You are legally responsible for your own website

blog-responsibility

Even if the management of your website is in the hands of someone else, you are always legally responsible yourself. What that means and how you can take preventive measures to avoid fines or even worse, you can read in this blog.

Who made the mistake?

Legal liability in case of a hack can raise quite some questions. Because if a customer of your webshop receives spam and sues you: who is responsible for the security vulnerability? Intuitively, you will call your website builder to confront them with the vulnerability ‘in the site they built’ ….. After all, if there is a vulnerability, he must not have done his job properly, right? The site builder, however, will answer you: where in the contract does it say that the site builder is responsible for the security? He doesn’t send invoices for that, does he? And perhaps further investigation will show that the fault lies with the hosting provider, because they have not updated the operating system or have left a port open. However, if you try to recover the damages from them, you will get no answer either. Where in the contract does it say that the provider must actively incur costs to guarantee security? And guarantee to what standard?

This is legal liability

Conclusion: the legal liability lies with you. But what exactly does that mean for you as a website owner? It means in any case that if something goes wrong and your website is hacked, the judge will always rule against you. The reasoning is as follows: you know that security is necessary, but if you cannot demonstrate that you have been actively working on it, you are also responsible for the consequences. Penalties may vary from a fine to perhaps even a prison sentence, if, for example, privacy-sensitive personal data are involved and the company has been genuinely negligent.

Prevention is easy

How can you prevent this? By at least making good agreements with the site builder and the hosting party. Establish that a scan will be performed that tests for security and use a reliable benchmark, such as PCI-DSS or ISO 27001. If you then give the builder and hosting party access to the errors detected and give them clearance to resolve them, you will be taking a big step towards guaranteeing security. This also means that you accept that the builder will incur costs to bring your website up to PCI level.

Use the scan from Trust Guard

And then the most important thing: what scan do you use? Do you let your builder perform his or her own scan? We think this is a bit like the butcher inspecting his own meat. Ideally, you should opt for Trust Guard, a complete security tool that gives you insight into the security status of your website in one convenient dashboard. You can put all the websites you want in Trust Guard, including several at once, and then you can also group them in an orderly fashion. For example, if you have several websites run by different builders, we recommend that you create a separate group for each builder. Subsequently, you only grant the individual builders the rights to the sites they have built, so that they can check the scan results of these sites themselves. The results are very easy to read and interpret, namely FAIL or PASS on various levels. It is therefore immediately clear whether additional measures are required.

Different standards

Trust Guard gives you the choice of different variants of security reports, because maybe today you need a PCI/DSS certificate for your credit cards, maybe tomorrow you want the scan results in an ISO27001 report and for GDPR you might want to download a GDPR report! In addition, you can also determine the frequency of scans yourself, daily, weekly, monthly or quarterly! And, not unimportantly: the Trust Guard dashboard is also accessible to your suppliers, such as site builders and hosting parties, so that you can jointly accept and fulfil legal liability. With Trust Guard, you are in control of the security of your website. One tool, a clear overview in which you can easily group and work together with your suppliers!  This is Trust Guard!

Want to learn more about Trust Guard?

Contact our Trust Guard team via trustguard@b2u.eu

Also read

Gaining customer trust through a check-out banner

To strengthen trust when your customer wants to place an order, Trust Guard now has a check-out banner available. Thanks to this banner, customers can immediately see that they can safely make an online purchase.

SSL management made easy

One of the first requirements against cybercriminals is the purchase of an SSL certificate for your website. Surfing without HTTPS in the domain name is not a good practice! With the Trust Guard Vulnerability Scan, you can now view and manage the status of your SSL certificates.

Security awareness: the importance of good information policy

The moment hackers at your organisation make off with privacy-sensitive data, the consequences are your responsibility - including legal ones. Yet cybersecurity within companies is still not as self-evident as a decent lock on the front door. And that while this topic deserves just as much attention.