SCMagazine reports that hotelhippo.com, a hotel reservation site, has shuttered after poor security led to a data breach.
Though the company was small and only 24 customers were affected, the data breach did irreparable damage to Hotel Hippo's reputation and ultimately caused the business to fail, providing an important example of why data security is crucial for small- and medium-sized businesses.
We're used to reading about data breaches at big businesses like Target, eBay, and other companies with millions of ecommerce customers. All the media attention they receive sometimes obscures the truth: data breaches affect small businesses, too. And when they do, they're devastating.
In fact, a breach at a small business can be even more damaging because smaller firms often don’t have the money to recover from the damages to their reputation. That's precisely what happened at Hotel Hippo – a business you've probably never heard of and never will hear about again.
Why Your Clients Underestimate Data Risks: Misunderstanding
The attack that brought down Hotel Hippo was one of the most common and most dangerous website attacks: a SQL injection. Many small businesses are under the mistaken impression that hackers are unlikely to target them because of their small size. If your clients think this, it's only because they don't understand how hacks like SQL injections occur.
Cyber criminals can use a process called "Google dorking" to search the web for sites that contain code that’s vulnerable to a SQL injection (or another cyber attack). Like anyone, when hackers want an answer, they can simply Google it. By searching for certain code, they get a list of websites that could be vulnerable. From there, hackers pick and choose their victims.
There are two things to take away from this sort of attack:
- Hacks are crimes of opportunity. Because hackers can use Google and other tools to scan the web for vulnerable targets, many of their crimes are simply the luck of the draw. Imagine that robbers could simply Google which houses had unlocked doors and no security system. That's basically what hackers can do.
- Small businesses are an easy target. Small-business websites can be appealing to hackers because their owners are less likely to notice an attack. Cyber crime comes in different sizes, just like other kinds of theft. There are master jewel thieves that pull off incredible heists, and then there are small-time petty thieves that perform smash-and-grab thefts. Cyber criminals often target small businesses simply because it's easy to do, and they can get away with it.
Avoid the Hippo's Hack Fate: Prepare Your Clients, Protect Your Self
IT consultants and developers often face this problem: clients don't take data security seriously and don't want to invest in it. Yet, when one of your clients is hacked, you can be held responsible for the breach.
After Hotel Hippo was hacked, the company had to pay for investigations, offer compensation to affected customers, upgrade and repair its site, and deal with major damages to its reputation. Add up all those costs and many small businesses simply won't be able to survive the cost of a data breach. Your customers need to understand that the monetary cost of a breach is often more than a small business can handle.
Because IT professionals can be sued for a data breach at a client's business, you can invest in Professional Liability Insurance (also called E&O Insurance), which pays for data breach lawsuits. For many IT companies, this coverage is a necessity. Many clients require you to have it before they even work with you.
If you need this coverage to sign a contract or insure your work, submit an online insurance application, and one of our IT insurance agents will send you a free, no-strings-attached insurance quote.