IT professionals would be the first to note that no website is 100 percent secure, but that fact does not insulate vendors from the fallout from such an attack. TechInsurance issued guidelines to help network admins, web hosting companies, and site developers effectively communicate and protect themselves if and when these hacks occur.
"A small business's website is at least as important as its storefront, often regardless of the product or service the business is selling," said Ted Devine, CEO of TechInsurance. "Because IT professionals tend to be far more tech-savvy than their clients, they are frequently the first, last, and only line of defense against attacks that can sideline a business for weeks."
Unfortunately, as Devine noted, that role can translate to liability if and when an attack occurs. "Though the hacker is directly liable, the network admin, webmaster, or developer can be held responsible for lost sales and costs because they failed to prevent an attack," Devine added.
To reduce that liability and prevent Errors & Omissions lawsuits, TechInsurance recommends that IT professionals take the following precautions:
1. Educate clients about site security. Including basic instructions for how clients can keep their site secure with strong passwords, antivirus software, security patches, Google's webmaster tools, and caution with third-party content providers can greatly reduce the likelihood of a hacking incident. Clients without a technical background are often intimidated by online security or unaware that they can play an active role in protecting their sites.
2. Update contract language to reduce liability. For those involved in building, hosting, or granting permissions to client websites, contracts should explicitly outline how liability for hacks will be handled. While contracts can be overturned in court, strong language can improve the odds that a defendant won't be found liable for E&O damages.
3. Offer security monitoring. IT professionals who do not already offer security-monitoring services should consider adding them. Doing so can provide an additional source of revenue, boost client confidence, and prevent the big headaches of addressing hacking incidents after they've caused significant damage to a site.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.