while it’s true that some hackers are rebellious amateurs testing their hacking skills ‘just for fun’ or for the perceived power of breaching a website to the detriment and vulnerability of its owner, the prime motivation for most hackers is to make money in one way or another.
Many of these hacked sites are small business websites containing software such as plugins and themes used on a WordPress website. Hackers use automated tools (bots) to scan the internet targeting websites with known vulnerabilities, specific to these software applications. A successful hack results in the hacker taking control of the website which can be manipulated in a number of ways, sabotaging the site and causing various degrees of damage to the business.
Stealing personal data to sell on the dark web
Many websites contain sensitive personal data, a ‘commodity’ that can be sold on the dark web. Depending on the nature and depth of personal details retrieved from the compromised site, this could be used for identity theft or email addresses sold for phishing campaigns. Phishing occurs when fake emails are sent by a supposed trustworthy entity in an attempt to capture sensitive information like login credentials. You may have come across this in the form of an email from a purported organisation such as PayPal urging you to login to update your details before your account is suspended.
Hackers can reap the benefits of your search engine optimisation efforts and damage your website reputation through SEO spam. By installing a ‘backdoor’ into your website, hackers can remotely gain control of the keywords and content you have strategically and tirelessly worked on to enhance your SEO rankings and drive traffic to your site. The hacker is able to redirect traffic from your site to theirs – usually a shady site selling illegal products or services. The obvious repercussions for the victim are the loss of trust from visitors as they are redirected from the original site to a scam site, and the consequential drop in SEO ranking.
Ransomware occurs when a hacker ‘hijacks’ a website through phishing or malware and demands a ransom for the return of the site or restoration of encrypted files. Once the hacker gains access, the encrypting of files can begin after which the hacker threatens to retain the site until the requested amount is paid to unencrypt the files and relinquish control of the site. The website owner suffers significant loss not only with respect to the ransom amount (if it is in fact paid), but the resultant downtime which can be several days.
Malware comprises pieces of code that infect your website like a virus and enable malicious changes to the site. Regular scans for malware are essential to ensure it is detected promptly and your site cleaned as soon as possible. Even after Malware is removed, a website may be reinfected after a hacker leaves behind a backdoor.
Protecting your biggest marketing asset
With website hacking on the rise and the process now almost fully automated, it is essential to protect your website from potential hackers.
Adding security logging, installing software only from trusted sources, and performing regular website maintenance all form part of an essential website security strategy.
Professionally managed hosting services provide extra layers of security and can enhance the overall technical performance of your website.
We place considerable importance on a firm’s website hosting, maintenance and security which are ever increasing issues for all law firms. The ongoing security, speed and optimum performance of the websites we build and maintain, collectively impact on your firm’s reputation, ability to attract clients online and the value that is provided by your website.
A professionally managed solution gives you peace of mind, and upgrading your hosting can be instigated with one phone call. If you want to know more contact us on 04077 018 109 or email me..